From appro at openssl.org Mon Feb 2 14:29:31 2015 From: appro at openssl.org (Andy Polyakov) Date: Mon, 2 Feb 2015 15:29:31 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150202142931.F09051DF121@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via 79e028575541e8fb37fe4d0889c985b2db0b6011 (commit) from 8d5d455988d66048ec5b84756581bc3f6f2e55dd (commit) - Log ----------------------------------------------------------------- commit 79e028575541e8fb37fe4d0889c985b2db0b6011 Author: Andy Polyakov Date: Fri Jan 30 16:15:46 2015 +0100 cms-test.pl: "localize" /dev/null even further [as follow-up to VMS]. Reviewed-by: Rich Salz (cherry picked from commit 5da05a26f21e7c43a156b65b13a9bc968a6c78db) ----------------------------------------------------------------------- Summary of changes: test/cms-test.pl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/cms-test.pl b/test/cms-test.pl index 1c3f00d..51abeef 100644 --- a/test/cms-test.pl +++ b/test/cms-test.pl @@ -67,7 +67,7 @@ if ( $^O eq "VMS" && -f "OSSLX:openssl.exe" ) { # Make MSYS work elsif ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) { $ossl_path = "cmd /c ..\\apps\\openssl"; - $null_path = "/dev/null"; + $null_path = "NUL"; $failure_code = 256; } elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) { @@ -77,12 +77,12 @@ elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) { } elsif ( -f "..\\out32dll\\openssl.exe" ) { $ossl_path = "..\\out32dll\\openssl.exe"; - $null_path = "/dev/null"; + $null_path = "NUL"; $failure_code = 256; } elsif ( -f "..\\out32\\openssl.exe" ) { $ossl_path = "..\\out32\\openssl.exe"; - $null_path = "/dev/null"; + $null_path = "NUL"; $failure_code = 256; } else { From appro at openssl.org Mon Feb 2 14:29:31 2015 From: appro at openssl.org (Andy Polyakov) Date: Mon, 2 Feb 2015 15:29:31 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150202142932.1D8B31DF1AC@butler.localdomain> The branch master has been updated via 5da05a26f21e7c43a156b65b13a9bc968a6c78db (commit) from 1d4d68570b8d3f214da0df57c5a629ced9668161 (commit) - Log ----------------------------------------------------------------- commit 5da05a26f21e7c43a156b65b13a9bc968a6c78db Author: Andy Polyakov Date: Fri Jan 30 16:15:46 2015 +0100 cms-test.pl: "localize" /dev/null even further [as follow-up to VMS]. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: test/cms-test.pl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/cms-test.pl b/test/cms-test.pl index 1c3f00d..51abeef 100644 --- a/test/cms-test.pl +++ b/test/cms-test.pl @@ -67,7 +67,7 @@ if ( $^O eq "VMS" && -f "OSSLX:openssl.exe" ) { # Make MSYS work elsif ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) { $ossl_path = "cmd /c ..\\apps\\openssl"; - $null_path = "/dev/null"; + $null_path = "NUL"; $failure_code = 256; } elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) { @@ -77,12 +77,12 @@ elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) { } elsif ( -f "..\\out32dll\\openssl.exe" ) { $ossl_path = "..\\out32dll\\openssl.exe"; - $null_path = "/dev/null"; + $null_path = "NUL"; $failure_code = 256; } elsif ( -f "..\\out32\\openssl.exe" ) { $ossl_path = "..\\out32\\openssl.exe"; - $null_path = "/dev/null"; + $null_path = "NUL"; $failure_code = 256; } else { From rsalz at openssl.org Mon Feb 2 16:09:00 2015 From: rsalz at openssl.org (Rich Salz) Date: Mon, 2 Feb 2015 17:09:00 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150202160900.181871DF121@butler.localdomain> The branch master has been updated via 7aa0b022460e1a7bfdf5c70e8cd084d916bac012 (commit) from 5da05a26f21e7c43a156b65b13a9bc968a6c78db (commit) - Log ----------------------------------------------------------------- commit 7aa0b022460e1a7bfdf5c70e8cd084d916bac012 Author: Rich Salz Date: Mon Feb 2 11:08:16 2015 -0500 Dead code cleanup: crypto/*.c, x509v3, demos Some of the #if 0 code in demo's was kept, but given helpful #ifdef names, to show more sample code. Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: crypto/o_init.c | 3 - crypto/sparcv9cap.c | 131 -------------------------------------- crypto/x509v3/pcy_lib.c | 9 --- crypto/x509v3/pcy_tree.c | 51 +-------------- crypto/x509v3/v3_utl.c | 12 ---- demos/bio/server-arg.c | 2 +- demos/engines/rsaref/rsaref.c | 3 - demos/engines/zencod/hw_zencod.c | 2 +- demos/evp/aesgcm.c | 12 +--- demos/selfsign.c | 4 +- 10 files changed, 6 insertions(+), 223 deletions(-) diff --git a/crypto/o_init.c b/crypto/o_init.c index 2088388..b7b969b 100644 --- a/crypto/o_init.c +++ b/crypto/o_init.c @@ -77,7 +77,4 @@ void OPENSSL_init(void) FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free); RAND_init_fips(); #endif -#if 0 - fprintf(stderr, "Called OPENSSL_init\n"); -#endif } diff --git a/crypto/sparcv9cap.c b/crypto/sparcv9cap.c index 8bf2846..1731ef6 100644 --- a/crypto/sparcv9cap.c +++ b/crypto/sparcv9cap.c @@ -109,128 +109,6 @@ size_t OPENSSL_instrument_bus2(unsigned int *out, size_t cnt, size_t max) return 0; } -#if 0 && defined(__sun) && defined(__SVR4) -/* - * This code path is disabled, because of incompatibility of libdevinfo.so.1 - * and libmalloc.so.1 (see below for details) - */ -# include -# include -# include -# include - -typedef di_node_t(*di_init_t) (const char *, uint_t); -typedef void (*di_fini_t) (di_node_t); -typedef char *(*di_node_name_t) (di_node_t); -typedef int (*di_walk_node_t) (di_node_t, uint_t, di_node_name_t, - int (*)(di_node_t, di_node_name_t)); - -# define DLLINK(h,name) (name=(name##_t)dlsym((h),#name)) - -static int walk_nodename(di_node_t node, di_node_name_t di_node_name) -{ - char *name = (*di_node_name) (node); - - /* This is expected to catch all UltraSPARC flavors prior T1 */ - if (!strcmp(name, "SUNW,UltraSPARC") || - /* covers II,III,IV */ - !strncmp(name, "SUNW,UltraSPARC-I", 17)) { - OPENSSL_sparcv9cap_P[0] |= SPARCV9_PREFER_FPU | SPARCV9_VIS1; - - /* %tick is privileged only on UltraSPARC-I/II, but not IIe */ - if (name[14] != '\0' && name[17] != '\0' && name[18] != '\0') - OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED; - - return DI_WALK_TERMINATE; - } - /* This is expected to catch remaining UltraSPARCs, such as T1 */ - else if (!strncmp(name, "SUNW,UltraSPARC", 15)) { - OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED; - - return DI_WALK_TERMINATE; - } - - return DI_WALK_CONTINUE; -} - -void OPENSSL_cpuid_setup(void) -{ - void *h; - char *e, si[256]; - static int trigger = 0; - - if (trigger) - return; - trigger = 1; - - if ((e = getenv("OPENSSL_sparcv9cap"))) { - OPENSSL_sparcv9cap_P[0] = strtoul(e, NULL, 0); - return; - } - - if (sysinfo(SI_MACHINE, si, sizeof(si)) > 0) { - if (strcmp(si, "sun4v")) - /* FPU is preferred for all CPUs, but US-T1/2 */ - OPENSSL_sparcv9cap_P[0] |= SPARCV9_PREFER_FPU; - } - - if (sysinfo(SI_ISALIST, si, sizeof(si)) > 0) { - if (strstr(si, "+vis")) - OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS1 | SPARCV9_BLK; - if (strstr(si, "+vis2")) { - OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2; - OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED; - return; - } - } -# ifdef M_KEEP - /* - * Solaris libdevinfo.so.1 is effectively incomatible with - * libmalloc.so.1. Specifically, if application is linked with - * -lmalloc, it crashes upon startup with SIGSEGV in - * free(3LIBMALLOC) called by di_fini. Prior call to - * mallopt(M_KEEP,0) somehow helps... But not always... - */ - if ((h = dlopen(NULL, RTLD_LAZY))) { - union { - void *p; - int (*f) (int, int); - } sym; - if ((sym.p = dlsym(h, "mallopt"))) - (*sym.f) (M_KEEP, 0); - dlclose(h); - } -# endif - if ((h = dlopen("libdevinfo.so.1", RTLD_LAZY))) - do { - di_init_t di_init; - di_fini_t di_fini; - di_walk_node_t di_walk_node; - di_node_name_t di_node_name; - di_node_t root_node; - - if (!DLLINK(h, di_init)) - break; - if (!DLLINK(h, di_fini)) - break; - if (!DLLINK(h, di_walk_node)) - break; - if (!DLLINK(h, di_node_name)) - break; - - if ((root_node = (*di_init) ("/", DINFOSUBTREE)) != DI_NODE_NIL) { - (*di_walk_node) (root_node, DI_WALK_SIBFIRST, - di_node_name, walk_nodename); - (*di_fini) (root_node); - } - } while (0); - - if (h) - dlclose(h); -} - -#else - static sigjmp_buf common_jmp; static void common_handler(int sig) { @@ -307,13 +185,6 @@ void OPENSSL_cpuid_setup(void) _sparcv9_vis3_probe(); OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS3; } -# if 0 /* was planned at some point but never - * implemented in hardware */ - if (sigsetjmp(common_jmp, 1) == 0) { - (void)_sparcv9_random(); - OPENSSL_sparcv9cap_P[0] |= SPARCV9_RANDOM; - } -# endif /* * In wait for better solution _sparcv9_rdcfr is masked by @@ -342,5 +213,3 @@ void OPENSSL_cpuid_setup(void) } # endif } - -#endif diff --git a/crypto/x509v3/pcy_lib.c b/crypto/x509v3/pcy_lib.c index dbb2983..58ce8a0 100644 --- a/crypto/x509v3/pcy_lib.c +++ b/crypto/x509v3/pcy_lib.c @@ -140,15 +140,6 @@ const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node) return node->data->valid_policy; } -#if 0 -int X509_policy_node_get_critical(const X509_POLICY_NODE *node) -{ - if (node_critical(node)) - return 1; - return 0; -} -#endif - STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node) diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c index d4b550e..cc52fa2 100644 --- a/crypto/x509v3/pcy_tree.c +++ b/crypto/x509v3/pcy_tree.c @@ -156,14 +156,10 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, int explicit_policy; int any_skip; int map_skip; + *ptree = NULL; n = sk_X509_num(certs); -#if 0 - /* Disable policy mapping for now... */ - flags |= X509_V_FLAG_INHIBIT_MAP; -#endif - if (flags & X509_V_FLAG_EXPLICIT_POLICY) explicit_policy = 0; else @@ -340,19 +336,6 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr, for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++) { data = sk_X509_POLICY_DATA_value(cache->data, i); - /* - * If a node is mapped any it doesn't have a corresponding - * CertificatePolicies entry. However such an identical node would - * be created if anyPolicy matching is enabled because there would be - * no match with the parent valid_policy_set. So we create link - * because then it will have the mapping flags right and we can prune - * it later. - */ -#if 0 - if ((data->flags & POLICY_DATA_FLAG_MAPPED_ANY) - && !(curr->flags & X509_V_FLAG_INHIBIT_ANY)) - continue; -#endif /* Look for matching nodes in previous level */ if (!tree_link_matching_nodes(curr, data)) return 0; @@ -432,9 +415,6 @@ static int tree_link_any(X509_POLICY_LEVEL *curr, X509_POLICY_TREE *tree) { int i; - /* - * X509_POLICY_DATA *data; - */ X509_POLICY_NODE *node; X509_POLICY_LEVEL *last = curr - 1; @@ -443,35 +423,6 @@ static int tree_link_any(X509_POLICY_LEVEL *curr, if (!tree_link_unmatched(curr, cache, node, tree)) return 0; - -#if 0 - - /* - * Skip any node with any children: we only want unmathced nodes. - * Note: need something better for policy mapping because each node - * may have multiple children - */ - if (node->nchild) - continue; - - /* - * Create a new node with qualifiers from anyPolicy and id from - * unmatched node. - */ - data = policy_data_new(NULL, node->data->valid_policy, - node_critical(node)); - - if (data == NULL) - return 0; - /* Curr may not have anyPolicy */ - data->qualifier_set = cache->anyPolicy->qualifier_set; - data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; - if (!level_add_node(curr, data, node, tree)) { - policy_data_free(data); - return 0; - } -#endif - } /* Finally add link to anyPolicy */ if (last->anyPolicy) { diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index f65323b..1ad3999 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -307,9 +307,6 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) *p = 0; ntmp = strip_spaces(q); q = p + 1; -#if 0 - printf("%s\n", ntmp); -#endif if (!ntmp) { X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME); @@ -324,9 +321,6 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) state = HDR_NAME; *p = 0; vtmp = strip_spaces(q); -#if 0 - printf("%s\n", ntmp); -#endif if (!vtmp) { X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE); @@ -342,9 +336,6 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) if (state == HDR_VALUE) { vtmp = strip_spaces(q); -#if 0 - printf("%s=%s\n", ntmp, vtmp); -#endif if (!vtmp) { X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE); @@ -353,9 +344,6 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) X509V3_add_value(ntmp, vtmp, &values); } else { ntmp = strip_spaces(q); -#if 0 - printf("%s\n", ntmp); -#endif if (!ntmp) { X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME); goto err; diff --git a/demos/bio/server-arg.c b/demos/bio/server-arg.c index 1d0e1db..7ba54db 100644 --- a/demos/bio/server-arg.c +++ b/demos/bio/server-arg.c @@ -72,7 +72,7 @@ int main(int argc, char *argv[]) ERR_print_errors_fp(stderr); goto err; } -#if 0 +#ifdef ITERATE_CERTS /* * Demo of how to iterate over all certificates in an SSL_CTX structure. */ diff --git a/demos/engines/rsaref/rsaref.c b/demos/engines/rsaref/rsaref.c index b6429de..d5a6e6c 100644 --- a/demos/engines/rsaref/rsaref.c +++ b/demos/engines/rsaref/rsaref.c @@ -36,9 +36,6 @@ static const char *engine_rsaref_name = "RSAref engine support"; static int rsaref_destroy(ENGINE *e); static int rsaref_init(ENGINE *e); static int rsaref_finish(ENGINE *e); -#if 0 -static int rsaref_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) ()); -#endif /***************************************************************************** * Engine commands diff --git a/demos/engines/zencod/hw_zencod.c b/demos/engines/zencod/hw_zencod.c index 26ec3f6..1c76284 100644 --- a/demos/engines/zencod/hw_zencod.c +++ b/demos/engines/zencod/hw_zencod.c @@ -82,7 +82,7 @@ # define ZEN_LIBRARY "zenbridge" -# if 0 +# ifdef ZENCOD_TRACING # define PERROR(s) perror(s) # define CHEESE() fputs("## [ZenEngine] ## " __FUNCTION__ "\n", stderr) # else diff --git a/demos/evp/aesgcm.c b/demos/evp/aesgcm.c index 9159c5c..72028a0 100644 --- a/demos/evp/aesgcm.c +++ b/demos/evp/aesgcm.c @@ -85,13 +85,6 @@ void aes_gcm_decrypt(void) EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, sizeof(gcm_iv), NULL); /* Specify key and IV */ EVP_DecryptInit_ex(ctx, NULL, NULL, gcm_key, gcm_iv); -#if 0 - /* - * Set expected tag value. A restriction in OpenSSL 1.0.1c and earlier - * required the tag before any AAD or ciphertext - */ - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(gcm_tag), gcm_tag); -#endif /* Zero or more calls to specify any AAD */ EVP_DecryptUpdate(ctx, NULL, &outlen, gcm_aad, sizeof(gcm_aad)); /* Decrypt plaintext */ @@ -99,10 +92,7 @@ void aes_gcm_decrypt(void) /* Output decrypted block */ printf("Plaintext:\n"); BIO_dump_fp(stdout, outbuf, outlen); - /* - * Set expected tag value. Works in OpenSSL 1.0.1d and later - * In versions prior to OpenSSL 1.1.0 you should use EVP_CTRL_GCM_SET_TAG - */ + /* Set expected tag value. */ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(gcm_tag), gcm_tag); /* Finalise: note get no output for GCM */ rv = EVP_DecryptFinal_ex(ctx, outbuf, &outlen); diff --git a/demos/selfsign.c b/demos/selfsign.c index 49228b9..0cc265c 100644 --- a/demos/selfsign.c +++ b/demos/selfsign.c @@ -136,7 +136,7 @@ int days; X509_add_ext(x, ex, -1); X509_EXTENSION_free(ex); -#if 0 +#ifdef ADD_CA_CONSTRAINT /* might want something like this too.... */ ex = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints, "critical,CA:TRUE"); @@ -145,7 +145,7 @@ int days; X509_EXTENSION_free(ex); #endif -#ifdef CUSTOM_EXT +#ifdef ADD_A_CUSTOM_EXTENSION /* Maybe even add our own extension based on existing */ { int nid; From rsalz at openssl.org Mon Feb 2 16:15:15 2015 From: rsalz at openssl.org (Rich Salz) Date: Mon, 2 Feb 2015 17:15:15 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150202161515.A7D541DF121@butler.localdomain> The branch master has been updated via 9ccc00ef6ea65567622e40c49aca43f2c6d79cdb (commit) from 7aa0b022460e1a7bfdf5c70e8cd084d916bac012 (commit) - Log ----------------------------------------------------------------- commit 9ccc00ef6ea65567622e40c49aca43f2c6d79cdb Author: Rich Salz Date: Mon Feb 2 11:11:34 2015 -0500 Dead code cleanup: #if 0 dropped from tests Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: crypto/bn/bntest.c | 140 ------------------------------------------ crypto/cast/casttest.c | 28 --------- crypto/des/destest.c | 5 -- crypto/ec/ectest.c | 157 ------------------------------------------------ crypto/ecdh/ecdhtest.c | 22 ------- crypto/evp/evp_test.c | 3 - ssl/ssltest.c | 12 +--- 7 files changed, 1 insertion(+), 366 deletions(-) diff --git a/crypto/bn/bntest.c b/crypto/bn/bntest.c index 4d109d8..521858a 100644 --- a/crypto/bn/bntest.c +++ b/crypto/bn/bntest.c @@ -1174,19 +1174,6 @@ int test_gf2m_add(BIO *bp) a->neg = rand_neg(); b->neg = rand_neg(); BN_GF2m_add(c, a, b); -# if 0 /* make test uses ouput in bc but bc can't - * handle GF(2^m) arithmetic */ - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " ^ "); - BN_print(bp, b); - BIO_puts(bp, " = "); - } - BN_print(bp, c); - BIO_puts(bp, "\n"); - } -# endif /* Test that two added values have the correct parity. */ if ((BN_is_odd(a) && BN_is_odd(c)) || (!BN_is_odd(a) && !BN_is_odd(c))) { @@ -1229,19 +1216,6 @@ int test_gf2m_mod(BIO *bp) BN_bntest_rand(a, 1024, 0, 0); for (j = 0; j < 2; j++) { BN_GF2m_mod(c, a, b[j]); -# if 0 /* make test uses ouput in bc but bc can't - * handle GF(2^m) arithmetic */ - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " % "); - BN_print(bp, b[j]); - BIO_puts(bp, " - "); - BN_print(bp, c); - BIO_puts(bp, "\n"); - } - } -# endif BN_GF2m_add(d, a, c); BN_GF2m_mod(e, d, b[j]); /* Test that a + (a mod p) mod p == 0. */ @@ -1288,21 +1262,6 @@ int test_gf2m_mod_mul(BIO *bp, BN_CTX *ctx) BN_bntest_rand(d, 1024, 0, 0); for (j = 0; j < 2; j++) { BN_GF2m_mod_mul(e, a, c, b[j], ctx); -# if 0 /* make test uses ouput in bc but bc can't - * handle GF(2^m) arithmetic */ - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " * "); - BN_print(bp, c); - BIO_puts(bp, " % "); - BN_print(bp, b[j]); - BIO_puts(bp, " - "); - BN_print(bp, e); - BIO_puts(bp, "\n"); - } - } -# endif BN_GF2m_add(f, a, d); BN_GF2m_mod_mul(g, f, c, b[j], ctx); BN_GF2m_mod_mul(h, d, c, b[j], ctx); @@ -1352,21 +1311,6 @@ int test_gf2m_mod_sqr(BIO *bp, BN_CTX *ctx) BN_GF2m_mod_sqr(c, a, b[j], ctx); BN_copy(d, a); BN_GF2m_mod_mul(d, a, d, b[j], ctx); -# if 0 /* make test uses ouput in bc but bc can't - * handle GF(2^m) arithmetic */ - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " ^ 2 % "); - BN_print(bp, b[j]); - BIO_puts(bp, " = "); - BN_print(bp, c); - BIO_puts(bp, "; a * a = "); - BN_print(bp, d); - BIO_puts(bp, "\n"); - } - } -# endif BN_GF2m_add(d, c, d); /* Test that a*a = a^2. */ if (!BN_is_zero(d)) { @@ -1406,19 +1350,6 @@ int test_gf2m_mod_inv(BIO *bp, BN_CTX *ctx) for (j = 0; j < 2; j++) { BN_GF2m_mod_inv(c, a, b[j], ctx); BN_GF2m_mod_mul(d, a, c, b[j], ctx); -# if 0 /* make test uses ouput in bc but bc can't - * handle GF(2^m) arithmetic */ - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " * "); - BN_print(bp, c); - BIO_puts(bp, " - 1 % "); - BN_print(bp, b[j]); - BIO_puts(bp, "\n"); - } - } -# endif /* Test that ((1/a)*a) = 1. */ if (!BN_is_one(d)) { fprintf(stderr, "GF(2^m) modular inversion test failed!\n"); @@ -1461,21 +1392,6 @@ int test_gf2m_mod_div(BIO *bp, BN_CTX *ctx) BN_GF2m_mod_div(d, a, c, b[j], ctx); BN_GF2m_mod_mul(e, d, c, b[j], ctx); BN_GF2m_mod_div(f, a, e, b[j], ctx); -# if 0 /* make test uses ouput in bc but bc can't - * handle GF(2^m) arithmetic */ - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " = "); - BN_print(bp, c); - BIO_puts(bp, " * "); - BN_print(bp, d); - BIO_puts(bp, " % "); - BN_print(bp, b[j]); - BIO_puts(bp, "\n"); - } - } -# endif /* Test that ((a/c)*c)/a = 1. */ if (!BN_is_one(f)) { fprintf(stderr, "GF(2^m) modular division test failed!\n"); @@ -1523,25 +1439,6 @@ int test_gf2m_mod_exp(BIO *bp, BN_CTX *ctx) BN_GF2m_mod_mul(e, e, f, b[j], ctx); BN_add(f, c, d); BN_GF2m_mod_exp(f, a, f, b[j], ctx); -# if 0 /* make test uses ouput in bc but bc can't - * handle GF(2^m) arithmetic */ - if (bp != NULL) { - if (!results) { - BN_print(bp, a); - BIO_puts(bp, " ^ ("); - BN_print(bp, c); - BIO_puts(bp, " + "); - BN_print(bp, d); - BIO_puts(bp, ") = "); - BN_print(bp, e); - BIO_puts(bp, "; - "); - BN_print(bp, f); - BIO_puts(bp, " % "); - BN_print(bp, b[j]); - BIO_puts(bp, "\n"); - } - } -# endif BN_GF2m_add(f, e, f); /* Test that a^(c+d)=a^c*a^d. */ if (!BN_is_zero(f)) { @@ -1587,17 +1484,6 @@ int test_gf2m_mod_sqrt(BIO *bp, BN_CTX *ctx) BN_GF2m_mod(c, a, b[j]); BN_GF2m_mod_sqrt(d, a, b[j], ctx); BN_GF2m_mod_sqr(e, d, b[j], ctx); -# if 0 /* make test uses ouput in bc but bc can't - * handle GF(2^m) arithmetic */ - if (bp != NULL) { - if (!results) { - BN_print(bp, d); - BIO_puts(bp, " ^ 2 - "); - BN_print(bp, a); - BIO_puts(bp, "\n"); - } - } -# endif BN_GF2m_add(f, c, e); /* Test that d^2 = a, where d = sqrt(a). */ if (!BN_is_zero(f)) { @@ -1644,19 +1530,6 @@ int test_gf2m_mod_solve_quad(BIO *bp, BN_CTX *ctx) BN_GF2m_mod_sqr(d, c, b[j], ctx); BN_GF2m_add(d, c, d); BN_GF2m_mod(e, a, b[j]); -# if 0 /* make test uses ouput in bc but bc can't - * handle GF(2^m) arithmetic */ - if (bp != NULL) { - if (!results) { - BN_print(bp, c); - BIO_puts(bp, " is root of z^2 + z = "); - BN_print(bp, a); - BIO_puts(bp, " % "); - BN_print(bp, b[j]); - BIO_puts(bp, "\n"); - } - } -# endif BN_GF2m_add(e, e, d); /* * Test that solution of quadratic c satisfies c^2 + c = a. @@ -1667,19 +1540,6 @@ int test_gf2m_mod_solve_quad(BIO *bp, BN_CTX *ctx) goto err; } - } else { -# if 0 /* make test uses ouput in bc but bc can't - * handle GF(2^m) arithmetic */ - if (bp != NULL) { - if (!results) { - BIO_puts(bp, "There are no roots of z^2 + z = "); - BN_print(bp, a); - BIO_puts(bp, " % "); - BN_print(bp, b[j]); - BIO_puts(bp, "\n"); - } - } -# endif } } } diff --git a/crypto/cast/casttest.c b/crypto/cast/casttest.c index 9c6614b..8063b9c 100644 --- a/crypto/cast/casttest.c +++ b/crypto/cast/casttest.c @@ -112,34 +112,6 @@ static unsigned char c_b[16] = { 0x80, 0xAC, 0x05, 0xB8, 0xE8, 0x3D, 0x69, 0x6E }; -# if 0 -char *text = "Hello to all people out there"; - -static unsigned char cfb_key[16] = { - 0xe1, 0xf0, 0xc3, 0xd2, 0xa5, 0xb4, 0x87, 0x96, - 0x69, 0x78, 0x4b, 0x5a, 0x2d, 0x3c, 0x0f, 0x1e, -}; -static unsigned char cfb_iv[80] = - { 0x34, 0x12, 0x78, 0x56, 0xab, 0x90, 0xef, 0xcd }; -static unsigned char cfb_buf1[40], cfb_buf2[40], cfb_tmp[8]; -# define CFB_TEST_SIZE 24 -static unsigned char plain[CFB_TEST_SIZE] = { - 0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73, - 0x20, 0x74, 0x68, 0x65, 0x20, 0x74, - 0x69, 0x6d, 0x65, 0x20, 0x66, 0x6f, - 0x72, 0x20, 0x61, 0x6c, 0x6c, 0x20 -}; - -static unsigned char cfb_cipher64[CFB_TEST_SIZE] = { - 0x59, 0xD8, 0xE2, 0x65, 0x00, 0x58, 0x6C, 0x3F, - 0x2C, 0x17, 0x25, 0xD0, 0x1A, 0x38, 0xB7, 0x2A, - 0x39, 0x61, 0x37, 0xDC, 0x79, 0xFB, 0x9F, 0x45 -/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38, - 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9, - 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/ -}; -# endif - int main(int argc, char *argv[]) { # ifdef FULL_TEST diff --git a/crypto/des/destest.c b/crypto/des/destest.c index be68d36..14f4dfe 100644 --- a/crypto/des/destest.c +++ b/crypto/des/destest.c @@ -345,12 +345,7 @@ static unsigned char ofb_cipher[24] = { 0x35, 0xf2, 0x4a, 0x24, 0x2e, 0xeb, 0x3d, 0x3f, 0x3d, 0x6d, 0x5b, 0xe3, 0x25, 0x5a, 0xf8, 0xc3 }; - -# if 0 -static DES_LONG cbc_cksum_ret = 0xB462FEF7L; -# else static DES_LONG cbc_cksum_ret = 0xF7FE62B4L; -# endif static unsigned char cbc_cksum_data[8] = { 0x1D, 0x26, 0x93, 0x97, 0xf7, 0xfe, 0x62, 0xb4 }; diff --git a/crypto/ec/ectest.c b/crypto/ec/ectest.c index a6be1a9..fc04f3b 100644 --- a/crypto/ec/ectest.c +++ b/crypto/ec/ectest.c @@ -114,93 +114,6 @@ int main(int argc, char *argv[]) # define TIMING_RAND_PT 1 # define TIMING_SIMUL 2 -# if 0 -static void timings(EC_GROUP *group, int type, BN_CTX *ctx) -{ - clock_t clck; - int i, j; - BIGNUM *s; - BIGNUM *r[10], *r0[10]; - EC_POINT *P; - - s = BN_new(); - if (s == NULL) - ABORT; - - fprintf(stdout, "Timings for %d-bit field, ", EC_GROUP_get_degree(group)); - if (!EC_GROUP_get_order(group, s, ctx)) - ABORT; - fprintf(stdout, "%d-bit scalars ", (int)BN_num_bits(s)); - fflush(stdout); - - P = EC_POINT_new(group); - if (P == NULL) - ABORT; - EC_POINT_copy(P, EC_GROUP_get0_generator(group)); - - for (i = 0; i < 10; i++) { - if ((r[i] = BN_new()) == NULL) - ABORT; - if (!BN_pseudo_rand(r[i], BN_num_bits(s), 0, 0)) - ABORT; - if (type != TIMING_BASE_PT) { - if ((r0[i] = BN_new()) == NULL) - ABORT; - if (!BN_pseudo_rand(r0[i], BN_num_bits(s), 0, 0)) - ABORT; - } - } - - clck = clock(); - for (i = 0; i < 10; i++) { - for (j = 0; j < 10; j++) { - if (!EC_POINT_mul - (group, P, (type != TIMING_RAND_PT) ? r[i] : NULL, - (type != TIMING_BASE_PT) ? P : NULL, - (type != TIMING_BASE_PT) ? r0[i] : NULL, ctx)) - ABORT; - } - } - clck = clock() - clck; - - fprintf(stdout, "\n"); - -# ifdef CLOCKS_PER_SEC - /* - * "To determine the time in seconds, the value returned by the clock - * function should be divided by the value of the macro CLOCKS_PER_SEC." - * -- ISO/IEC 9899 - */ -# define UNIT "s" -# else -# define UNIT "units" -# define CLOCKS_PER_SEC 1 -# endif - - if (type == TIMING_BASE_PT) { - fprintf(stdout, "%i %s in %.2f " UNIT "\n", i * j, - "base point multiplications", (double)clck / CLOCKS_PER_SEC); - } else if (type == TIMING_RAND_PT) { - fprintf(stdout, "%i %s in %.2f " UNIT "\n", i * j, - "random point multiplications", - (double)clck / CLOCKS_PER_SEC); - } else if (type == TIMING_SIMUL) { - fprintf(stdout, "%i %s in %.2f " UNIT "\n", i * j, - "s*P+t*Q operations", (double)clck / CLOCKS_PER_SEC); - } - fprintf(stdout, "average: %.4f " UNIT "\n", - (double)clck / (CLOCKS_PER_SEC * i * j)); - - EC_POINT_free(P); - BN_free(s); - for (i = 0; i < 10; i++) { - BN_free(r[i]); - if (type != TIMING_BASE_PT) - BN_free(r0[i]); - } -} -# endif - /* test multiplication with group order, long and negative scalars */ static void group_order_tests(EC_GROUP *group) { @@ -443,18 +356,6 @@ static void prime_field_tests(void) if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT; -# if 0 /* optional */ - { - EC_POINT *points[3]; - - points[0] = R; - points[1] = Q; - points[2] = P; - if (!EC_POINTs_make_affine(group, 2, points, ctx)) - ABORT; - } -# endif - } while (!EC_POINT_is_at_infinity(group, P)); @@ -952,27 +853,6 @@ static void prime_field_tests(void) BN_free(scalar3); } -# if 0 - timings(P_160, TIMING_BASE_PT, ctx); - timings(P_160, TIMING_RAND_PT, ctx); - timings(P_160, TIMING_SIMUL, ctx); - timings(P_192, TIMING_BASE_PT, ctx); - timings(P_192, TIMING_RAND_PT, ctx); - timings(P_192, TIMING_SIMUL, ctx); - timings(P_224, TIMING_BASE_PT, ctx); - timings(P_224, TIMING_RAND_PT, ctx); - timings(P_224, TIMING_SIMUL, ctx); - timings(P_256, TIMING_BASE_PT, ctx); - timings(P_256, TIMING_RAND_PT, ctx); - timings(P_256, TIMING_SIMUL, ctx); - timings(P_384, TIMING_BASE_PT, ctx); - timings(P_384, TIMING_RAND_PT, ctx); - timings(P_384, TIMING_SIMUL, ctx); - timings(P_521, TIMING_BASE_PT, ctx); - timings(P_521, TIMING_RAND_PT, ctx); - timings(P_521, TIMING_SIMUL, ctx); -# endif - if (ctx) BN_CTX_free(ctx); BN_free(p); @@ -1456,39 +1336,6 @@ static void char2_field_tests(void) fprintf(stdout, " ok\n\n"); } -# if 0 - timings(C2_K163, TIMING_BASE_PT, ctx); - timings(C2_K163, TIMING_RAND_PT, ctx); - timings(C2_K163, TIMING_SIMUL, ctx); - timings(C2_B163, TIMING_BASE_PT, ctx); - timings(C2_B163, TIMING_RAND_PT, ctx); - timings(C2_B163, TIMING_SIMUL, ctx); - timings(C2_K233, TIMING_BASE_PT, ctx); - timings(C2_K233, TIMING_RAND_PT, ctx); - timings(C2_K233, TIMING_SIMUL, ctx); - timings(C2_B233, TIMING_BASE_PT, ctx); - timings(C2_B233, TIMING_RAND_PT, ctx); - timings(C2_B233, TIMING_SIMUL, ctx); - timings(C2_K283, TIMING_BASE_PT, ctx); - timings(C2_K283, TIMING_RAND_PT, ctx); - timings(C2_K283, TIMING_SIMUL, ctx); - timings(C2_B283, TIMING_BASE_PT, ctx); - timings(C2_B283, TIMING_RAND_PT, ctx); - timings(C2_B283, TIMING_SIMUL, ctx); - timings(C2_K409, TIMING_BASE_PT, ctx); - timings(C2_K409, TIMING_RAND_PT, ctx); - timings(C2_K409, TIMING_SIMUL, ctx); - timings(C2_B409, TIMING_BASE_PT, ctx); - timings(C2_B409, TIMING_RAND_PT, ctx); - timings(C2_B409, TIMING_SIMUL, ctx); - timings(C2_K571, TIMING_BASE_PT, ctx); - timings(C2_K571, TIMING_RAND_PT, ctx); - timings(C2_K571, TIMING_SIMUL, ctx); - timings(C2_B571, TIMING_BASE_PT, ctx); - timings(C2_B571, TIMING_RAND_PT, ctx); - timings(C2_B571, TIMING_SIMUL, ctx); -# endif - if (ctx) BN_CTX_free(ctx); BN_free(p); @@ -1783,10 +1630,6 @@ static void nistp_single_test(const struct nistp_test_params *test) fprintf(stdout, "ok\n"); group_order_tests(NISTP); -# if 0 - timings(NISTP, TIMING_BASE_PT, ctx); - timings(NISTP, TIMING_RAND_PT, ctx); -# endif EC_GROUP_free(NISTP); EC_POINT_free(G); EC_POINT_free(P); diff --git a/crypto/ecdh/ecdhtest.c b/crypto/ecdh/ecdhtest.c index 5aed2b1..41725f6 100644 --- a/crypto/ecdh/ecdhtest.c +++ b/crypto/ecdh/ecdhtest.c @@ -92,10 +92,6 @@ int main(int argc, char *argv[]) # include # include -# if 0 -static void cb(int p, int n, void *arg); -# endif - static const char rnd_seed[] = "string to make the random number generator think it has entropy"; @@ -544,22 +540,4 @@ int main(int argc, char *argv[]) CRYPTO_mem_leaks_fp(stderr); EXIT(ret); } - -# if 0 -static void cb(int p, int n, void *arg) -{ - char c = '*'; - - if (p == 0) - c = '.'; - if (p == 1) - c = '+'; - if (p == 2) - c = '*'; - if (p == 3) - c = '\n'; - BIO_write((BIO *)arg, &c, 1); - (void)BIO_flush((BIO *)arg); -} -# endif #endif diff --git a/crypto/evp/evp_test.c b/crypto/evp/evp_test.c index b356131..ea332ae 100644 --- a/crypto/evp/evp_test.c +++ b/crypto/evp/evp_test.c @@ -480,9 +480,6 @@ int main(int argc, char **argv) /* Load all compiled-in ENGINEs */ ENGINE_load_builtin_engines(); #endif -#if 0 - OPENSSL_config(); -#endif #ifndef OPENSSL_NO_ENGINE /* * Register all available ENGINE implementations of ciphers and digests. diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 7bf7e55..3eb13e2 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -740,13 +740,6 @@ static int custom_ext_3_srv_add_cb(SSL *s, unsigned int ext_type, static char *cipher = NULL; static int verbose = 0; static int debug = 0; -#if 0 -/* Not used yet. */ -# ifdef FIONBIO -static int s_nbio = 0; -# endif -#endif - static const char rnd_seed[] = "string to make the random number generator think it has entropy"; @@ -754,6 +747,7 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time, clock_t *c_time); int doit(SSL *s_ssl, SSL *c_ssl, long bytes); static int do_test_cipherlist(void); + static void sv_usage(void) { fprintf(stderr, "usage: ssltest [args ...]\n"); @@ -2487,10 +2481,6 @@ static int verify_callback(int ok, X509_STORE_CTX *ctx) if (ok == 1) { X509 *xs = ctx->current_cert; -#if 0 - X509 *xi = ctx->current_issuer; -#endif - if (xs->ex_flags & EXFLAG_PROXY) { unsigned int *letters = X509_STORE_CTX_get_ex_data(ctx, get_proxy_auth_ex_data_idx From rsalz at openssl.org Mon Feb 2 16:41:24 2015 From: rsalz at openssl.org (Rich Salz) Date: Mon, 2 Feb 2015 17:41:24 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150202164124.6929C1DF121@butler.localdomain> The branch master has been updated via f16a64d11f55c01f56baa62ebf1dec7f8fe718cb (commit) from 9ccc00ef6ea65567622e40c49aca43f2c6d79cdb (commit) - Log ----------------------------------------------------------------- commit f16a64d11f55c01f56baa62ebf1dec7f8fe718cb Author: Rich Salz Date: Mon Feb 2 11:40:36 2015 -0500 Dead code cleanup; remove #if 0 from crypto/engine Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/engine/eng_all.c | 9 --------- crypto/engine/eng_list.c | 9 --------- crypto/engine/tb_store.c | 24 ------------------------ 3 files changed, 42 deletions(-) diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c index e81506c..b7d2529 100644 --- a/crypto/engine/eng_all.c +++ b/crypto/engine/eng_all.c @@ -64,15 +64,6 @@ void ENGINE_load_builtin_engines(void) { /* Some ENGINEs need this */ OPENSSL_cpuid_setup(); -#if 0 - /* - * There's no longer any need for an "openssl" ENGINE unless, one day, it - * is the *only* way for standard builtin implementations to be be - * accessed (ie. it would be possible to statically link binaries with - * *no* builtin implementations). - */ - ENGINE_load_openssl(); -#endif #if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)) ENGINE_load_cryptodev(); #endif diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c index 3384e31..c69e8a7 100644 --- a/crypto/engine/eng_list.c +++ b/crypto/engine/eng_list.c @@ -353,14 +353,6 @@ ENGINE *ENGINE_by_id(const char *id) } } CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); -#if 0 - if (iterator == NULL) { - ENGINEerr(ENGINE_F_ENGINE_BY_ID, ENGINE_R_NO_SUCH_ENGINE); - ERR_add_error_data(2, "id=", id); - } - return iterator; -#else - /* EEK! Experimental code starts */ if (iterator) return iterator; /* @@ -390,7 +382,6 @@ ENGINE *ENGINE_by_id(const char *id) ERR_add_error_data(2, "id=", id); return NULL; /* EEK! Experimental code ends */ -#endif } int ENGINE_up_ref(ENGINE *e) diff --git a/crypto/engine/tb_store.c b/crypto/engine/tb_store.c index 1eab49d..84d2268 100644 --- a/crypto/engine/tb_store.c +++ b/crypto/engine/tb_store.c @@ -91,30 +91,6 @@ void ENGINE_register_all_STORE() ENGINE_register_STORE(e); } -/* The following two functions are removed because they're useless. */ -#if 0 -int ENGINE_set_default_STORE(ENGINE *e) -{ - if (e->store_meth) - return engine_table_register(&store_table, - engine_unregister_all_STORE, e, - &dummy_nid, 1, 1); - return 1; -} -#endif - -#if 0 -/* - * Exposed API function to get a functional reference from the implementation - * table (ie. try to get a functional reference from the tabled structural - * references). - */ -ENGINE *ENGINE_get_default_STORE(void) -{ - return engine_table_select(&store_table, dummy_nid); -} -#endif - /* Obtains an STORE implementation from an ENGINE functional reference */ const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e) { From rsalz at openssl.org Mon Feb 2 16:57:14 2015 From: rsalz at openssl.org (Rich Salz) Date: Mon, 2 Feb 2015 17:57:14 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150202165714.CC06E1DF121@butler.localdomain> The branch master has been updated via c8fa2356a00cbaada8963f739e5570298311a060 (commit) from f16a64d11f55c01f56baa62ebf1dec7f8fe718cb (commit) - Log ----------------------------------------------------------------- commit c8fa2356a00cbaada8963f739e5570298311a060 Author: Rich Salz Date: Mon Feb 2 11:56:47 2015 -0500 Dead code cleanup: crypto/ec,ecdh,ecdsa Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: crypto/ec/ec_curve.c | 20 -------------------- crypto/ecdh/ech_lib.c | 16 ---------------- crypto/ecdh/ech_locl.h | 4 ---- crypto/ecdh/ech_ossl.c | 4 ---- crypto/ecdsa/ecs_lib.c | 7 ------- crypto/ecdsa/ecs_locl.h | 4 ---- crypto/ecdsa/ecs_ossl.c | 4 ---- 7 files changed, 59 deletions(-) diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index 81846ec..6199e25 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -1061,16 +1061,6 @@ static const struct { NID_X9_62_characteristic_two_field, 0, 21, 2 }, { - /* no seed */ -# if 0 - /* - * The algorithm used to derive the curve parameters from the seed - * used here is slightly different than the algorithm described in - * X9.62 . - */ - 0x24, 0xB7, 0xB1, 0x37, 0xC8, 0xA1, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, - 0x61, 0x51, 0x75, 0x6F, 0xD0, 0xDA, 0x2E, 0x5C, -# endif /* p */ 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC9, @@ -1100,16 +1090,6 @@ static const struct { NID_X9_62_characteristic_two_field, 0, 21, 2 }, { - /* no seed */ -# if 0 - /* - * The seed here was used to created the curve parameters in normal - * basis representation (and not the polynomial representation used - * here) - */ - 0x85, 0xE2, 0x5B, 0xFE, 0x5C, 0x86, 0x22, 0x6C, 0xDB, 0x12, 0x01, 0x6F, - 0x75, 0x53, 0xF9, 0xD0, 0xE6, 0x93, 0xA2, 0x68, -# endif /* p */ 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC9, diff --git a/crypto/ecdh/ech_lib.c b/crypto/ecdh/ech_lib.c index b910b50..5147368 100644 --- a/crypto/ecdh/ech_lib.c +++ b/crypto/ecdh/ech_lib.c @@ -103,11 +103,6 @@ int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth) if (ecdh == NULL) return 0; -#if 0 - mtmp = ecdh->meth; - if (mtmp->finish) - mtmp->finish(eckey); -#endif #ifndef OPENSSL_NO_ENGINE if (ecdh->engine) { ENGINE_finish(ecdh->engine); @@ -115,10 +110,6 @@ int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth) } #endif ecdh->meth = meth; -#if 0 - if (meth->init) - meth->init(eckey); -#endif return 1; } @@ -152,13 +143,6 @@ static ECDH_DATA *ECDH_DATA_new_method(ENGINE *engine) ret->flags = ret->meth->flags; CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data); -#if 0 - if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data); - OPENSSL_free(ret); - ret = NULL; - } -#endif return (ret); } diff --git a/crypto/ecdh/ech_locl.h b/crypto/ecdh/ech_locl.h index 4e66024..d61ef80 100644 --- a/crypto/ecdh/ech_locl.h +++ b/crypto/ecdh/ech_locl.h @@ -68,10 +68,6 @@ struct ecdh_method { EC_KEY *ecdh, void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen)); -# if 0 - int (*init) (EC_KEY *eckey); - int (*finish) (EC_KEY *eckey); -# endif int flags; char *app_data; }; diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c index e60cf10..278c41b 100644 --- a/crypto/ecdh/ech_ossl.c +++ b/crypto/ecdh/ech_ossl.c @@ -86,10 +86,6 @@ static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key, static ECDH_METHOD openssl_ecdh_meth = { "OpenSSL ECDH method", ecdh_compute_key, -#if 0 - NULL, /* init */ - NULL, /* finish */ -#endif ECDH_FLAG_FIPS_METHOD, /* flags */ NULL /* app_data */ }; diff --git a/crypto/ecdsa/ecs_lib.c b/crypto/ecdsa/ecs_lib.c index 321b425..67e521f 100644 --- a/crypto/ecdsa/ecs_lib.c +++ b/crypto/ecdsa/ecs_lib.c @@ -131,13 +131,6 @@ static ECDSA_DATA *ECDSA_DATA_new_method(ENGINE *engine) ret->flags = ret->meth->flags; CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data); -#if 0 - if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data); - OPENSSL_free(ret); - ret = NULL; - } -#endif return (ret); } diff --git a/crypto/ecdsa/ecs_locl.h b/crypto/ecdsa/ecs_locl.h index d3a5efc..9a0666e 100644 --- a/crypto/ecdsa/ecs_locl.h +++ b/crypto/ecdsa/ecs_locl.h @@ -74,10 +74,6 @@ struct ecdsa_method { BIGNUM **r); int (*ecdsa_do_verify) (const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, EC_KEY *eckey); -# if 0 - int (*init) (EC_KEY *eckey); - int (*finish) (EC_KEY *eckey); -# endif int flags; void *app_data; }; diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c index c232321..1343850 100644 --- a/crypto/ecdsa/ecs_ossl.c +++ b/crypto/ecdsa/ecs_ossl.c @@ -77,10 +77,6 @@ static ECDSA_METHOD openssl_ecdsa_meth = { ecdsa_do_sign, ecdsa_sign_setup_no_digest, ecdsa_do_verify, -#if 0 - NULL, /* init */ - NULL, /* finish */ -#endif ECDSA_FLAG_FIPS_METHOD, /* flags */ NULL /* app_data */ }; From rsalz at openssl.org Mon Feb 2 17:43:39 2015 From: rsalz at openssl.org (Rich Salz) Date: Mon, 2 Feb 2015 18:43:39 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150202174339.3EDFD1DF121@butler.localdomain> The branch master has been updated via e2f80180271f3badc9dec6f3172009b57ba57842 (commit) from c8fa2356a00cbaada8963f739e5570298311a060 (commit) - Log ----------------------------------------------------------------- commit e2f80180271f3badc9dec6f3172009b57ba57842 Author: Rich Salz Date: Mon Feb 2 12:43:17 2015 -0500 Dead code removal; #if 0 from crypto/des Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: crypto/des/des_old.c | 10 -------- crypto/des/read_pwd.c | 3 --- crypto/des/xcbc_enc.c | 64 ------------------------------------------------- 3 files changed, 77 deletions(-) diff --git a/crypto/des/des_old.c b/crypto/des/des_old.c index 54b0968..6bd88db 100644 --- a/crypto/des/des_old.c +++ b/crypto/des/des_old.c @@ -208,16 +208,6 @@ void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out, (DES_key_schedule *)ks3, ivec, num); } -#if 0 /* broken code, preserved just in case anyone - * specifically looks for this */ -void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), - _ossl_old_des_cblock (*in_white), - _ossl_old_des_cblock (*out_white)) -{ - DES_xwhite_in2out(des_key, in_white, out_white); -} -#endif - int _ossl_old_des_enc_read(int fd, char *buf, int len, des_key_schedule sched, _ossl_old_des_cblock *iv) { diff --git a/crypto/des/read_pwd.c b/crypto/des/read_pwd.c index 0a51f88..42903d6 100644 --- a/crypto/des/read_pwd.c +++ b/crypto/des/read_pwd.c @@ -373,9 +373,6 @@ int des_read_pw(char *buf, char *buff, int size, const char *prompt, error: fprintf(stderr, "\n"); -# if 0 - perror("fgets(tty)"); -# endif /* What can we do if there is an error? */ # if defined(TTY_set) && !defined(OPENSSL_SYS_VMS) if (ps >= 2) diff --git a/crypto/des/xcbc_enc.c b/crypto/des/xcbc_enc.c index 6fe021b..201ef70 100644 --- a/crypto/des/xcbc_enc.c +++ b/crypto/des/xcbc_enc.c @@ -60,70 +60,6 @@ /* RSA's DESX */ -#if 0 /* broken code, preserved just in case anyone - * specifically looks for this */ -static const unsigned char desx_white_in2out[256] = { - 0xBD, 0x56, 0xEA, 0xF2, 0xA2, 0xF1, 0xAC, 0x2A, 0xB0, 0x93, 0xD1, 0x9C, - 0x1B, 0x33, 0xFD, 0xD0, - 0x30, 0x04, 0xB6, 0xDC, 0x7D, 0xDF, 0x32, 0x4B, 0xF7, 0xCB, 0x45, 0x9B, - 0x31, 0xBB, 0x21, 0x5A, - 0x41, 0x9F, 0xE1, 0xD9, 0x4A, 0x4D, 0x9E, 0xDA, 0xA0, 0x68, 0x2C, 0xC3, - 0x27, 0x5F, 0x80, 0x36, - 0x3E, 0xEE, 0xFB, 0x95, 0x1A, 0xFE, 0xCE, 0xA8, 0x34, 0xA9, 0x13, 0xF0, - 0xA6, 0x3F, 0xD8, 0x0C, - 0x78, 0x24, 0xAF, 0x23, 0x52, 0xC1, 0x67, 0x17, 0xF5, 0x66, 0x90, 0xE7, - 0xE8, 0x07, 0xB8, 0x60, - 0x48, 0xE6, 0x1E, 0x53, 0xF3, 0x92, 0xA4, 0x72, 0x8C, 0x08, 0x15, 0x6E, - 0x86, 0x00, 0x84, 0xFA, - 0xF4, 0x7F, 0x8A, 0x42, 0x19, 0xF6, 0xDB, 0xCD, 0x14, 0x8D, 0x50, 0x12, - 0xBA, 0x3C, 0x06, 0x4E, - 0xEC, 0xB3, 0x35, 0x11, 0xA1, 0x88, 0x8E, 0x2B, 0x94, 0x99, 0xB7, 0x71, - 0x74, 0xD3, 0xE4, 0xBF, - 0x3A, 0xDE, 0x96, 0x0E, 0xBC, 0x0A, 0xED, 0x77, 0xFC, 0x37, 0x6B, 0x03, - 0x79, 0x89, 0x62, 0xC6, - 0xD7, 0xC0, 0xD2, 0x7C, 0x6A, 0x8B, 0x22, 0xA3, 0x5B, 0x05, 0x5D, 0x02, - 0x75, 0xD5, 0x61, 0xE3, - 0x18, 0x8F, 0x55, 0x51, 0xAD, 0x1F, 0x0B, 0x5E, 0x85, 0xE5, 0xC2, 0x57, - 0x63, 0xCA, 0x3D, 0x6C, - 0xB4, 0xC5, 0xCC, 0x70, 0xB2, 0x91, 0x59, 0x0D, 0x47, 0x20, 0xC8, 0x4F, - 0x58, 0xE0, 0x01, 0xE2, - 0x16, 0x38, 0xC4, 0x6F, 0x3B, 0x0F, 0x65, 0x46, 0xBE, 0x7E, 0x2D, 0x7B, - 0x82, 0xF9, 0x40, 0xB5, - 0x1D, 0x73, 0xF8, 0xEB, 0x26, 0xC7, 0x87, 0x97, 0x25, 0x54, 0xB1, 0x28, - 0xAA, 0x98, 0x9D, 0xA5, - 0x64, 0x6D, 0x7A, 0xD4, 0x10, 0x81, 0x44, 0xEF, 0x49, 0xD6, 0xAE, 0x2E, - 0xDD, 0x76, 0x5C, 0x2F, - 0xA7, 0x1C, 0xC9, 0x09, 0x69, 0x9A, 0x83, 0xCF, 0x29, 0x39, 0xB9, 0xE9, - 0x4C, 0xFF, 0x43, 0xAB, -}; - -void DES_xwhite_in2out(const_DES_cblock *des_key, const_DES_cblock *in_white, - DES_cblock *out_white) -{ - int out0, out1; - int i; - const unsigned char *key = &(*des_key)[0]; - const unsigned char *in = &(*in_white)[0]; - unsigned char *out = &(*out_white)[0]; - - out[0] = out[1] = out[2] = out[3] = out[4] = out[5] = out[6] = out[7] = 0; - out0 = out1 = 0; - for (i = 0; i < 8; i++) { - out[i] = key[i] ^ desx_white_in2out[out0 ^ out1]; - out0 = out1; - out1 = (int)out[i & 0x07]; - } - - out0 = out[0]; - out1 = out[i]; /* BUG: out-of-bounds read */ - for (i = 0; i < 8; i++) { - out[i] = in[i] ^ desx_white_in2out[out0 ^ out1]; - out0 = out1; - out1 = (int)out[i & 0x07]; - } -} -#endif - void DES_xcbc_encrypt(const unsigned char *in, unsigned char *out, long length, DES_key_schedule *schedule, DES_cblock *ivec, const_DES_cblock *inw, From rsalz at openssl.org Mon Feb 2 21:54:33 2015 From: rsalz at openssl.org (Rich Salz) Date: Mon, 2 Feb 2015 22:54:33 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150202215434.2791A1DF121@butler.localdomain> The branch master has been updated via fd22ab9edf497ad7d98897377ee798953845d022 (commit) from e2f80180271f3badc9dec6f3172009b57ba57842 (commit) - Log ----------------------------------------------------------------- commit fd22ab9edf497ad7d98897377ee798953845d022 Author: Rich Salz Date: Mon Feb 2 16:53:54 2015 -0500 Dead code: if 0 removal from crypto/evp and an unused file. Reviewed-by: Andy Polyakov Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/evp/bio_b64.c | 4 - crypto/evp/c_all.c | 9 - crypto/evp/e_aes.c | 28 --- crypto/evp/openbsd_hw.c | 446 ----------------------------------------------- 4 files changed, 487 deletions(-) delete mode 100644 crypto/evp/openbsd_hw.c diff --git a/crypto/evp/bio_b64.c b/crypto/evp/bio_b64.c index 538b520..8cbbf02 100644 --- a/crypto/evp/bio_b64.c +++ b/crypto/evp/bio_b64.c @@ -298,11 +298,7 @@ static int b64_read(BIO *b, char *out, int outl) if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) { int z, jj; -#if 0 - jj = (i >> 2) << 2; -#else jj = i & ~3; /* process per 4 */ -#endif z = EVP_DecodeBlock((unsigned char *)ctx->buf, (unsigned char *)ctx->tmp, jj); if (jj > 2) { diff --git a/crypto/evp/c_all.c b/crypto/evp/c_all.c index a3ed00d..cc2f8f6 100644 --- a/crypto/evp/c_all.c +++ b/crypto/evp/c_all.c @@ -63,15 +63,6 @@ # include #endif -#if 0 -# undef OpenSSL_add_all_algorithms - -void OpenSSL_add_all_algorithms(void) -{ - OPENSSL_add_all_algorithms_noconf(); -} -#endif - void OPENSSL_add_all_algorithms_noconf(void) { /* diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 15b233c..eaceab2 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -778,11 +778,6 @@ static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, case 128: xctx->stream = aes128_t4_xts_encrypt; break; -# if 0 /* not yet */ - case 192: - xctx->stream = aes192_t4_xts_encrypt; - break; -# endif case 256: xctx->stream = aes256_t4_xts_encrypt; break; @@ -796,11 +791,6 @@ static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, case 128: xctx->stream = aes128_t4_xts_decrypt; break; -# if 0 /* not yet */ - case 192: - xctx->stream = aes192_t4_xts_decrypt; - break; -# endif case 256: xctx->stream = aes256_t4_xts_decrypt; break; @@ -839,24 +829,6 @@ static int aes_t4_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, aes_t4_set_encrypt_key(key, bits, &cctx->ks.ks); CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, &cctx->ks, (block128_f) aes_t4_encrypt); -# if 0 /* not yet */ - switch (bits) { - case 128: - cctx->str = enc ? (ccm128_f) aes128_t4_ccm64_encrypt : - (ccm128_f) ae128_t4_ccm64_decrypt; - break; - case 192: - cctx->str = enc ? (ccm128_f) aes192_t4_ccm64_encrypt : - (ccm128_f) ae192_t4_ccm64_decrypt; - break; - case 256: - cctx->str = enc ? (ccm128_f) aes256_t4_ccm64_encrypt : - (ccm128_f) ae256_t4_ccm64_decrypt; - break; - default: - return 0; - } -# endif cctx->key_set = 1; } if (iv) { diff --git a/crypto/evp/openbsd_hw.c b/crypto/evp/openbsd_hw.c deleted file mode 100644 index f36de2c..0000000 --- a/crypto/evp/openbsd_hw.c +++ /dev/null @@ -1,446 +0,0 @@ -/* Written by Ben Laurie, 2001 */ -/* - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core at openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include -#include -#include -#include "evp_locl.h" - -/* - * This stuff should now all be supported through - * crypto/engine/hw_openbsd_dev_crypto.c unless I botched it up - */ -static void *dummy = &dummy; - -#if 0 - -/* check flag after OpenSSL headers to ensure make depend works */ -# ifdef OPENSSL_OPENBSD_DEV_CRYPTO - -# include -# include -# include -# include -# include -# include -# include - -/* longest key supported in hardware */ -# define MAX_HW_KEY 24 -# define MAX_HW_IV 8 - -# define MD5_DIGEST_LENGTH 16 -# define MD5_CBLOCK 64 - -static int fd; -static int dev_failed; - -typedef struct session_op session_op; - -# define CDATA(ctx) EVP_C_DATA(session_op,ctx) - -static void err(const char *str) -{ - fprintf(stderr, "%s: errno %d\n", str, errno); -} - -static int dev_crypto_init(session_op *ses) -{ - if (dev_failed) - return 0; - if (!fd) { - int cryptodev_fd; - - if ((cryptodev_fd = open("/dev/crypto", O_RDWR, 0)) < 0) { - err("/dev/crypto"); - dev_failed = 1; - return 0; - } - if (ioctl(cryptodev_fd, CRIOGET, &fd) == -1) { - err("CRIOGET failed"); - close(cryptodev_fd); - dev_failed = 1; - return 0; - } - close(cryptodev_fd); - } - assert(ses); - memset(ses, '\0', sizeof *ses); - - return 1; -} - -static int dev_crypto_cleanup(EVP_CIPHER_CTX *ctx) -{ - if (ioctl(fd, CIOCFSESSION, &CDATA(ctx)->ses) == -1) - err("CIOCFSESSION failed"); - - OPENSSL_free(CDATA(ctx)->key); - - return 1; -} - -static int dev_crypto_init_key(EVP_CIPHER_CTX *ctx, int cipher, - const unsigned char *key, int klen) -{ - if (!dev_crypto_init(CDATA(ctx))) - return 0; - - CDATA(ctx)->key = OPENSSL_malloc(MAX_HW_KEY); - if (CDATA(ctx)->key == NULL) - return 0; - - assert(ctx->cipher->iv_len <= MAX_HW_IV); - - memcpy(CDATA(ctx)->key, key, klen); - - CDATA(ctx)->cipher = cipher; - CDATA(ctx)->keylen = klen; - - if (ioctl(fd, CIOCGSESSION, CDATA(ctx)) == -1) { - err("CIOCGSESSION failed"); - return 0; - } - return 1; -} - -static int dev_crypto_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) -{ - struct crypt_op cryp; - unsigned char lb[MAX_HW_IV]; - - if (!inl) - return 1; - - assert(CDATA(ctx)); - assert(!dev_failed); - - memset(&cryp, '\0', sizeof cryp); - cryp.ses = CDATA(ctx)->ses; - cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; - cryp.flags = 0; - cryp.len = inl; - assert((inl & (ctx->cipher->block_size - 1)) == 0); - cryp.src = (caddr_t) in; - cryp.dst = (caddr_t) out; - cryp.mac = 0; - if (ctx->cipher->iv_len) - cryp.iv = (caddr_t) ctx->iv; - - if (!ctx->encrypt) - memcpy(lb, &in[cryp.len - ctx->cipher->iv_len], ctx->cipher->iv_len); - - if (ioctl(fd, CIOCCRYPT, &cryp) == -1) { - if (errno == EINVAL) { /* buffers are misaligned */ - unsigned int cinl = 0; - char *cin = NULL; - char *cout = NULL; - - /* NB: this can only make cinl != inl with stream ciphers */ - cinl = (inl + 3) / 4 * 4; - - if (((unsigned long)in & 3) || cinl != inl) { - cin = OPENSSL_malloc(cinl); - if (cin == NULL) - return 0; - memcpy(cin, in, inl); - cryp.src = cin; - } - - if (((unsigned long)out & 3) || cinl != inl) { - cout = OPENSSL_malloc(cinl); - if (cout == NULL) { - if (cin != NULL) - OPENSSL_free(cin); - return 0; - } - cryp.dst = cout; - } - - cryp.len = cinl; - - if (ioctl(fd, CIOCCRYPT, &cryp) == -1) { - err("CIOCCRYPT(2) failed"); - printf("src=%p dst=%p\n", cryp.src, cryp.dst); - abort(); - return 0; - } - - if (cout) { - memcpy(out, cout, inl); - OPENSSL_free(cout); - } - if (cin) - OPENSSL_free(cin); - } else { - err("CIOCCRYPT failed"); - abort(); - return 0; - } - } - - if (ctx->encrypt) - memcpy(ctx->iv, &out[cryp.len - ctx->cipher->iv_len], - ctx->cipher->iv_len); - else - memcpy(ctx->iv, lb, ctx->cipher->iv_len); - - return 1; -} - -static int dev_crypto_des_ede3_init_key(EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *iv, int enc) -{ - return dev_crypto_init_key(ctx, CRYPTO_3DES_CBC, key, 24); -} - -# define dev_crypto_des_ede3_cbc_cipher dev_crypto_cipher - -BLOCK_CIPHER_def_cbc(dev_crypto_des_ede3, session_op, NID_des_ede3, 8, 24, 8, - 0, dev_crypto_des_ede3_init_key, - dev_crypto_cleanup, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) - -static int dev_crypto_rc4_init_key(EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *iv, int enc) -{ - return dev_crypto_init_key(ctx, CRYPTO_ARC4, key, 16); -} - -static const EVP_CIPHER r4_cipher = { - NID_rc4, - 1, 16, 0, /* FIXME: key should be up to 256 bytes */ - EVP_CIPH_VARIABLE_LENGTH, - dev_crypto_rc4_init_key, - dev_crypto_cipher, - dev_crypto_cleanup, - sizeof(session_op), - NULL, - NULL, - NULL -}; - -const EVP_CIPHER *EVP_dev_crypto_rc4(void) -{ - return &r4_cipher; -} - -typedef struct { - session_op sess; - char *data; - int len; - unsigned char md[EVP_MAX_MD_SIZE]; -} MD_DATA; - -static int dev_crypto_init_digest(MD_DATA *md_data, int mac) -{ - if (!dev_crypto_init(&md_data->sess)) - return 0; - - md_data->len = 0; - md_data->data = NULL; - - md_data->sess.mac = mac; - - if (ioctl(fd, CIOCGSESSION, &md_data->sess) == -1) { - err("CIOCGSESSION failed"); - return 0; - } - return 1; -} - -static int dev_crypto_cleanup_digest(MD_DATA *md_data) -{ - if (ioctl(fd, CIOCFSESSION, &md_data->sess.ses) == -1) { - err("CIOCFSESSION failed"); - return 0; - } - - return 1; -} - -/* FIXME: if device can do chained MACs, then don't accumulate */ -/* FIXME: move accumulation to the framework */ -static int dev_crypto_md5_init(EVP_MD_CTX *ctx) -{ - return dev_crypto_init_digest(ctx->md_data, CRYPTO_MD5); -} - -static int do_digest(int ses, unsigned char *md, const void *data, int len) -{ - struct crypt_op cryp; - static const unsigned char md5zero[16] = { - 0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04, - 0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e - }; - - /* some cards can't do zero length */ - if (!len) { - memcpy(md, md5zero, 16); - return 1; - } - - memset(&cryp, '\0', sizeof cryp); - cryp.ses = ses; - cryp.op = COP_ENCRYPT; /* required to do the MAC rather than check - * it */ - cryp.len = len; - cryp.src = (caddr_t) data; - cryp.dst = (caddr_t) data; // FIXME!!! - cryp.mac = (caddr_t) md; - - if (ioctl(fd, CIOCCRYPT, &cryp) == -1) { - if (errno == EINVAL) { /* buffer is misaligned */ - char *dcopy; - - dcopy = OPENSSL_malloc(len); - memcpy(dcopy, data, len); - cryp.src = dcopy; - cryp.dst = cryp.src; // FIXME!!! - - if (ioctl(fd, CIOCCRYPT, &cryp) == -1) { - err("CIOCCRYPT(MAC2) failed"); - abort(); - return 0; - } - OPENSSL_free(dcopy); - } else { - err("CIOCCRYPT(MAC) failed"); - abort(); - return 0; - } - } - // printf("done\n"); - - return 1; -} - -static int dev_crypto_md5_update(EVP_MD_CTX *ctx, const void *data, - unsigned long len) -{ - MD_DATA *md_data = ctx->md_data; - char *tmp_md_data; - - if (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) - return do_digest(md_data->sess.ses, md_data->md, data, len); - - tmp_md_data = OPENSSL_realloc(md_data->data, md_data->len + len); - if (tmp_md_data == NULL) - return 0; - md_data->data = tmp_md_data; - memcpy(md_data->data + md_data->len, data, len); - md_data->len += len; - - return 1; -} - -static int dev_crypto_md5_final(EVP_MD_CTX *ctx, unsigned char *md) -{ - int ret; - MD_DATA *md_data = ctx->md_data; - - if (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) { - memcpy(md, md_data->md, MD5_DIGEST_LENGTH); - ret = 1; - } else { - ret = do_digest(md_data->sess.ses, md, md_data->data, md_data->len); - OPENSSL_free(md_data->data); - md_data->data = NULL; - md_data->len = 0; - } - - return ret; -} - -static int dev_crypto_md5_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) -{ - const MD_DATA *from_md = from->md_data; - MD_DATA *to_md = to->md_data; - - // How do we copy sessions? - assert(from->digest->flags & EVP_MD_FLAG_ONESHOT); - - to_md->data = OPENSSL_malloc(from_md->len); - if (to_md->data == NULL) - return 0; - memcpy(to_md->data, from_md->data, from_md->len); - - return 1; -} - -static int dev_crypto_md5_cleanup(EVP_MD_CTX *ctx) -{ - return dev_crypto_cleanup_digest(ctx->md_data); -} - -static const EVP_MD md5_md = { - NID_md5, - NID_md5WithRSAEncryption, - MD5_DIGEST_LENGTH, - EVP_MD_FLAG_ONESHOT, // XXX: set according to device info... - dev_crypto_md5_init, - dev_crypto_md5_update, - dev_crypto_md5_final, - dev_crypto_md5_copy, - dev_crypto_md5_cleanup, - EVP_PKEY_RSA_method, - MD5_CBLOCK, - sizeof(MD_DATA), -}; - -const EVP_MD *EVP_dev_crypto_md5(void) -{ - return &md5_md; -} - -# endif -#endif From rsalz at openssl.org Mon Feb 2 23:46:58 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 3 Feb 2015 00:46:58 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150202234659.0C3111DF121@butler.localdomain> The branch master has been updated via 24956ca00f014a917fb181a8abc39b349f3f316f (commit) from fd22ab9edf497ad7d98897377ee798953845d022 (commit) - Log ----------------------------------------------------------------- commit 24956ca00f014a917fb181a8abc39b349f3f316f Author: Rich Salz Date: Mon Feb 2 18:46:01 2015 -0500 Remove old DES API Includes VMS fixes from Richard. Includes Kurt's destest fixes (RT 1290). Closes tickets 1290 and 1291 Reviewed-by: Kurt Roeckx Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: CHANGES | 3 + apps/Makefile | 6 +- crypto/crypto-lib.com | 2 +- crypto/des/DES.pm | 19 - crypto/des/DES.xs | 268 ----------- crypto/des/FILES0 | 96 ---- crypto/des/INSTALL | 69 --- crypto/des/Imakefile | 35 -- crypto/des/KERBEROS | 41 -- crypto/des/Makefile | 64 ++- crypto/des/VERSION | 412 ----------------- crypto/des/cbc3_enc.c | 95 ---- crypto/des/des-lib.com | 1005 ------------------------------------------ crypto/des/des.h | 10 - crypto/des/des.pod | 219 --------- crypto/des/des3s.cpp | 67 --- crypto/des/des_old.c | 335 -------------- crypto/des/des_old.h | 477 -------------------- crypto/des/des_old2.c | 80 ---- crypto/des/dess.cpp | 67 --- crypto/des/destest.c | 102 ++--- crypto/des/makefile.bc | 50 --- crypto/des/options.txt | 39 -- crypto/des/read_pwd.c | 493 --------------------- crypto/des/rpw.c | 90 ---- crypto/des/t/test | 27 -- crypto/des/times/486-50.sol | 16 - crypto/des/times/586-100.lnx | 20 - crypto/des/times/686-200.fre | 18 - crypto/des/times/aix.cc | 26 -- crypto/des/times/alpha.cc | 18 - crypto/des/times/hpux.cc | 17 - crypto/des/times/sparc.gcc | 17 - crypto/des/times/usparc.cc | 31 -- crypto/des/typemap | 34 -- crypto/evp/Makefile | 8 +- crypto/install-crypto.com | 2 +- crypto/mdc2/Makefile | 4 +- crypto/pem/Makefile | 2 +- makevms.com | 2 +- test/Makefile | 4 +- 41 files changed, 95 insertions(+), 4295 deletions(-) delete mode 100644 crypto/des/DES.pm delete mode 100644 crypto/des/DES.xs delete mode 100644 crypto/des/FILES0 delete mode 100644 crypto/des/INSTALL delete mode 100644 crypto/des/Imakefile delete mode 100644 crypto/des/KERBEROS delete mode 100644 crypto/des/VERSION delete mode 100644 crypto/des/cbc3_enc.c delete mode 100644 crypto/des/des-lib.com delete mode 100644 crypto/des/des.pod delete mode 100644 crypto/des/des3s.cpp delete mode 100644 crypto/des/des_old.c delete mode 100644 crypto/des/des_old.h delete mode 100644 crypto/des/des_old2.c delete mode 100644 crypto/des/dess.cpp delete mode 100644 crypto/des/makefile.bc delete mode 100644 crypto/des/options.txt delete mode 100644 crypto/des/read_pwd.c delete mode 100644 crypto/des/rpw.c delete mode 100644 crypto/des/t/test delete mode 100644 crypto/des/times/486-50.sol delete mode 100644 crypto/des/times/586-100.lnx delete mode 100644 crypto/des/times/686-200.fre delete mode 100644 crypto/des/times/aix.cc delete mode 100644 crypto/des/times/alpha.cc delete mode 100644 crypto/des/times/hpux.cc delete mode 100644 crypto/des/times/sparc.gcc delete mode 100644 crypto/des/times/usparc.cc delete mode 100644 crypto/des/typemap diff --git a/CHANGES b/CHANGES index 4b78387..11176ce 100644 --- a/CHANGES +++ b/CHANGES @@ -31,6 +31,9 @@ done while fixing the error code for the key-too-small case. [Annie Yousar ] + *) Removed old DES API. + [Rich Salz] + *) Remove various unsupported platforms: Sony NEWS4 BEOS and BEOS_R5 diff --git a/apps/Makefile b/apps/Makefile index 4270659..3af50b1 100644 --- a/apps/Makefile +++ b/apps/Makefile @@ -593,7 +593,7 @@ openssl.o: openssl.c progs.h s_apps.h passwd.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h passwd.o: ../include/openssl/buffer.h ../include/openssl/conf.h passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h -passwd.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h +passwd.o: ../include/openssl/e_os2.h passwd.o: ../include/openssl/ec.h ../include/openssl/ecdh.h passwd.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h passwd.o: ../include/openssl/err.h ../include/openssl/evp.h @@ -936,7 +936,7 @@ speed.o: ../include/openssl/bio.h ../include/openssl/blowfish.h speed.o: ../include/openssl/bn.h ../include/openssl/buffer.h speed.o: ../include/openssl/camellia.h ../include/openssl/cast.h speed.o: ../include/openssl/conf.h ../include/openssl/crypto.h -speed.o: ../include/openssl/des.h ../include/openssl/des_old.h +speed.o: ../include/openssl/des.h speed.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h speed.o: ../include/openssl/ec.h ../include/openssl/ecdh.h speed.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h @@ -1026,7 +1026,7 @@ version.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h version.o: ../include/openssl/buffer.h ../include/openssl/conf.h version.o: ../include/openssl/crypto.h ../include/openssl/des.h -version.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h +version.o: ../include/openssl/e_os2.h version.o: ../include/openssl/ec.h ../include/openssl/ecdh.h version.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h version.o: ../include/openssl/evp.h ../include/openssl/idea.h diff --git a/crypto/crypto-lib.com b/crypto/crypto-lib.com index 84ca96e..0b76a33 100644 --- a/crypto/crypto-lib.com +++ b/crypto/crypto-lib.com @@ -234,7 +234,7 @@ $ LIB_DES = "set_key,ecb_enc,cbc_enc,"+ - "ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ - "des_enc,fcrypt_b,"+ - "fcrypt,xcbc_enc,rpc_enc,cbc_cksm,"+ - - "des_old,des_old2,read2pwd" + "read2pwd" $ LIB_AES = "aes_misc,aes_ecb,aes_cfb,aes_ofb,aes_ige,aes_wrap,"+ - "aes_core,aes_cbc" $ LIB_RC2 = "rc2_ecb,rc2_skey,rc2_cbc,rc2cfb64,rc2ofb64" diff --git a/crypto/des/DES.pm b/crypto/des/DES.pm deleted file mode 100644 index 6a175b6..0000000 --- a/crypto/des/DES.pm +++ /dev/null @@ -1,19 +0,0 @@ -package DES; - -require Exporter; -require DynaLoader; - at ISA = qw(Exporter DynaLoader); -# Items to export into callers namespace by default -# (move infrequently used names to @EXPORT_OK below) - at EXPORT = qw( -); -# Other items we are prepared to export if requested - at EXPORT_OK = qw( -crypt -); - -# Preloaded methods go here. Autoload methods go after __END__, and are -# processed by the autosplit program. -bootstrap DES; -1; -__END__ diff --git a/crypto/des/DES.xs b/crypto/des/DES.xs deleted file mode 100644 index b8050b9..0000000 --- a/crypto/des/DES.xs +++ /dev/null @@ -1,268 +0,0 @@ -#include "EXTERN.h" -#include "perl.h" -#include "XSUB.h" -#include "des.h" - -#define deschar char -static STRLEN len; - -static int -not_here(s) -char *s; -{ - croak("%s not implemented on this architecture", s); - return -1; -} - -MODULE = DES PACKAGE = DES PREFIX = des_ - -char * -des_crypt(buf,salt) - char * buf - char * salt - -void -des_set_odd_parity(key) - des_cblock * key -PPCODE: - { - SV *s; - - s=sv_newmortal(); - sv_setpvn(s,(char *)key,8); - des_set_odd_parity((des_cblock *)SvPV(s,na)); - PUSHs(s); - } - -int -des_is_weak_key(key) - des_cblock * key - -des_key_schedule -des_set_key(key) - des_cblock * key -CODE: - des_set_key(key,RETVAL); -OUTPUT: -RETVAL - -des_cblock -des_ecb_encrypt(input,ks,encrypt) - des_cblock * input - des_key_schedule * ks - int encrypt -CODE: - des_ecb_encrypt(input,&RETVAL,*ks,encrypt); -OUTPUT: -RETVAL - -void -des_cbc_encrypt(input,ks,ivec,encrypt) - char * input - des_key_schedule * ks - des_cblock * ivec - int encrypt -PPCODE: - { - SV *s; - STRLEN len,l; - char *c; - - l=SvCUR(ST(0)); - len=((((unsigned long)l)+7)/8)*8; - s=sv_newmortal(); - sv_setpvn(s,"",0); - SvGROW(s,len); - SvCUR_set(s,len); - c=(char *)SvPV(s,na); - des_cbc_encrypt((des_cblock *)input,(des_cblock *)c, - l,*ks,ivec,encrypt); - sv_setpvn(ST(2),(char *)c[len-8],8); - PUSHs(s); - } - -void -des_cbc3_encrypt(input,ks1,ks2,ivec1,ivec2,encrypt) - char * input - des_key_schedule * ks1 - des_key_schedule * ks2 - des_cblock * ivec1 - des_cblock * ivec2 - int encrypt -PPCODE: - { - SV *s; - STRLEN len,l; - - l=SvCUR(ST(0)); - len=((((unsigned long)l)+7)/8)*8; - s=sv_newmortal(); - sv_setpvn(s,"",0); - SvGROW(s,len); - SvCUR_set(s,len); - des_3cbc_encrypt((des_cblock *)input,(des_cblock *)SvPV(s,na), - l,*ks1,*ks2,ivec1,ivec2,encrypt); - sv_setpvn(ST(3),(char *)ivec1,8); - sv_setpvn(ST(4),(char *)ivec2,8); - PUSHs(s); - } - -void -des_cbc_cksum(input,ks,ivec) - char * input - des_key_schedule * ks - des_cblock * ivec -PPCODE: - { - SV *s1,*s2; - STRLEN len,l; - des_cblock c; - unsigned long i1,i2; - - s1=sv_newmortal(); - s2=sv_newmortal(); - l=SvCUR(ST(0)); - des_cbc_cksum((des_cblock *)input,(des_cblock *)c, - l,*ks,ivec); - i1=c[4]|(c[5]<<8)|(c[6]<<16)|(c[7]<<24); - i2=c[0]|(c[1]<<8)|(c[2]<<16)|(c[3]<<24); - sv_setiv(s1,i1); - sv_setiv(s2,i2); - sv_setpvn(ST(2),(char *)c,8); - PUSHs(s1); - PUSHs(s2); - } - -void -des_cfb_encrypt(input,numbits,ks,ivec,encrypt) - char * input - int numbits - des_key_schedule * ks - des_cblock * ivec - int encrypt -PPCODE: - { - SV *s; - STRLEN len; - char *c; - - len=SvCUR(ST(0)); - s=sv_newmortal(); - sv_setpvn(s,"",0); - SvGROW(s,len); - SvCUR_set(s,len); - c=(char *)SvPV(s,na); - des_cfb_encrypt((unsigned char *)input,(unsigned char *)c, - (int)numbits,(long)len,*ks,ivec,encrypt); - sv_setpvn(ST(3),(char *)ivec,8); - PUSHs(s); - } - -des_cblock * -des_ecb3_encrypt(input,ks1,ks2,encrypt) - des_cblock * input - des_key_schedule * ks1 - des_key_schedule * ks2 - int encrypt -CODE: - { - des_cblock c; - - des_ecb3_encrypt((des_cblock *)input,(des_cblock *)&c, - *ks1,*ks2,encrypt); - RETVAL= &c; - } -OUTPUT: -RETVAL - -void -des_ofb_encrypt(input,numbits,ks,ivec) - unsigned char * input - int numbits - des_key_schedule * ks - des_cblock * ivec -PPCODE: - { - SV *s; - STRLEN len,l; - unsigned char *c; - - len=SvCUR(ST(0)); - s=sv_newmortal(); - sv_setpvn(s,"",0); - SvGROW(s,len); - SvCUR_set(s,len); - c=(unsigned char *)SvPV(s,na); - des_ofb_encrypt((unsigned char *)input,(unsigned char *)c, - numbits,len,*ks,ivec); - sv_setpvn(ST(3),(char *)ivec,8); - PUSHs(s); - } - -void -des_pcbc_encrypt(input,ks,ivec,encrypt) - char * input - des_key_schedule * ks - des_cblock * ivec - int encrypt -PPCODE: - { - SV *s; - STRLEN len,l; - char *c; - - l=SvCUR(ST(0)); - len=((((unsigned long)l)+7)/8)*8; - s=sv_newmortal(); - sv_setpvn(s,"",0); - SvGROW(s,len); - SvCUR_set(s,len); - c=(char *)SvPV(s,na); - des_pcbc_encrypt((des_cblock *)input,(des_cblock *)c, - l,*ks,ivec,encrypt); - sv_setpvn(ST(2),(char *)c[len-8],8); - PUSHs(s); - } - -des_cblock * -des_random_key() -CODE: - { - des_cblock c; - - des_random_key(c); - RETVAL=&c; - } -OUTPUT: -RETVAL - -des_cblock * -des_string_to_key(str) -char * str -CODE: - { - des_cblock c; - - des_string_to_key(str,&c); - RETVAL=&c; - } -OUTPUT: -RETVAL - -void -des_string_to_2keys(str) -char * str -PPCODE: - { - des_cblock c1,c2; - SV *s1,*s2; - - des_string_to_2keys(str,&c1,&c2); - EXTEND(sp,2); - s1=sv_newmortal(); - sv_setpvn(s1,(char *)c1,8); - s2=sv_newmortal(); - sv_setpvn(s2,(char *)c2,8); - PUSHs(s1); - PUSHs(s2); - } diff --git a/crypto/des/FILES0 b/crypto/des/FILES0 deleted file mode 100644 index 4c7ea2d..0000000 --- a/crypto/des/FILES0 +++ /dev/null @@ -1,96 +0,0 @@ -/* General stuff */ -COPYRIGHT - Copyright info. -MODES.DES - A description of the features of the different modes of DES. -FILES - This file. -INSTALL - How to make things compile. -Imakefile - For use with kerberos. -README - What this package is. -VERSION - Which version this is and what was changed. -KERBEROS - Kerberos version 4 notes. -Makefile.PL - An old makefile to build with perl5, not current. -Makefile.ssl - The SSLeay makefile -Makefile.uni - The normal unix makefile. -GNUmakefile - The makefile for use with glibc. -makefile.bc - A Borland C makefile -times - Some outputs from 'speed' on some machines. -vms.com - For use when compiling under VMS - -/* My SunOS des(1) replacement */ -des.c - des(1) source code. -des.man - des(1) manual. - -/* Testing and timing programs. */ -destest.c - Source for libdes.a test program. -speed.c - Source for libdes.a timing program. -rpw.c - Source for libdes.a testing password reading routines. - -/* libdes.a source code */ -des_crypt.man - libdes.a manual page. -des.h - Public libdes.a header file. -ecb_enc.c - des_ecb_encrypt() source, this contains the basic DES code. -ecb3_enc.c - des_ecb3_encrypt() source. -cbc_ckm.c - des_cbc_cksum() source. -cbc_enc.c - des_cbc_encrypt() source. -ncbc_enc.c - des_cbc_encrypt() that is 'normal' in that it copies - the new iv values back in the passed iv vector. -ede_enc.c - des_ede3_cbc_encrypt() cbc mode des using triple DES. -cbc3_enc.c - des_3cbc_encrypt() source, don't use this function. -cfb_enc.c - des_cfb_encrypt() source. -cfb64enc.c - des_cfb64_encrypt() cfb in 64 bit mode but setup to be - used as a stream cipher. -cfb64ede.c - des_ede3_cfb64_encrypt() cfb in 64 bit mode but setup to be - used as a stream cipher and using triple DES. -ofb_enc.c - des_cfb_encrypt() source. -ofb64_enc.c - des_ofb_encrypt() ofb in 64 bit mode but setup to be - used as a stream cipher. -ofb64ede.c - des_ede3_ofb64_encrypt() ofb in 64 bit mode but setup to be - used as a stream cipher and using triple DES. -enc_read.c - des_enc_read() source. -enc_writ.c - des_enc_write() source. -pcbc_enc.c - des_pcbc_encrypt() source. -qud_cksm.c - quad_cksum() source. -rand_key.c - des_random_key() source. -read_pwd.c - Source for des_read_password() plus related functions. -set_key.c - Source for des_set_key(). -str2key.c - Covert a string of any length into a key. -fcrypt.c - A small, fast version of crypt(3). -des_locl.h - Internal libdes.a header file. -podd.h - Odd parity tables - used in des_set_key(). -sk.h - Lookup tables used in des_set_key(). -spr.h - What is left of the S tables - used in ecb_encrypt(). -des_ver.h - header file for the external definition of the - version string. -des.doc - SSLeay documentation for the library. - -/* The perl scripts - you can ignore these files they are only - * included for the curious */ -des.pl - des in perl anyone? des_set_key and des_ecb_encrypt - both done in a perl library. -testdes.pl - Testing program for des.pl -doIP - Perl script used to develop IP xor/shift code. -doPC1 - Perl script used to develop PC1 xor/shift code. -doPC2 - Generates sk.h. -PC1 - Output of doPC1 should be the same as output from PC1. -PC2 - used in development of doPC2. -shifts.pl - Perl library used by my perl scripts. - -/* I started making a perl5 dynamic library for libdes - * but did not fully finish, these files are part of that effort. */ -DES.pm -DES.pod -DES.xs -t -typemap - -/* The following are for use with sun RPC implementaions. */ -rpc_des.h -rpc_enc.c - -/* The following are contibuted by Mark Murray . They - * are not normally built into libdes due to machine specific routines - * contained in them. They are for use in the most recent incarnation of - * export kerberos v 4 (eBones). */ -supp.c -new_rkey.c - - diff --git a/crypto/des/INSTALL b/crypto/des/INSTALL deleted file mode 100644 index 8aebdfe..0000000 --- a/crypto/des/INSTALL +++ /dev/null @@ -1,69 +0,0 @@ -Check the CC and CFLAGS lines in the makefile - -If your C library does not support the times(3) function, change the -#define TIMES to -#undef TIMES in speed.c -If it does, check the HZ value for the times(3) function. -If your system does not define CLK_TCK it will be assumed to -be 100.0. - -If possible use gcc v 2.7.? -Turn on the maximum optimising (normally '-O3 -fomit-frame-pointer' for gcc) -In recent times, some system compilers give better performace. - -type 'make' - -run './destest' to check things are ok. -run './rpw' to check the tty code for reading passwords works. -run './speed' to see how fast those optimisations make the library run :-) -run './des_opts' to determin the best compile time options. - -The output from des_opts should be put in the makefile options and des_enc.c -should be rebuilt. For 64 bit computers, do not use the DES_PTR option. -For the DEC Alpha, edit des.h and change DES_LONG to 'unsigned int' -and then you can use the 'DES_PTR' option. - -The file options.txt has the options listed for best speed on quite a -few systems. Look and the options (UNROLL, PTR, RISC2 etc) and then -turn on the relevant option in the Makefile. - -There are some special Makefile targets that make life easier. -make cc - standard cc build -make gcc - standard gcc build -make x86-elf - x86 assembler (elf), linux-elf. -make x86-out - x86 assembler (a.out), FreeBSD -make x86-solaris- x86 assembler -make x86-bsdi - x86 assembler (a.out with primative assembler). - -If at all possible use the assembler (for Windows NT/95, use -asm/win32.obj to link with). The x86 assembler is very very fast. - -A make install will by default install -libdes.a in /usr/local/lib/libdes.a -des in /usr/local/bin/des -des_crypt.man in /usr/local/man/man3/des_crypt.3 -des.man in /usr/local/man/man1/des.1 -des.h in /usr/include/des.h - -des(1) should be compatible with sunOS's but I have been unable to -test it. - -These routines should compile on MSDOS, most 32bit and 64bit version -of Unix (BSD and SYSV) and VMS, without modification. -The only problems should be #include files that are in the wrong places. - -These routines can be compiled under MSDOS. -I have successfully encrypted files using des(1) under MSDOS and then -decrypted the files on a SparcStation. -I have been able to compile and test the routines with -Microsoft C v 5.1 and Turbo C v 2.0. -The code in this library is in no way optimised for the 16bit -operation of MSDOS. - -When building for glibc, ignore all of the above and just unpack into -glibc-1.??/des and then gmake as per normal. - -As a final note on performace. Certain CPUs like sparcs and Alpha often give -a %10 speed difference depending on the link order. It is rather anoying -when one program reports 'x' DES encrypts a second and another reports -'x*0.9' the speed. diff --git a/crypto/des/Imakefile b/crypto/des/Imakefile deleted file mode 100644 index 1b9b562..0000000 --- a/crypto/des/Imakefile +++ /dev/null @@ -1,35 +0,0 @@ -# This Imakefile has not been tested for a while but it should still -# work when placed in the correct directory in the kerberos v 4 distribution - -SRCS= cbc_cksm.c cbc_enc.c ecb_enc.c pcbc_enc.c \ - qud_cksm.c rand_key.c read_pwd.c set_key.c str2key.c \ - enc_read.c enc_writ.c fcrypt.c cfb_enc.c \ - ecb3_enc.c ofb_enc.c ofb64enc.c - -OBJS= cbc_cksm.o cbc_enc.o ecb_enc.o pcbc_enc.o \ - qud_cksm.o rand_key.o read_pwd.o set_key.o str2key.o \ - enc_read.o enc_writ.o fcrypt.o cfb_enc.o \ - ecb3_enc.o ofb_enc.o ofb64enc.o - -GENERAL=COPYRIGHT FILES INSTALL Imakefile README VERSION makefile times \ - vms.com KERBEROS -DES= des.c des.man -TESTING=destest.c speed.c rpw.c -LIBDES= des_crypt.man des.h des_locl.h podd.h sk.h spr.h - -PERL= des.pl testdes.pl doIP doPC1 doPC2 PC1 PC2 shifts.pl - -CODE= $(GENERAL) $(DES) $(TESTING) $(SRCS) $(LIBDES) $(PERL) - -SRCDIR=$(SRCTOP)/lib/des - -DBG= -O -INCLUDE= -I$(SRCDIR) -CC= cc - -library_obj_rule() - -install_library_target(des,$(OBJS),$(SRCS),) - -test(destest,libdes.a,) -test(rpw,libdes.a,) diff --git a/crypto/des/KERBEROS b/crypto/des/KERBEROS deleted file mode 100644 index f401b10..0000000 --- a/crypto/des/KERBEROS +++ /dev/null @@ -1,41 +0,0 @@ - [ This is an old file, I don't know if it is true anymore - but I will leave the file here - eay 21/11/95 ] - -To use this library with Bones (kerberos without DES): -1) Get my modified Bones - eBones. It can be found on - gondwana.ecr.mu.oz.au (128.250.1.63) /pub/athena/eBones-p9.tar.Z - and - nic.funet.fi (128.214.6.100) /pub/unix/security/Kerberos/eBones-p9.tar.Z - -2) Unpack this library in src/lib/des, makeing sure it is version - 3.00 or greater (libdes.tar.93-10-07.Z). This versions differences - from the version in comp.sources.misc volume 29 patchlevel2. - The primarily difference is that it should compile under kerberos :-). - It can be found at. - ftp.psy.uq.oz.au (130.102.32.1) /pub/DES/libdes.tar.93-10-07.Z - -Now do a normal kerberos build and things should work. - -One problem I found when I was build on my local sun. ---- -For sunOS 4.1.1 apply the following patch to src/util/ss/make_commands.c - -*** make_commands.c.orig Fri Jul 3 04:18:35 1987 ---- make_commands.c Wed May 20 08:47:42 1992 -*************** -*** 98,104 **** - if (!rename(o_file, z_file)) { - if (!vfork()) { - chdir("/tmp"); -! execl("/bin/ld", "ld", "-o", o_file+5, "-s", "-r", "-n", - z_file+5, 0); - perror("/bin/ld"); - _exit(1); ---- 98,104 ---- - if (!rename(o_file, z_file)) { - if (!vfork()) { - chdir("/tmp"); -! execl("/bin/ld", "ld", "-o", o_file+5, "-s", "-r", - z_file+5, 0); - perror("/bin/ld"); - _exit(1); diff --git a/crypto/des/Makefile b/crypto/des/Makefile index 80a7add..e906ff3 100644 --- a/crypto/des/Makefile +++ b/crypto/des/Makefile @@ -28,7 +28,7 @@ LIBSRC= cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c \ qud_cksm.c rand_key.c rpc_enc.c set_key.c \ des_enc.c fcrypt_b.c \ xcbc_enc.c \ - str2key.c cfb64ede.c ofb64ede.c des_old.c des_old2.c \ + str2key.c cfb64ede.c ofb64ede.c \ read2pwd.c LIBOBJ= set_key.o ecb_enc.o cbc_enc.o \ @@ -37,11 +37,11 @@ LIBOBJ= set_key.o ecb_enc.o cbc_enc.o \ ofb_enc.o str2key.o pcbc_enc.o qud_cksm.o rand_key.o \ ${DES_ENC} \ fcrypt.o xcbc_enc.o rpc_enc.o cbc_cksm.o \ - des_old.o des_old2.o read2pwd.o + read2pwd.o SRC= $(LIBSRC) -EXHEADER= des.h des_old.h +EXHEADER= des.h HEADER= des_locl.h rpc_des.h spr.h des_ver.h $(EXHEADER) ALL= $(GENERAL) $(SRC) $(HEADER) @@ -106,64 +106,52 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -cbc_cksm.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +cbc_cksm.o: ../../include/openssl/des.h cbc_cksm.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h cbc_cksm.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h cbc_cksm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h cbc_cksm.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h cbc_cksm.o: cbc_cksm.c des_locl.h -cbc_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +cbc_enc.o: ../../include/openssl/des.h cbc_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h cbc_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h cbc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h cbc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h cbc_enc.o: cbc_enc.c des_locl.h ncbc_enc.c cfb64ede.o: ../../e_os.h ../../include/openssl/des.h -cfb64ede.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h +cfb64ede.o: ../../include/openssl/e_os2.h cfb64ede.o: ../../include/openssl/opensslconf.h cfb64ede.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h cfb64ede.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h cfb64ede.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h cfb64ede.o: cfb64ede.c des_locl.h -cfb64enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +cfb64enc.o: ../../include/openssl/des.h cfb64enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h cfb64enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h cfb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h cfb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h cfb64enc.o: cfb64enc.c des_locl.h cfb_enc.o: ../../e_os.h ../../include/openssl/des.h -cfb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h +cfb_enc.o: ../../include/openssl/e_os2.h cfb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/ossl_typ.h cfb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h cfb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h cfb_enc.o: ../../include/openssl/ui_compat.h cfb_enc.c des_locl.h des_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -des_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h +des_enc.o: ../../include/openssl/e_os2.h des_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h des_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h des_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h des_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h des_enc.o: des_enc.c des_locl.h ncbc_enc.c spr.h -des_old.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -des_old.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -des_old.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -des_old.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -des_old.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -des_old.o: ../../include/openssl/ui_compat.h des_old.c -des_old2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -des_old2.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -des_old2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -des_old2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -des_old2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -des_old2.o: ../../include/openssl/ui_compat.h des_old2.c -ecb3_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +ecb3_enc.o: ../../include/openssl/des.h ecb3_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h ecb3_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h ecb3_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ecb3_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h ecb3_enc.o: des_locl.h ecb3_enc.c ecb_enc.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -ecb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +ecb_enc.o: ../../include/openssl/des.h ecb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h ecb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ecb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h @@ -171,7 +159,7 @@ ecb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ecb_enc.o: ../../include/openssl/ui_compat.h des_locl.h des_ver.h ecb_enc.c enc_read.o: ../../e_os.h ../../include/openssl/bio.h enc_read.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -enc_read.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +enc_read.o: ../../include/openssl/des.h enc_read.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h enc_read.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h enc_read.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h @@ -181,7 +169,7 @@ enc_read.o: ../../include/openssl/ui_compat.h ../cryptlib.h des_locl.h enc_read.o: enc_read.c enc_writ.o: ../../e_os.h ../../include/openssl/bio.h enc_writ.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -enc_writ.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +enc_writ.o: ../../include/openssl/des.h enc_writ.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h enc_writ.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h enc_writ.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h @@ -190,82 +178,82 @@ enc_writ.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h enc_writ.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h enc_writ.o: ../cryptlib.h des_locl.h enc_writ.c fcrypt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -fcrypt.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h +fcrypt.o: ../../include/openssl/e_os2.h fcrypt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h fcrypt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h fcrypt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h fcrypt.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h fcrypt.o: des_locl.h fcrypt.c -fcrypt_b.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +fcrypt_b.o: ../../include/openssl/des.h fcrypt_b.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h fcrypt_b.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h fcrypt_b.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h fcrypt_b.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h fcrypt_b.o: des_locl.h fcrypt_b.c -ofb64ede.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +ofb64ede.o: ../../include/openssl/des.h ofb64ede.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h ofb64ede.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h ofb64ede.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ofb64ede.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h ofb64ede.o: des_locl.h ofb64ede.c -ofb64enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +ofb64enc.o: ../../include/openssl/des.h ofb64enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h ofb64enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h ofb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ofb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h ofb64enc.o: des_locl.h ofb64enc.c -ofb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +ofb_enc.o: ../../include/openssl/des.h ofb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h ofb_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h ofb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ofb_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h ofb_enc.o: des_locl.h ofb_enc.c -pcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +pcbc_enc.o: ../../include/openssl/des.h pcbc_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h pcbc_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h pcbc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h pcbc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h pcbc_enc.o: des_locl.h pcbc_enc.c -qud_cksm.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +qud_cksm.o: ../../include/openssl/des.h qud_cksm.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h qud_cksm.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h qud_cksm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h qud_cksm.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h qud_cksm.o: des_locl.h qud_cksm.c -rand_key.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +rand_key.o: ../../include/openssl/des.h rand_key.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h rand_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h rand_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h rand_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h rand_key.o: ../../include/openssl/ui_compat.h rand_key.c read2pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -read2pwd.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h +read2pwd.o: ../../include/openssl/e_os2.h read2pwd.o: ../../include/openssl/opensslconf.h read2pwd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h read2pwd.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h read2pwd.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h read2pwd.o: ../../include/openssl/ui_compat.h read2pwd.c -rpc_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +rpc_enc.o: ../../include/openssl/des.h rpc_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h rpc_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h rpc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h rpc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h rpc_enc.o: des_locl.h des_ver.h rpc_des.h rpc_enc.c set_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -set_key.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h +set_key.o: ../../include/openssl/e_os2.h set_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h set_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h set_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h set_key.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h set_key.o: des_locl.h set_key.c str2key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -str2key.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h +str2key.o: ../../include/openssl/e_os2.h str2key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h str2key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h str2key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h str2key.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h str2key.o: des_locl.h str2key.c -xcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +xcbc_enc.o: ../../include/openssl/des.h xcbc_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h xcbc_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h xcbc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h diff --git a/crypto/des/VERSION b/crypto/des/VERSION deleted file mode 100644 index a18712e..0000000 --- a/crypto/des/VERSION +++ /dev/null @@ -1,412 +0,0 @@ - Fixed the weak key values which were wrong :-( - Defining SIGACTION causes sigaction() to be used instead of signal(). - SIGUSR1/SIGUSR2 are no longer mapped in the read tty stuff because it - can cause problems. This should hopefully not affect normal - applications. - -Version 4.04 - Fixed a few tests in destest. Also added x86 assember for - des_ncbc_encrypt() which is the standard cbc mode function. - This makes a very very large performace difference. - Ariel Glenn ariel at columbia.edu reports that the terminal - 'turn echo off' can return (errno == EINVAL) under solaris - when redirection is used. So I now catch that as well as ENOTTY. - - -Version 4.03 - Left a static out of enc_write.c, which caused to buffer to be - continiously malloc()ed. Does anyone use these functions? I keep - on feeling like removing them since I only had these in there - for a version of kerberised login. Anyway, this was pointed out - by Theo de Raadt - The 'n' bit ofb code was wrong, it was not shifting the shift - register. It worked correctly for n == 64. Thanks to - Gigi Ankeny for pointing this one out. - -Version 4.02 - I was doing 'if (memcmp(weak_keys[i],key,sizeof(key)) == 0)' - when checking for weak keys which is wrong :-(, pointed out by - Markus F.X.J. Oberhumer . - -Version 4.01 - Even faster inner loop in the DES assembler for x86 and a modification - for IP/FP which is faster on x86. Both of these changes are - from Svend Olaf Mikkelsen . His - changes make the assembler run %40 faster on a pentium. This is just - a case of getting the instruction sequence 'just right'. - All credit to 'Svend' :-) - Quite a few special x86 'make' targets. - A libdes-l (lite) distribution. - -Version 4.00 - After a bit of a pause, I'll up the major version number since this - is mostly a performace release. I've added x86 assembler and - added more options for performance. A %28 speedup for gcc - on a pentium and the assembler is a %50 speedup. - MIPS CPU's, sparc and Alpha are the main CPU's with speedups. - Run des_opts to work out which options should be used. - DES_RISC1/DES_RISC2 use alternative inner loops which use - more registers but should give speedups on any CPU that does - dual issue (pentium). DES_UNROLL unrolls the inner loop, - which costs in code size. - -Version 3.26 - I've finally removed one of the shifts in D_ENCRYPT. This - meant I've changed the des_SPtrans table (spr.h), the set_key() - function and some things in des_enc.c. This has definitly - made things faster :-). I've known about this one for some - time but I've been too lazy to follow it up :-). - Noticed that in the D_ENCRYPT() macro, we can just do L^=(..)^(..)^.. - instead of L^=((..)|(..)|(..).. This should save a register at - least. - Assember for x86. The file to replace is des_enc.c, which is replaced - by one of the assembler files found in asm. Look at des/asm/readme - for more info. - - /* Modification to fcrypt so it can be compiled to support - HPUX 10.x's long password format, define -DLONGCRYPT to use this. - Thanks to Jens Kupferschmidt . */ - - SIGWINCH case put in des_read_passwd() so the function does not - 'exit' if this function is received. - -Version 3.25 17/07/96 - Modified read_pwd.c so that stdin can be read if not a tty. - Thanks to Jeff Barber for the patches. - des_init_random_number_generator() shortened due to VMS linker - limits. - Added RSA's DESX cbc mode. It is a form of cbc encryption, with 2 - 8 byte quantites xored before and after encryption. - des_xcbc_encryption() - the name is funny to preserve the des_ - prefix on all functions. - -Version 3.24 20/04/96 - The DES_PTR macro option checked and used by SSLeay configuration - -Version 3.23 11/04/96 - Added DES_LONG. If defined to 'unsigned int' on the DEC Alpha, - it gives a %20 speedup :-) - Fixed the problem with des.pl under perl5. The patches were - sent by Ed Kubaitis (ejk at uiuc.edu). - if fcrypt.c, changed values to handle illegal salt values the way - normal crypt() implementations do. Some programs apparently use - them :-(. The patch was sent by Bjorn Gronvall - -Version 3.22 29/11/95 - Bug in des(1), an error with the uuencoding stuff when the - 'data' is small, thanks to Geoff Keating - for the patch. - -Version 3.21 22/11/95 - After some emailing back and forth with - Colin Plumb , I've tweaked a few things - and in a future version I will probably put in some of the - optimisation he suggested for use with the DES_USE_PTR option. - Extra routines from Mark Murray for use in - freeBSD. They mostly involve random number generation for use - with kerberos. They involve evil machine specific system calls - etc so I would normally suggest pushing this stuff into the - application and/or using RAND_seed()/RAND_bytes() if you are - using this DES library as part of SSLeay. - Redone the read_pw() function so that it is cleaner and - supports termios, thanks to Sameer Parekh - for the initial patches for this. - Renamed 3ecb_encrypt() to ecb3_encrypt(). This has been - done just to make things more consistent. - I have also now added triple DES versions of cfb and ofb. - -Version 3.20 - Damn, Damn, Damn, as pointed out by Mike_Spreitzer.PARC at xerox.com, - my des_random_seed() function was only copying 4 bytes of the - passed seed into the init structure. It is now fixed to copy 8. - My own suggestion is to used something like MD5 :-) - -Version 3.19 - While looking at my code one day, I though, why do I keep on - calling des_encrypt(in,out,ks,enc) when every function that - calls it has in and out the same. So I dropped the 'out' - parameter, people should not be using this function. - -Version 3.18 30/08/95 - Fixed a few bit with the distribution and the filenames. - 3.17 had been munged via a move to DOS and back again. - NO CODE CHANGES - -Version 3.17 14/07/95 - Fixed ede3 cbc which I had broken in 3.16. I have also - removed some unneeded variables in 7-8 of the routines. - -Version 3.16 26/06/95 - Added des_encrypt2() which does not use IP/FP, used by triple - des routines. Tweaked things a bit elsewhere. %13 speedup on - sparc and %6 on a R4400 for ede3 cbc mode. - -Version 3.15 06/06/95 - Added des_ncbc_encrypt(), it is des_cbc mode except that it is - 'normal' and copies the new iv value back over the top of the - passed parameter. - CHANGED des_ede3_cbc_encrypt() so that it too now overwrites - the iv. THIS WILL BREAK EXISTING CODE, but since this function - only new, I feel I can change it, not so with des_cbc_encrypt :-(. - I need to update the documentation. - -Version 3.14 31/05/95 - New release upon the world, as part of my SSL implementation. - New copyright and usage stuff. Basically free for all to use - as long as you say it came from me :-) - -Version 3.13 31/05/95 - A fix in speed.c, if HZ is not defined, I set it to 100.0 - which is reasonable for most unixes except SunOS 4.x. - I now have a #ifdef sun but timing for SunOS 4.x looked very - good :-(. At my last job where I used SunOS 4.x, it was - defined to be 60.0 (look at the old INSTALL documentation), at - the last release had it changed to 100.0 since I now work with - Solaris2 and SVR4 boxes. - Thanks to Rory Chisholm for pointing this - one out. - -Version 3.12 08/05/95 - As pointed out by The Crypt Keeper , - my D_ENCRYPT macro in crypt() had an un-necessary variable. - It has been removed. - -Version 3.11 03/05/95 - Added des_ede3_cbc_encrypt() which is cbc mode des with 3 keys - and one iv. It is a standard and I needed it for my SSL code. - It makes more sense to use this for triple DES than - 3cbc_encrypt(). I have also added (or should I say tested :-) - cfb64_encrypt() which is cfb64 but it will encrypt a partial - number of bytes - 3 bytes in 3 bytes out. Again this is for - my SSL library, as a form of encryption to use with SSL - telnet. - -Version 3.10 22/03/95 - Fixed a bug in 3cbc_encrypt() :-(. When making repeated calls - to cbc3_encrypt, the 2 iv values that were being returned to - be used in the next call were reversed :-(. - Many thanks to Bill Wade for pointing out - this error. - -Version 3.09 01/02/95 - Fixed des_random_key to far more random, it was rather feeble - with regards to picking the initial seed. The problem was - pointed out by Olaf Kirch . - -Version 3.08 14/12/94 - Added Makefile.PL so libdes can be built into perl5. - Changed des_locl.h so RAND is always defined. - -Version 3.07 05/12/94 - Added GNUmake and stuff so the library can be build with - glibc. - -Version 3.06 30/08/94 - Added rpc_enc.c which contains _des_crypt. This is for use in - secure_rpc v 4.0 - Finally fixed the cfb_enc problems. - Fixed a few parameter parsing bugs in des (-3 and -b), thanks - to Rob McMillan - -Version 3.05 21/04/94 - for unsigned long l; gcc does not produce ((l>>34) == 0) - This causes bugs in cfb_enc. - Thanks to Hadmut Danisch - -Version 3.04 20/04/94 - Added a version number to des.c and libdes.a - -Version 3.03 12/01/94 - Fixed a bug in non zero iv in 3cbc_enc. - -Version 3.02 29/10/93 - I now work in a place where there are 6+ architectures and 14+ - OS versions :-). - Fixed TERMIO definition so the most sys V boxes will work :-) - -Release upon comp.sources.misc -Version 3.01 08/10/93 - Added des_3cbc_encrypt() - -Version 3.00 07/10/93 - Fixed up documentation. - quad_cksum definitely compatible with MIT's now. - -Version 2.30 24/08/93 - Triple DES now defaults to triple cbc but can do triple ecb - with the -b flag. - Fixed some MSDOS uuen/uudecoding problems, thanks to - Added prototypes. - -Version 2.22 29/06/93 - Fixed a bug in des_is_weak_key() which stopped it working :-( - thanks to engineering at MorningStar.Com. - -Version 2.21 03/06/93 - des(1) with no arguments gives quite a bit of help. - Added -c (generate ckecksum) flag to des(1). - Added -3 (triple DES) flag to des(1). - Added cfb and ofb routines to the library. - -Version 2.20 11/03/93 - Added -u (uuencode) flag to des(1). - I have been playing with byte order in quad_cksum to make it - compatible with MIT's version. All I can say is avid this - function if possible since MIT's output is endian dependent. - -Version 2.12 14/10/92 - Added MSDOS specific macro in ecb_encrypt which gives a %70 - speed up when the code is compiled with turbo C. - -Version 2.11 12/10/92 - Speedup in set_key (recoding of PC-1) - I now do it in 47 simple operations, down from 60. - Thanks to John Fletcher (john_fletcher at lccmail.ocf.llnl.gov) - for motivating me to look for a faster system :-) - The speedup is probably less that 1% but it is still 13 - instructions less :-). - -Version 2.10 06/10/92 - The code now works on the 64bit ETA10 and CRAY without modifications or - #defines. I believe the code should work on any machine that - defines long, int or short to be 8 bytes long. - Thanks to Shabbir J. Safdar (shabby at mentor.cc.purdue.edu) - for helping me fix the code to run on 64bit machines (he had - access to an ETA10). - Thanks also to John Fletcher - for testing the routines on a CRAY. - read_password.c has been renamed to read_passwd.c - string_to_key.c has been renamed to string2key.c - -Version 2.00 14/09/92 - Made mods so that the library should work on 64bit CPU's. - Removed all my uchar and ulong defs. To many different - versions of unix define them in their header files in too many - different combinations :-) - IRIX - Sillicon Graphics mods (mostly in read_password.c). - Thanks to Andrew Daviel (advax at erich.triumf.ca) - -Version 1.99 26/08/92 - Fixed a bug or 2 in enc_read.c - Fixed a bug in enc_write.c - Fixed a pseudo bug in fcrypt.c (very obscure). - -Version 1.98 31/07/92 - Support for the ETA10. This is a strange machine that defines - longs and ints as 8 bytes and shorts as 4 bytes. - Since I do evil things with long * that assume that they are 4 - bytes. Look in the Makefile for the option to compile for - this machine. quad_cksum appears to have problems but I - will don't have the time to fix it right now, and this is not - a function that uses DES and so will not effect the main uses - of the library. - -Version 1.97 20/05/92 eay - Fixed the Imakefile and made some changes to des.h to fix some - problems when building this package with Kerberos v 4. - -Version 1.96 18/05/92 eay - Fixed a small bug in string_to_key() where problems could - occur if des_check_key was set to true and the string - generated a weak key. - -Patch2 posted to comp.sources.misc -Version 1.95 13/05/92 eay - Added an alternative version of the D_ENCRYPT macro in - ecb_encrypt and fcrypt. Depending on the compiler, one version or the - other will be faster. This was inspired by - Dana How , and her pointers about doing the - *(ulong *)((uchar *)ptr+(value&0xfc)) - vs - ptr[value&0x3f] - to stop the C compiler doing a <<2 to convert the long array index. - -Version 1.94 05/05/92 eay - Fixed an incompatibility between my string_to_key and the MIT - version. When the key is longer than 8 chars, I was wrapping - with a different method. To use the old version, define - OLD_STR_TO_KEY in the makefile. Thanks to - viktor at newsu.shearson.com (Viktor Dukhovni). - -Version 1.93 28/04/92 eay - Fixed the VMS mods so that echo is now turned off in - read_password. Thanks again to brennan at coco.cchs.su.oz.AU. - MSDOS support added. The routines can be compiled with - Turbo C (v2.0) and MSC (v5.1). Make sure MSDOS is defined. - -Patch1 posted to comp.sources.misc -Version 1.92 13/04/92 eay - Changed D_ENCRYPT so that the rotation of R occurs outside of - the loop. This required rotating all the longs in sp.h (now - called spr.h). Thanks to Richard Outerbridge <71755.204 at CompuServe.COM> - speed.c has been changed so it will work without SIGALRM. If - times(3) is not present it will try to use ftime() instead. - -Version 1.91 08/04/92 eay - Added -E/-D options to des(1) so it can use string_to_key. - Added SVR4 mods suggested by witr at rwwa.COM - Added VMS mods suggested by brennan at coco.cchs.su.oz.AU. If - anyone knows how to turn of tty echo in VMS please tell me or - implement it yourself :-). - Changed FILE *IN/*OUT to *DES_IN/*DES_OUT since it appears VMS - does not like IN/OUT being used. - -Libdes posted to comp.sources.misc -Version 1.9 24/03/92 eay - Now contains a fast small crypt replacement. - Added des(1) command. - Added des_rw_mode so people can use cbc encryption with - enc_read and enc_write. - -Version 1.8 15/10/91 eay - Bug in cbc_cksum. - Many thanks to Keith Reynolds (keithr at sco.COM) for pointing this - one out. - -Version 1.7 24/09/91 eay - Fixed set_key :-) - set_key is 4 times faster and takes less space. - There are a few minor changes that could be made. - -Version 1.6 19/09/1991 eay - Finally go IP and FP finished. - Now I need to fix set_key. - This version is quite a bit faster that 1.51 - -Version 1.52 15/06/1991 eay - 20% speedup in ecb_encrypt by changing the E bit selection - to use 2 32bit words. This also required modification of the - sp table. There is still a way to speedup the IP and IP-1 - (hints from outer at sq.com) still working on this one :-(. - -Version 1.51 07/06/1991 eay - Faster des_encrypt by loop unrolling - Fixed bug in quad_cksum.c (thanks to hughes at logos.ucs.indiana.edu) - -Version 1.50 28/05/1991 eay - Optimised the code a bit more for the sparc. I have improved the - speed of the inner des_encrypt by speeding up the initial and - final permutations. - -Version 1.40 23/10/1990 eay - Fixed des_random_key, it did not produce a random key :-( - -Version 1.30 2/10/1990 eay - Have made des_quad_cksum the same as MIT's, the full package - should be compatible with MIT's - Have tested on a DECstation 3100 - Still need to fix des_set_key (make it faster). - Does des_cbc_encrypts at 70.5k/sec on a 3100. - -Version 1.20 18/09/1990 eay - Fixed byte order dependencies. - Fixed (I hope) all the word alignment problems. - Speedup in des_ecb_encrypt. - -Version 1.10 11/09/1990 eay - Added des_enc_read and des_enc_write. - Still need to fix des_quad_cksum. - Still need to document des_enc_read and des_enc_write. - -Version 1.00 27/08/1990 eay - diff --git a/crypto/des/cbc3_enc.c b/crypto/des/cbc3_enc.c deleted file mode 100644 index 249518a..0000000 --- a/crypto/des/cbc3_enc.c +++ /dev/null @@ -1,95 +0,0 @@ -/* crypto/des/cbc3_enc.c */ -/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay at cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh at cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay at cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include "des_locl.h" - -/* HAS BUGS! DON'T USE - this is only present for use in des.c */ -void DES_3cbc_encrypt(DES_cblock *input, DES_cblock *output, long length, - DES_key_schedule ks1, DES_key_schedule ks2, - DES_cblock *iv1, DES_cblock *iv2, int enc) -{ - int off = ((int)length - 1) / 8; - long l8 = ((length + 7) / 8) * 8; - DES_cblock niv1, niv2; - - if (enc == DES_ENCRYPT) { - DES_cbc_encrypt((unsigned char *)input, - (unsigned char *)output, length, &ks1, iv1, enc); - if (length >= sizeof(DES_cblock)) - memcpy(niv1, output[off], sizeof(DES_cblock)); - DES_cbc_encrypt((unsigned char *)output, - (unsigned char *)output, l8, &ks2, iv1, !enc); - DES_cbc_encrypt((unsigned char *)output, - (unsigned char *)output, l8, &ks1, iv2, enc); - if (length >= sizeof(DES_cblock)) - memcpy(niv2, output[off], sizeof(DES_cblock)); - } else { - if (length >= sizeof(DES_cblock)) - memcpy(niv2, input[off], sizeof(DES_cblock)); - DES_cbc_encrypt((unsigned char *)input, - (unsigned char *)output, l8, &ks1, iv2, enc); - DES_cbc_encrypt((unsigned char *)output, - (unsigned char *)output, l8, &ks2, iv1, !enc); - if (length >= sizeof(DES_cblock)) - memcpy(niv1, output[off], sizeof(DES_cblock)); - DES_cbc_encrypt((unsigned char *)output, - (unsigned char *)output, length, &ks1, iv1, enc); - } - memcpy(*iv1, niv1, sizeof(DES_cblock)); - memcpy(*iv2, niv2, sizeof(DES_cblock)); -} diff --git a/crypto/des/des-lib.com b/crypto/des/des-lib.com deleted file mode 100644 index 348f1c0..0000000 --- a/crypto/des/des-lib.com +++ /dev/null @@ -1,1005 +0,0 @@ -$! -$! DES-LIB.COM -$! Written By: Robert Byer -$! Vice-President -$! A-Com Computing, Inc. -$! byer at mail.all-net.net -$! -$! Changes by Richard Levitte -$! -$! This command files compiles and creates the -$! "[.xxx.EXE.CRYPTO.DES]LIBDES.OLB" library. The "xxx" denotes the machine -$! architecture of ALPHA, IA64 or VAX. -$! -$! It was re-written to try to determine which "C" compiler to try to use -$! or the user can specify a compiler in P3. -$! -$! Specify one of the following to build just that part, specify "ALL" to -$! just build everything. -$! -$! ALL To Just Build "Everything". -$! LIBRARY To Just Build The [.xxx.EXE.CRYPTO.DES]LIBDES.OLB Library. -$! DESTEST To Just Build The [.xxx.EXE.CRYPTO.DES]DESTEST.EXE Program. -$! SPEED To Just Build The [.xxx.EXE.CRYPTO.DES]SPEED.EXE Program. -$! RPW To Just Build The [.xxx.EXE.CRYPTO.DES]RPW.EXE Program. -$! DES To Just Build The [.xxx.EXE.CRYPTO.DES]DES.EXE Program. -$! DES_OPTS To Just Build The [.xxx.EXE.CRYPTO.DES]DES_OPTS.EXE Program. -$! -$! Specify either DEBUG or NODEBUG as P2 to compile with or without -$! debugging information. -$! -$! Specify which compiler at P3 to try to compile under. -$! -$! VAXC For VAX C. -$! DECC For DEC C. -$! GNUC For GNU C. -$! -$! If you don't speficy a compiler, it will try to determine which -$! "C" compiler to try to use. -$! -$! P4, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up) -$! -$! -$! Make sure we know what architecture we run on. -$! -$! -$! Check Which Architecture We Are Using. -$! -$ IF (F$GETSYI("CPU").LT.128) -$ THEN -$! -$! The Architecture Is VAX -$! -$ ARCH := VAX -$! -$! Else... -$! -$ ELSE -$! -$! The Architecture Is Alpha, IA64 or whatever comes in the future. -$! -$ ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE") -$ IF (ARCH .EQS. "") THEN ARCH = "UNK" -$! -$! End The Architecture Check. -$! -$ ENDIF -$! -$! Define The OBJ Directory Name. -$! -$ OBJ_DIR := SYS$DISK:[--.'ARCH'.OBJ.CRYPTO.DES] -$! -$! Define The EXE Directory Name. -$! -$ EXE_DIR :== SYS$DISK:[--.'ARCH'.EXE.CRYPTO.DES] -$! -$! Check To Make Sure We Have Valid Command Line Parameters. -$! -$ GOSUB CHECK_OPTIONS -$! -$! Tell The User What Kind of Machine We Run On. -$! -$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine." -$! -$! Check To See If The Architecture Specific OBJ Directory Exists. -$! -$ IF (F$PARSE(OBJ_DIR).EQS."") -$ THEN -$! -$! It Dosen't Exist, So Create It. -$! -$ CREATE/DIR 'OBJ_DIR' -$! -$! End The Architecture Specific OBJ Directory Check. -$! -$ ENDIF -$! -$! Check To See If The Architecture Specific Directory Exists. -$! -$ IF (F$PARSE(EXE_DIR).EQS."") -$ THEN -$! -$! It Dosen't Exist, So Create It. -$! -$ CREATE/DIR 'EXE_DIR' -$! -$! End The Architecture Specific Directory Check. -$! -$ ENDIF -$! -$! Define The Library Name. -$! -$ LIB_NAME := 'EXE_DIR'LIBDES.OLB -$! -$! Check To See What We Are To Do. -$! -$ IF (BUILDALL.EQS."TRUE") -$ THEN -$! -$! Since Nothing Special Was Specified, Do Everything. -$! -$ GOSUB LIBRARY -$ GOSUB DESTEST -$ GOSUB SPEED -$ GOSUB RPW -$ GOSUB DES -$ GOSUB DES_OPTS -$! -$! Else... -$! -$ ELSE -$! -$! Build Just What The User Wants Us To Build. -$! -$ GOSUB 'BUILDALL' -$! -$! End The BUILDALL Check. -$! -$ ENDIF -$! -$! Time To EXIT. -$! -$ EXIT -$ LIBRARY: -$! -$! Tell The User That We Are Compiling. -$! -$ WRITE SYS$OUTPUT "Compiling The ",LIB_NAME," Files." -$! -$! Check To See If We Already Have A "[.xxx.EXE.CRYPTO.DES]LIBDES.OLB" Library... -$! -$ IF (F$SEARCH(LIB_NAME).EQS."") -$ THEN -$! -$! Guess Not, Create The Library. -$! -$ LIBRARY/CREATE/OBJECT 'LIB_NAME' -$! -$! End The Library Exist Check. -$! -$ ENDIF -$! -$! Define The DES Library Files. -$! -$ LIB_DES = "set_key,ecb_enc,cbc_enc,"+ - - "ecb3_enc,cfb64enc,cfb64ede,cfb_enc,ofb64ede,"+ - - "enc_read,enc_writ,ofb64enc,"+ - - "ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ - - "des_enc,fcrypt_b,read2pwd,"+ - - "fcrypt,xcbc_enc,read_pwd,rpc_enc,cbc_cksm,supp" -$! -$! Define A File Counter And Set It To "0". -$! -$ FILE_COUNTER = 0 -$! -$! Top Of The File Loop. -$! -$ NEXT_FILE: -$! -$! O.K, Extract The File Name From The File List. -$! -$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",LIB_DES) -$! -$! Check To See If We Are At The End Of The File List. -$! -$ IF (FILE_NAME.EQS.",") THEN GOTO FILE_DONE -$! -$! Increment The Counter. -$! -$ FILE_COUNTER = FILE_COUNTER + 1 -$! -$! Create The Source File Name. -$! -$ SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME + ".C" -$! -$! Tell The User We Are Compiling The Source File. -$! -$ WRITE SYS$OUTPUT " ",FILE_NAME,".C" -$! -$! Create The Object File Name. -$! -$ OBJECT_FILE = OBJ_DIR + FILE_NAME + "." + ARCH + "OBJ" -$ ON WARNING THEN GOTO NEXT_FILE -$! -$! Check To See If The File We Want To Compile Actually Exists. -$! -$ IF (F$SEARCH(SOURCE_FILE).EQS."") -$ THEN -$! -$! Tell The User That The File Dosen't Exist. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Dosen't Exist." -$ WRITE SYS$OUTPUT "" -$! -$! Exit The Build. -$! -$ EXIT -$! -$! End The File Exists Check. -$! -$ ENDIF -$! -$! Compile The File. -$! -$ ON ERROR THEN GOTO NEXT_FILE -$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE' -$! -$! Add It To The Library. -$! -$ LIBRARY/REPLACE/OBJECT 'LIB_NAME' 'OBJECT_FILE' -$! -$! Time To Clean Up The Object File. -$! -$ DELETE 'OBJECT_FILE';* -$! -$! Go Back And Do It Again. -$! -$ GOTO NEXT_FILE -$! -$! All Done With This Library Part. -$! -$ FILE_DONE: -$! -$! Tell The User That We Are All Done. -$! -$ WRITE SYS$OUTPUT "Library ",LIB_NAME," Built." -$! -$! All Done, Time To Return. -$! -$ RETURN -$! -$! Compile The DESTEST Program. -$! -$ DESTEST: -$! -$! Check To See If We Have The Proper Libraries. -$! -$ GOSUB LIB_CHECK -$! -$! Check To See If We Have A Linker Option File. -$! -$ GOSUB CHECK_OPT_FILE -$! -$! Check To See If The File We Want To Compile Actually Exists. -$! -$ IF (F$SEARCH("SYS$DISK:[]DESTEST.C").EQS."") -$ THEN -$! -$! Tell The User That The File Dosen't Exist. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The File DESTEST.C Dosen't Exist." -$ WRITE SYS$OUTPUT "" -$! -$! Exit The Build. -$! -$ EXIT -$! -$! End The DESTEST.C File Check. -$! -$ ENDIF -$! -$! Tell The User What We Are Building. -$! -$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"DESTEST.EXE" -$! -$! Compile The DESTEST Program. -$! -$ CC/OBJECT='OBJ_DIR'DESTEST.OBJ SYS$DISK:[]DESTEST.C -$! -$! Link The DESTEST Program. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'DESTEST.EXE - - 'OBJ_DIR'DESTEST.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION -$! -$! All Done, Time To Return. -$! -$ RETURN -$! -$! Compile The SPEED Program. -$! -$ SPEED: -$! -$! Check To See If We Have The Proper Libraries. -$! -$ GOSUB LIB_CHECK -$! -$! Check To See If We Have A Linker Option File. -$! -$ GOSUB CHECK_OPT_FILE -$! -$! Check To See If The File We Want To Compile Actually Exists. -$! -$ IF (F$SEARCH("SYS$DISK:[]SPEED.C").EQS."") -$ THEN -$! -$! Tell The User That The File Dosen't Exist. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The File SPEED.C Dosen't Exist." -$ WRITE SYS$OUTPUT "" -$! -$! Exit The Build. -$! -$ EXIT -$! -$! End The SPEED.C File Check. -$! -$ ENDIF -$! -$! Tell The User What We Are Building. -$! -$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"SPEED.EXE" -$! -$! Compile The SPEED Program. -$! -$ CC/OBJECT='OBJ_DIR'SPEED.OBJ SYS$DISK:[]SPEED.C -$! -$! Link The SPEED Program. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'SPEED.EXE - - 'OBJ_DIR'SPEED.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION -$! -$! All Done, Time To Return. -$! -$ RETURN -$! -$! Compile The RPW Program. -$! -$ RPW: -$! -$! Check To See If We Have The Proper Libraries. -$! -$ GOSUB LIB_CHECK -$! -$! Check To See If We Have A Linker Option File. -$! -$ GOSUB CHECK_OPT_FILE -$! -$! Check To See If The File We Want To Compile Actually Exists. -$! -$ IF (F$SEARCH("SYS$DISK:[]RPW.C").EQS."") -$ THEN -$! -$! Tell The User That The File Dosen't Exist. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The File RPW.C Dosen't Exist." -$ WRITE SYS$OUTPUT "" -$! -$! Exit The Build. -$! -$ EXIT -$! -$! End The RPW.C File Check. -$! -$ ENDIF -$! -$! Tell The User What We Are Building. -$! -$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"RPW.EXE" -$! -$! Compile The RPW Program. -$! -$ CC/OBJECT='OBJ_DIR'RPW.OBJ SYS$DISK:[]RPW.C -$! -$! Link The RPW Program. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'RPW.EXE - - 'OBJ_DIR'RPW.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION -$! -$! All Done, Time To Return. -$! -$ RETURN -$! -$! Compile The DES Program. -$! -$ DES: -$! -$! Check To See If We Have The Proper Libraries. -$! -$ GOSUB LIB_CHECK -$! -$! Check To See If We Have A Linker Option File. -$! -$ GOSUB CHECK_OPT_FILE -$! -$! Check To See If The File We Want To Compile Actually Exists. -$! -$ IF (F$SEARCH("SYS$DISK:[]DES.C").EQS."") -$ THEN -$! -$! Tell The User That The File Dosen't Exist. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The File DES.C Dosen't Exist." -$ WRITE SYS$OUTPUT "" -$! -$! Exit The Build. -$! -$ EXIT -$! -$! End The DES.C File Check. -$! -$ ENDIF -$! -$! Tell The User What We Are Building. -$! -$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"DES.EXE" -$! -$! Compile The DES Program. -$! -$ CC/OBJECT='OBJ_DIR'DES.OBJ SYS$DISK:[]DES.C -$ CC/OBJECT='OBJ_DIR'DES.OBJ SYS$DISK:[]CBC3_ENC.C -$! -$! Link The DES Program. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'DES.EXE - - 'OBJ_DIR'DES.OBJ,'OBJ_DIR'CBC3_ENC.OBJ,- - 'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION -$! -$! All Done, Time To Return. -$! -$ RETURN -$! -$! Compile The DES_OPTS Program. -$! -$ DES_OPTS: -$! -$! Check To See If We Have The Proper Libraries. -$! -$ GOSUB LIB_CHECK -$! -$! Check To See If We Have A Linker Option File. -$! -$ GOSUB CHECK_OPT_FILE -$! -$! Check To See If The File We Want To Compile Actually Exists. -$! -$ IF (F$SEARCH("SYS$DISK:[]DES_OPTS.C").EQS."") -$ THEN -$! -$! Tell The User That The File Dosen't Exist. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The File DES_OPTS.C Dosen't Exist." -$ WRITE SYS$OUTPUT "" -$! -$! Exit The Build. -$! -$ EXIT -$! -$! End The DES_OPTS.C File Check. -$! -$ ENDIF -$! -$! Tell The User What We Are Building. -$! -$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"DES_OPTS.EXE" -$! -$! Compile The DES_OPTS Program. -$! -$ CC/OBJECT='OBJ_DIR'DES_OPTS.OBJ SYS$DISK:[]DES_OPTS.C -$! -$! Link The DES_OPTS Program. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'DES_OPTS.EXE - - 'OBJ_DIR'DES_OPTS.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION -$! -$! All Done, Time To Return. -$! -$ RETURN -$ EXIT -$! -$! Check For The Link Option FIle. -$! -$ CHECK_OPT_FILE: -$! -$! Check To See If We Need To Make A VAX C Option File. -$! -$ IF (COMPILER.EQS."VAXC") -$ THEN -$! -$! Check To See If We Already Have A VAX C Linker Option File. -$! -$ IF (F$SEARCH(OPT_FILE).EQS."") -$ THEN -$! -$! We Need A VAX C Linker Option File. -$! -$ CREATE 'OPT_FILE' -$DECK -! -! Default System Options File To Link Agianst -! The Sharable VAX C Runtime Library. -! -SYS$SHARE:VAXCRTL.EXE/SHARE -$EOD -$! -$! End The Option File Check. -$! -$ ENDIF -$! -$! End The VAXC Check. -$! -$ ENDIF -$! -$! Check To See If We Need A GNU C Option File. -$! -$ IF (COMPILER.EQS."GNUC") -$ THEN -$! -$! Check To See If We Already Have A GNU C Linker Option File. -$! -$ IF (F$SEARCH(OPT_FILE).EQS."") -$ THEN -$! -$! We Need A GNU C Linker Option File. -$! -$ CREATE 'OPT_FILE' -$DECK -! -! Default System Options File To Link Agianst -! The Sharable C Runtime Library. -! -GNU_CC:[000000]GCCLIB/LIBRARY -SYS$SHARE:VAXCRTL/SHARE -$EOD -$! -$! End The Option File Check. -$! -$ ENDIF -$! -$! End The GNU C Check. -$! -$ ENDIF -$! -$! Check To See If We Need A DEC C Option File. -$! -$ IF (COMPILER.EQS."DECC") -$ THEN -$! -$! Check To See If We Already Have A DEC C Linker Option File. -$! -$ IF (F$SEARCH(OPT_FILE).EQS."") -$ THEN -$! -$! Figure Out If We Need An non-VAX Or A VAX Linker Option File. -$! -$ IF (F$GETSYI("CPU").LT.128) -$ THEN -$! -$! We Need A DEC C Linker Option File For VAX. -$! -$ CREATE 'OPT_FILE' -$DECK -! -! Default System Options File To Link Agianst -! The Sharable DEC C Runtime Library. -! -SYS$SHARE:DECC$SHR.EXE/SHARE -$EOD -$! -$! Else... -$! -$ ELSE -$! -$! Create The non-VAX Linker Option File. -$! -$ CREATE 'OPT_FILE' -$DECK -! -! Default System Options File For non-VAX To Link Agianst -! The Sharable C Runtime Library. -! -SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE -SYS$SHARE:CMA$OPEN_RTL/SHARE -$EOD -$! -$! End The DEC C Option File Check. -$! -$ ENDIF -$! -$! End The Option File Search. -$! -$ ENDIF -$! -$! End The DEC C Check. -$! -$ ENDIF -$! -$! Tell The User What Linker Option File We Are Using. -$! -$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"." -$! -$! Time To RETURN. -$! -$ RETURN -$! -$! Library Check. -$! -$ LIB_CHECK: -$! -$! Look For The Library LIBDES.OLB. -$! -$ IF (F$SEARCH(LIB_NAME).EQS."") -$ THEN -$! -$! Tell The User We Can't Find The [.xxx.CRYPTO.DES]LIBDES.OLB Library. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "Can't Find The Library ",LIB_NAME,"." -$ WRITE SYS$OUTPUT "We Can't Link Without It." -$ WRITE SYS$OUTPUT "" -$! -$! Since We Can't Link Without It, Exit. -$! -$ EXIT -$ ENDIF -$! -$! Time To Return. -$! -$ RETURN -$! -$! Check The User's Options. -$! -$ CHECK_OPTIONS: -$! -$! Check To See If We Are To "Just Build Everything". -$! -$ IF (P1.EQS."ALL") -$ THEN -$! -$! P1 Is "ALL", So Build Everything. -$! -$ BUILDALL = "TRUE" -$! -$! Else... -$! -$ ELSE -$! -$! Else, Check To See If P1 Has A Valid Argument. -$! -$ IF (P1.EQS."LIBRARY").OR.(P1.EQS."DESTEST").OR.(P1.EQS."SPEED") - - .OR.(P1.EQS."RPW").OR.(P1.EQS."DES").OR.(P1.EQS."DES_OPTS") -$ THEN -$! -$! A Valid Argument. -$! -$ BUILDALL = P1 -$! -$! Else... -$! -$ ELSE -$! -$! Tell The User We Don't Know What They Want. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P1," Is Invalid. The Valid Options Are:" -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " ALL : Just Build Everything." -$ WRITE SYS$OUTPUT " LIBRARY : To Compile Just The [.xxx.EXE.CRYPTO.DES]LIBDES.OLB Library." -$ WRITE SYS$OUTPUT " DESTEST : To Compile Just The [.xxx.EXE.CRYPTO.DES]DESTEST.EXE Program." -$ WRITE SYS$OUTPUT " SPEED : To Compile Just The [.xxx.EXE.CRYPTO.DES]SPEED.EXE Program." -$ WRITE SYS$OUTPUT " RPW : To Compile Just The [.xxx.EXE.CRYPTO.DES]RPW.EXE Program." -$ WRITE SYS$OUTPUT " DES : To Compile Just The [.xxx.EXE.CRYPTO.DES]DES.EXE Program." -$ WRITE SYS$OUTPUT " DES_OPTS : To Compile Just The [.xxx.EXE.CRYTPO.DES]DES_OPTS.EXE Program." -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " Where 'xxx' Stands For: " -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " ALPHA : Alpha Architecture." -$ WRITE SYS$OUTPUT " IA64 : IA64 Architecture." -$ WRITE SYS$OUTPUT " VAX : VAX Architecture." -$ WRITE SYS$OUTPUT "" -$! -$! Time To EXIT. -$! -$ EXIT -$! -$! End The Valid Argument Check. -$! -$ ENDIF -$! -$! End The P1 Check. -$! -$ ENDIF -$! -$! Check To See If We Are To Compile Without Debugger Information. -$! -$ IF (P2.EQS."NODEBUG") -$ THEN -$! -$! P2 Is Blank, So Compile Without Debugger Information. -$! -$ DEBUGGER = "NODEBUG" -$ TRACEBACK = "NOTRACEBACK" -$ GCC_OPTIMIZE = "OPTIMIZE" -$ CC_OPTIMIZE = "OPTIMIZE" -$ WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile." -$ WRITE SYS$OUTPUT "Compiling With Compiler Optimization." -$! -$! Else... -$! -$ ELSE -$! -$! Check To See If We Are To Compile With Debugger Information. -$! -$ IF (P2.EQS."DEBUG") -$ THEN -$! -$! Compile With Debugger Information. -$! -$ DEBUGGER = "DEBUG" -$ TRACEBACK = "TRACEBACK" -$ GCC_OPTIMIZE = "NOOPTIMIZE" -$ CC_OPTIMIZE = "NOOPTIMIZE" -$ WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile." -$ WRITE SYS$OUTPUT "Compiling Without Compiler Optimization." -$! -$! Else... -$! -$ ELSE -$! -$! Tell The User Entered An Invalid Option.. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P2," Is Invalid. The Valid Options Are:" -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " DEBUG : Compile With The Debugger Information." -$ WRITE SYS$OUTPUT " NODEBUG : Compile Without The Debugger Information." -$ WRITE SYS$OUTPUT "" -$! -$! Time To EXIT. -$! -$ EXIT -$! -$! End The Valid Argument Check. -$! -$ ENDIF -$! -$! End The P2 Check. -$! -$ ENDIF -$! -$! Special Threads For OpenVMS v7.1 Or Later. -$! -$! Written By: Richard Levitte -$! richard at levitte.org -$! -$! -$! Check To See If We Have A Option For P4. -$! -$ IF (P4.EQS."") -$ THEN -$! -$! Get The Version Of VMS We Are Using. -$! -$ ISSEVEN := "" -$ TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION"))) -$ TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP)) -$! -$! Check To See If The VMS Version Is v7.1 Or Later. -$! -$ IF (TMP.GE.71) -$ THEN -$! -$! We Have OpenVMS v7.1 Or Later, So Use The Special Threads. -$! -$ ISSEVEN := ,PTHREAD_USE_D4 -$! -$! End The VMS Version Check. -$! -$ ENDIF -$! -$! End The P4 Check. -$! -$ ENDIF -$! -$! Check To See If P3 Is Blank. -$! -$ IF (P3.EQS."") -$ THEN -$! -$! O.K., The User Didn't Specify A Compiler, Let's Try To -$! Find Out Which One To Use. -$! -$! Check To See If We Have GNU C. -$! -$ IF (F$TRNLNM("GNU_CC").NES."") -$ THEN -$! -$! Looks Like GNUC, Set To Use GNUC. -$! -$ P3 = "GNUC" -$! -$! Else... -$! -$ ELSE -$! -$! Check To See If We Have VAXC Or DECC. -$! -$ IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."") -$ THEN -$! -$! Looks Like DECC, Set To Use DECC. -$! -$ P3 = "DECC" -$! -$! Else... -$! -$ ELSE -$! -$! Looks Like VAXC, Set To Use VAXC. -$! -$ P3 = "VAXC" -$! -$! End The VAXC Compiler Check. -$! -$ ENDIF -$! -$! End The DECC & VAXC Compiler Check. -$! -$ ENDIF -$! -$! End The Compiler Check. -$! -$ ENDIF -$! -$! Set Up Initial CC Definitions, Possibly With User Ones -$! -$ CCDEFS = "" -$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = USER_CCDEFS -$ CCEXTRAFLAGS = "" -$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS -$ CCDISABLEWARNINGS = "" -$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN - - CCDISABLEWARNINGS = USER_CCDISABLEWARNINGS -$! -$! Check To See If The User Entered A Valid Paramter. -$! -$ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC") -$ THEN -$! -$! Check To See If The User Wanted DECC. -$! -$ IF (P3.EQS."DECC") -$ THEN -$! -$! Looks Like DECC, Set To Use DECC. -$! -$ COMPILER = "DECC" -$! -$! Tell The User We Are Using DECC. -$! -$ WRITE SYS$OUTPUT "Using DECC 'C' Compiler." -$! -$! Use DECC... -$! -$ CC = "CC" -$ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" - - THEN CC = "CC/DECC" -$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + - - "/NOLIST/PREFIX=ALL" + CCEXTRAFLAGS -$! -$! Define The Linker Options File Name. -$! -$ OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT" -$! -$! End DECC Check. -$! -$ ENDIF -$! -$! Check To See If We Are To Use VAXC. -$! -$ IF (P3.EQS."VAXC") -$ THEN -$! -$! Looks Like VAXC, Set To Use VAXC. -$! -$ COMPILER = "VAXC" -$! -$! Tell The User We Are Using VAX C. -$! -$ WRITE SYS$OUTPUT "Using VAXC 'C' Compiler." -$! -$! Compile Using VAXC. -$! -$ CC = "CC" -$ IF ARCH.NES."VAX" -$ THEN -$ WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!" -$ EXIT -$ ENDIF -$ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC" -$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS -$ CCDEFS = """VAXC""," + CCDEFS -$! -$! Define As SYS$COMMON:[SYSLIB] -$! -$ DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB] -$! -$! Define The Linker Options File Name. -$! -$ OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT" -$! -$! End VAXC Check -$! -$ ENDIF -$! -$! Check To See If We Are To Use GNU C. -$! -$ IF (P3.EQS."GNUC") -$ THEN -$! -$! Looks Like GNUC, Set To Use GNUC. -$! -$ COMPILER = "GNUC" -$! -$! Tell The User We Are Using GNUC. -$! -$ WRITE SYS$OUTPUT "Using GNU 'C' Compiler." -$! -$! Use GNU C... -$! -$ CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS -$! -$! Define The Linker Options File Name. -$! -$ OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT" -$! -$! End The GNU C Check. -$! -$ ENDIF -$! -$! Set up default defines -$! -$ CCDEFS = """FLAT_INC=1""," + CCDEFS -$! -$! Finish up the definition of CC. -$! -$ IF COMPILER .EQS. "DECC" -$ THEN -$ IF CCDISABLEWARNINGS .EQS. "" -$ THEN -$ CC4DISABLEWARNINGS = "DOLLARID" -$ ELSE -$ CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID" -$ CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))" -$ ENDIF -$ CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))" -$ ELSE -$ CCDISABLEWARNINGS = "" -$ CC4DISABLEWARNINGS = "" -$ ENDIF -$ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS -$! -$! Show user the result -$! -$ WRITE SYS$OUTPUT "Main Compiling Command: ",CC -$! -$! Else The User Entered An Invalid Argument. -$! -$ ELSE -$! -$! Tell The User We Don't Know What They Want. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P3," Is Invalid. The Valid Options Are:" -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " VAXC : To Compile With VAX C." -$ WRITE SYS$OUTPUT " DECC : To Compile With DEC C." -$ WRITE SYS$OUTPUT " GNUC : To Compile With GNU C." -$ WRITE SYS$OUTPUT "" -$! -$! Time To EXIT. -$! -$ EXIT -$! -$! End The P3 Check. -$! -$ ENDIF -$! -$! Time To RETURN... -$! -$ RETURN diff --git a/crypto/des/des.h b/crypto/des/des.h index 589b73b..6bb037d 100644 --- a/crypto/des/des.h +++ b/crypto/des/des.h @@ -92,16 +92,6 @@ typedef struct DES_ks { } ks[16]; } DES_key_schedule; -# ifndef OPENSSL_DISABLE_OLD_DES_SUPPORT -# ifndef OPENSSL_ENABLE_OLD_DES_SUPPORT -# define OPENSSL_ENABLE_OLD_DES_SUPPORT -# endif -# endif - -# ifdef OPENSSL_ENABLE_OLD_DES_SUPPORT -# include -# endif - # define DES_KEY_SZ (sizeof(DES_cblock)) # define DES_SCHEDULE_SZ (sizeof(DES_key_schedule)) diff --git a/crypto/des/des.pod b/crypto/des/des.pod deleted file mode 100644 index b8daf61..0000000 --- a/crypto/des/des.pod +++ /dev/null @@ -1,219 +0,0 @@ -=pod - -=head1 NAME - -des - encrypt or decrypt data using Data Encryption Standard - -=head1 SYNOPSIS - -B -( -B<-e> -| -B<-E> -) | ( -B<-d> -| -B<-D> -) | ( -B<->[B][B] -) | -[ -B<-b3hfs> -] [ -B<-k> -I -] -] [ -B<-u>[I] -[ -I -[ -I -] ] - -=head1 NOTE - -This page describes the B stand-alone program, not the B -command. - -=head1 DESCRIPTION - -B -encrypts and decrypts data using the -Data Encryption Standard algorithm. -One of -B<-e>, B<-E> -(for encrypt) or -B<-d>, B<-D> -(for decrypt) must be specified. -It is also possible to use -B<-c> -or -B<-C> -in conjunction or instead of the a encrypt/decrypt option to generate -a 16 character hexadecimal checksum, generated via the -I. - -Two standard encryption modes are supported by the -B -program, Cipher Block Chaining (the default) and Electronic Code Book -(specified with -B<-b>). - -The key used for the DES -algorithm is obtained by prompting the user unless the -B<-k> -I -option is given. -If the key is an argument to the -B -command, it is potentially visible to users executing -ps(1) -or a derivative. To minimise this possibility, -B -takes care to destroy the key argument immediately upon entry. -If your shell keeps a history file be careful to make sure it is not -world readable. - -Since this program attempts to maintain compatibility with sunOS's -des(1) command, there are 2 different methods used to convert the user -supplied key to a des key. -Whenever and one or more of -B<-E>, B<-D>, B<-C> -or -B<-3> -options are used, the key conversion procedure will not be compatible -with the sunOS des(1) version but will use all the user supplied -character to generate the des key. -B -command reads from standard input unless -I -is specified and writes to standard output unless -I -is given. - -=head1 OPTIONS - -=over 4 - -=item B<-b> - -Select ECB -(eight bytes at a time) encryption mode. - -=item B<-3> - -Encrypt using triple encryption. -By default triple cbc encryption is used but if the -B<-b> -option is used then triple ECB encryption is performed. -If the key is less than 8 characters long, the flag has no effect. - -=item B<-e> - -Encrypt data using an 8 byte key in a manner compatible with sunOS -des(1). - -=item B<-E> - -Encrypt data using a key of nearly unlimited length (1024 bytes). -This will product a more secure encryption. - -=item B<-d> - -Decrypt data that was encrypted with the B<-e> option. - -=item B<-D> - -Decrypt data that was encrypted with the B<-E> option. - -=item B<-c> - -Generate a 16 character hexadecimal cbc checksum and output this to -stderr. -If a filename was specified after the -B<-c> -option, the checksum is output to that file. -The checksum is generated using a key generated in a sunOS compatible -manner. - -=item B<-C> - -A cbc checksum is generated in the same manner as described for the -B<-c> -option but the DES key is generated in the same manner as used for the -B<-E> -and -B<-D> -options - -=item B<-f> - -Does nothing - allowed for compatibility with sunOS des(1) command. - -=item B<-s> - -Does nothing - allowed for compatibility with sunOS des(1) command. - -=item B<-k> I - -Use the encryption -I -specified. - -=item B<-h> - -The -I -is assumed to be a 16 character hexadecimal number. -If the -B<-3> -option is used the key is assumed to be a 32 character hexadecimal -number. - -=item B<-u> - -This flag is used to read and write uuencoded files. If decrypting, -the input file is assumed to contain uuencoded, DES encrypted data. -If encrypting, the characters following the B<-u> are used as the name of -the uuencoded file to embed in the begin line of the uuencoded -output. If there is no name specified after the B<-u>, the name text.des -will be embedded in the header. - -=back - -=head1 SEE ALSO - -ps(1), -L - -=head1 BUGS - -The problem with using the -B<-e> -option is the short key length. -It would be better to use a real 56-bit key rather than an -ASCII-based 56-bit pattern. Knowing that the key was derived from ASCII -radically reduces the time necessary for a brute-force cryptographic attack. -My attempt to remove this problem is to add an alternative text-key to -DES-key function. This alternative function (accessed via -B<-E>, B<-D>, B<-S> -and -B<-3>) -uses DES to help generate the key. - -Be carefully when using the B<-u> option. Doing B I will -not decrypt filename (the B<-u> option will gobble the B<-d> option). - -The VMS operating system operates in a world where files are always a -multiple of 512 bytes. This causes problems when encrypted data is -send from Unix to VMS since a 88 byte file will suddenly be padded -with 424 null bytes. To get around this problem, use the B<-u> option -to uuencode the data before it is send to the VMS system. - -=head1 AUTHOR - -Eric Young (eay at cryptsoft.com) - -=cut diff --git a/crypto/des/des3s.cpp b/crypto/des/des3s.cpp deleted file mode 100644 index 02d527c..0000000 --- a/crypto/des/des3s.cpp +++ /dev/null @@ -1,67 +0,0 @@ -// -// gettsc.inl -// -// gives access to the Pentium's (secret) cycle counter -// -// This software was written by Leonard Janke (janke at unixg.ubc.ca) -// in 1996-7 and is entered, by him, into the public domain. - -#if defined(__WATCOMC__) -void GetTSC(unsigned long&); -#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax]; -#elif defined(__GNUC__) -inline -void GetTSC(unsigned long& tsc) -{ - asm volatile(".byte 15, 49\n\t" - : "=eax" (tsc) - : - : "%edx", "%eax"); -} -#elif defined(_MSC_VER) -inline -void GetTSC(unsigned long& tsc) -{ - unsigned long a; - __asm _emit 0fh - __asm _emit 31h - __asm mov a, eax; - tsc=a; -} -#endif - -#include -#include -#include - -void main(int argc,char *argv[]) - { - des_key_schedule key1,key2,key3; - unsigned long s1,s2,e1,e2; - unsigned long data[2]; - int i,j; - - for (j=0; j<6; j++) - { - for (i=0; i<1000; i++) /**/ - { - des_encrypt3(&data[0],key1,key2,key3); - GetTSC(s1); - des_encrypt3(&data[0],key1,key2,key3); - des_encrypt3(&data[0],key1,key2,key3); - des_encrypt3(&data[0],key1,key2,key3); - GetTSC(e1); - GetTSC(s2); - des_encrypt3(&data[0],key1,key2,key3); - des_encrypt3(&data[0],key1,key2,key3); - des_encrypt3(&data[0],key1,key2,key3); - des_encrypt3(&data[0],key1,key2,key3); - GetTSC(e2); - des_encrypt3(&data[0],key1,key2,key3); - } - - printf("des %d %d (%d)\n", - e1-s1,e2-s2,((e2-s2)-(e1-s1))); - } - } - diff --git a/crypto/des/des_old.c b/crypto/des/des_old.c deleted file mode 100644 index 6bd88db..0000000 --- a/crypto/des/des_old.c +++ /dev/null @@ -1,335 +0,0 @@ -/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */ - -/*- - * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING - * - * The function names in here are deprecated and are only present to - * provide an interface compatible with libdes. OpenSSL now provides - * functions where "des_" has been replaced with "DES_" in the names, - * to make it possible to make incompatible changes that are needed - * for C type security and other stuff. - * - * Please consider starting to use the DES_ functions rather than the - * des_ ones. The des_ functions will dissapear completely before - * OpenSSL 1.0! - * - * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING - */ - -/* - * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project - * 2001. - */ -/* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core at openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay at cryptsoft.com). This product includes software written by Tim - * Hudson (tjh at cryptsoft.com). - * - */ - -#define OPENSSL_DES_LIBDES_COMPATIBILITY -#include -#include - -const char *_ossl_old_des_options(void) -{ - return DES_options(); -} - -void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input, - _ossl_old_des_cblock *output, - des_key_schedule ks1, des_key_schedule ks2, - des_key_schedule ks3, int enc) -{ - DES_ecb3_encrypt((const_DES_cblock *)input, output, - (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, - (DES_key_schedule *)ks3, enc); -} - -DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input, - _ossl_old_des_cblock *output, long length, - des_key_schedule schedule, - _ossl_old_des_cblock *ivec) -{ - return DES_cbc_cksum((unsigned char *)input, output, length, - (DES_key_schedule *)schedule, ivec); -} - -void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input, - _ossl_old_des_cblock *output, long length, - des_key_schedule schedule, - _ossl_old_des_cblock *ivec, int enc) -{ - DES_cbc_encrypt((unsigned char *)input, (unsigned char *)output, - length, (DES_key_schedule *)schedule, ivec, enc); -} - -void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input, - _ossl_old_des_cblock *output, long length, - des_key_schedule schedule, - _ossl_old_des_cblock *ivec, int enc) -{ - DES_ncbc_encrypt((unsigned char *)input, (unsigned char *)output, - length, (DES_key_schedule *)schedule, ivec, enc); -} - -void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input, - _ossl_old_des_cblock *output, long length, - des_key_schedule schedule, - _ossl_old_des_cblock *ivec, - _ossl_old_des_cblock *inw, - _ossl_old_des_cblock *outw, int enc) -{ - DES_xcbc_encrypt((unsigned char *)input, (unsigned char *)output, - length, (DES_key_schedule *)schedule, ivec, inw, outw, - enc); -} - -void _ossl_old_des_cfb_encrypt(unsigned char *in, unsigned char *out, - int numbits, long length, - des_key_schedule schedule, - _ossl_old_des_cblock *ivec, int enc) -{ - DES_cfb_encrypt(in, out, numbits, length, - (DES_key_schedule *)schedule, ivec, enc); -} - -void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input, - _ossl_old_des_cblock *output, - des_key_schedule ks, int enc) -{ - DES_ecb_encrypt(input, output, (DES_key_schedule *)ks, enc); -} - -void _ossl_old_des_encrypt(DES_LONG *data, des_key_schedule ks, int enc) -{ - DES_encrypt1(data, (DES_key_schedule *)ks, enc); -} - -void _ossl_old_des_encrypt2(DES_LONG *data, des_key_schedule ks, int enc) -{ - DES_encrypt2(data, (DES_key_schedule *)ks, enc); -} - -void _ossl_old_des_encrypt3(DES_LONG *data, des_key_schedule ks1, - des_key_schedule ks2, des_key_schedule ks3) -{ - DES_encrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, - (DES_key_schedule *)ks3); -} - -void _ossl_old_des_decrypt3(DES_LONG *data, des_key_schedule ks1, - des_key_schedule ks2, des_key_schedule ks3) -{ - DES_decrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, - (DES_key_schedule *)ks3); -} - -void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, - _ossl_old_des_cblock *output, long length, - des_key_schedule ks1, - des_key_schedule ks2, - des_key_schedule ks3, - _ossl_old_des_cblock *ivec, int enc) -{ - DES_ede3_cbc_encrypt((unsigned char *)input, (unsigned char *)output, - length, (DES_key_schedule *)ks1, - (DES_key_schedule *)ks2, (DES_key_schedule *)ks3, - ivec, enc); -} - -void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out, - long length, des_key_schedule ks1, - des_key_schedule ks2, - des_key_schedule ks3, - _ossl_old_des_cblock *ivec, int *num, - int enc) -{ - DES_ede3_cfb64_encrypt(in, out, length, - (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, - (DES_key_schedule *)ks3, ivec, num, enc); -} - -void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out, - long length, des_key_schedule ks1, - des_key_schedule ks2, - des_key_schedule ks3, - _ossl_old_des_cblock *ivec, int *num) -{ - DES_ede3_ofb64_encrypt(in, out, length, - (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, - (DES_key_schedule *)ks3, ivec, num); -} - -int _ossl_old_des_enc_read(int fd, char *buf, int len, des_key_schedule sched, - _ossl_old_des_cblock *iv) -{ - return DES_enc_read(fd, buf, len, (DES_key_schedule *)sched, iv); -} - -int _ossl_old_des_enc_write(int fd, char *buf, int len, - des_key_schedule sched, _ossl_old_des_cblock *iv) -{ - return DES_enc_write(fd, buf, len, (DES_key_schedule *)sched, iv); -} - -char *_ossl_old_des_fcrypt(const char *buf, const char *salt, char *ret) -{ - return DES_fcrypt(buf, salt, ret); -} - -char *_ossl_old_des_crypt(const char *buf, const char *salt) -{ - return DES_crypt(buf, salt); -} - -char *_ossl_old_crypt(const char *buf, const char *salt) -{ - return DES_crypt(buf, salt); -} - -void _ossl_old_des_ofb_encrypt(unsigned char *in, unsigned char *out, - int numbits, long length, - des_key_schedule schedule, - _ossl_old_des_cblock *ivec) -{ - DES_ofb_encrypt(in, out, numbits, length, (DES_key_schedule *)schedule, - ivec); -} - -void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input, - _ossl_old_des_cblock *output, long length, - des_key_schedule schedule, - _ossl_old_des_cblock *ivec, int enc) -{ - DES_pcbc_encrypt((unsigned char *)input, (unsigned char *)output, - length, (DES_key_schedule *)schedule, ivec, enc); -} - -DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input, - _ossl_old_des_cblock *output, long length, - int out_count, _ossl_old_des_cblock *seed) -{ - return DES_quad_cksum((unsigned char *)input, output, length, - out_count, seed); -} - -void _ossl_old_des_random_seed(_ossl_old_des_cblock key) -{ - RAND_seed(key, sizeof(_ossl_old_des_cblock)); -} - -void _ossl_old_des_random_key(_ossl_old_des_cblock ret) -{ - DES_random_key((DES_cblock *)ret); -} - -int _ossl_old_des_read_password(_ossl_old_des_cblock *key, const char *prompt, - int verify) -{ - return DES_read_password(key, prompt, verify); -} - -int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1, - _ossl_old_des_cblock *key2, - const char *prompt, int verify) -{ - return DES_read_2passwords(key1, key2, prompt, verify); -} - -void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key) -{ - DES_set_odd_parity(key); -} - -int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key) -{ - return DES_is_weak_key(key); -} - -int _ossl_old_des_set_key(_ossl_old_des_cblock *key, - des_key_schedule schedule) -{ - return DES_set_key(key, (DES_key_schedule *)schedule); -} - -int _ossl_old_des_key_sched(_ossl_old_des_cblock *key, - des_key_schedule schedule) -{ - return DES_key_sched(key, (DES_key_schedule *)schedule); -} - -void _ossl_old_des_string_to_key(char *str, _ossl_old_des_cblock *key) -{ - DES_string_to_key(str, key); -} - -void _ossl_old_des_string_to_2keys(char *str, _ossl_old_des_cblock *key1, - _ossl_old_des_cblock *key2) -{ - DES_string_to_2keys(str, key1, key2); -} - -void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, - long length, des_key_schedule schedule, - _ossl_old_des_cblock *ivec, int *num, - int enc) -{ - DES_cfb64_encrypt(in, out, length, (DES_key_schedule *)schedule, - ivec, num, enc); -} - -void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, - long length, des_key_schedule schedule, - _ossl_old_des_cblock *ivec, int *num) -{ - DES_ofb64_encrypt(in, out, length, (DES_key_schedule *)schedule, - ivec, num); -} diff --git a/crypto/des/des_old.h b/crypto/des/des_old.h deleted file mode 100644 index 998ac09..0000000 --- a/crypto/des/des_old.h +++ /dev/null @@ -1,477 +0,0 @@ -/* crypto/des/des_old.h -*- mode:C; c-file-style: "eay" -*- */ - -/*- - * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING - * - * The function names in here are deprecated and are only present to - * provide an interface compatible with openssl 0.9.6 and older as - * well as libdes. OpenSSL now provides functions where "des_" has - * been replaced with "DES_" in the names, to make it possible to - * make incompatible changes that are needed for C type security and - * other stuff. - * - * This include files has two compatibility modes: - * - * - If OPENSSL_DES_LIBDES_COMPATIBILITY is defined, you get an API - * that is compatible with libdes and SSLeay. - * - If OPENSSL_DES_LIBDES_COMPATIBILITY isn't defined, you get an - * API that is compatible with OpenSSL 0.9.5x to 0.9.6x. - * - * Note that these modes break earlier snapshots of OpenSSL, where - * libdes compatibility was the only available mode or (later on) the - * prefered compatibility mode. However, after much consideration - * (and more or less violent discussions with external parties), it - * was concluded that OpenSSL should be compatible with earlier versions - * of itself before anything else. Also, in all honesty, libdes is - * an old beast that shouldn't really be used any more. - * - * Please consider starting to use the DES_ functions rather than the - * des_ ones. The des_ functions will disappear completely before - * OpenSSL 1.0! - * - * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING - */ - -/* - * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project - * 2001. - */ -/* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core at openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay at cryptsoft.com). This product includes software written by Tim - * Hudson (tjh at cryptsoft.com). - * - */ - -#ifndef HEADER_DES_H -# define HEADER_DES_H - -# include /* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG */ - -# ifdef OPENSSL_NO_DES -# error DES is disabled. -# endif - -# ifndef HEADER_NEW_DES_H -# error You must include des.h, not des_old.h directly. -# endif - -# ifdef _KERBEROS_DES_H -# error replaces . -# endif - -# include - -# ifdef OPENSSL_BUILD_SHLIBCRYPTO -# undef OPENSSL_EXTERN -# define OPENSSL_EXTERN OPENSSL_EXPORT -# endif - -#ifdef __cplusplus -extern "C" { -#endif - -# ifdef _ -# undef _ -# endif - -typedef unsigned char _ossl_old_des_cblock[8]; -typedef struct _ossl_old_des_ks_struct { - union { - _ossl_old_des_cblock _; - /* - * make sure things are correct size on machines with 8 byte longs - */ - DES_LONG pad[2]; - } ks; -} _ossl_old_des_key_schedule[16]; - -# ifndef OPENSSL_DES_LIBDES_COMPATIBILITY -# define des_cblock DES_cblock -# define const_des_cblock const_DES_cblock -# define des_key_schedule DES_key_schedule -# define des_ecb3_encrypt(i,o,k1,k2,k3,e)\ - DES_ecb3_encrypt((i),(o),&(k1),&(k2),&(k3),(e)) -# define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\ - DES_ede3_cbc_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(e)) -# define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\ - DES_ede3_cfb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n),(e)) -# define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\ - DES_ede3_ofb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n)) -# define des_options()\ - DES_options() -# define des_cbc_cksum(i,o,l,k,iv)\ - DES_cbc_cksum((i),(o),(l),&(k),(iv)) -# define des_cbc_encrypt(i,o,l,k,iv,e)\ - DES_cbc_encrypt((i),(o),(l),&(k),(iv),(e)) -# define des_ncbc_encrypt(i,o,l,k,iv,e)\ - DES_ncbc_encrypt((i),(o),(l),&(k),(iv),(e)) -# define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\ - DES_xcbc_encrypt((i),(o),(l),&(k),(iv),(inw),(outw),(e)) -# define des_cfb_encrypt(i,o,n,l,k,iv,e)\ - DES_cfb_encrypt((i),(o),(n),(l),&(k),(iv),(e)) -# define des_ecb_encrypt(i,o,k,e)\ - DES_ecb_encrypt((i),(o),&(k),(e)) -# define des_encrypt1(d,k,e)\ - DES_encrypt1((d),&(k),(e)) -# define des_encrypt2(d,k,e)\ - DES_encrypt2((d),&(k),(e)) -# define des_encrypt3(d,k1,k2,k3)\ - DES_encrypt3((d),&(k1),&(k2),&(k3)) -# define des_decrypt3(d,k1,k2,k3)\ - DES_decrypt3((d),&(k1),&(k2),&(k3)) -# define des_xwhite_in2out(k,i,o)\ - DES_xwhite_in2out((k),(i),(o)) -# define des_enc_read(f,b,l,k,iv)\ - DES_enc_read((f),(b),(l),&(k),(iv)) -# define des_enc_write(f,b,l,k,iv)\ - DES_enc_write((f),(b),(l),&(k),(iv)) -# define des_fcrypt(b,s,r)\ - DES_fcrypt((b),(s),(r)) -# define des_ofb_encrypt(i,o,n,l,k,iv)\ - DES_ofb_encrypt((i),(o),(n),(l),&(k),(iv)) -# define des_pcbc_encrypt(i,o,l,k,iv,e)\ - DES_pcbc_encrypt((i),(o),(l),&(k),(iv),(e)) -# define des_quad_cksum(i,o,l,c,s)\ - DES_quad_cksum((i),(o),(l),(c),(s)) -# define des_random_seed(k)\ - _ossl_096_des_random_seed((k)) -# define des_random_key(r)\ - DES_random_key((r)) -# define des_read_password(k,p,v) \ - DES_read_password((k),(p),(v)) -# define des_read_2passwords(k1,k2,p,v) \ - DES_read_2passwords((k1),(k2),(p),(v)) -# define des_set_odd_parity(k)\ - DES_set_odd_parity((k)) -# define des_check_key_parity(k)\ - DES_check_key_parity((k)) -# define des_is_weak_key(k)\ - DES_is_weak_key((k)) -# define des_set_key(k,ks)\ - DES_set_key((k),&(ks)) -# define des_key_sched(k,ks)\ - DES_key_sched((k),&(ks)) -# define des_set_key_checked(k,ks)\ - DES_set_key_checked((k),&(ks)) -# define des_set_key_unchecked(k,ks)\ - DES_set_key_unchecked((k),&(ks)) -# define des_string_to_key(s,k)\ - DES_string_to_key((s),(k)) -# define des_string_to_2keys(s,k1,k2)\ - DES_string_to_2keys((s),(k1),(k2)) -# define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\ - DES_cfb64_encrypt((i),(o),(l),&(ks),(iv),(n),(e)) -# define des_ofb64_encrypt(i,o,l,ks,iv,n)\ - DES_ofb64_encrypt((i),(o),(l),&(ks),(iv),(n)) - -# define des_ecb2_encrypt(i,o,k1,k2,e) \ - des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) - -# define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ - des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) - -# define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ - des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) - -# define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ - des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) - -# define des_check_key DES_check_key -# define des_rw_mode DES_rw_mode -# else /* libdes compatibility */ -/* - * Map all symbol names to _ossl_old_des_* form, so we avoid all clashes with - * libdes - */ -# define des_cblock _ossl_old_des_cblock -# define des_key_schedule _ossl_old_des_key_schedule -# define des_ecb3_encrypt(i,o,k1,k2,k3,e)\ - _ossl_old_des_ecb3_encrypt((i),(o),(k1),(k2),(k3),(e)) -# define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\ - _ossl_old_des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(e)) -# define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\ - _ossl_old_des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n),(e)) -# define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\ - _ossl_old_des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n)) -# define des_options()\ - _ossl_old_des_options() -# define des_cbc_cksum(i,o,l,k,iv)\ - _ossl_old_des_cbc_cksum((i),(o),(l),(k),(iv)) -# define des_cbc_encrypt(i,o,l,k,iv,e)\ - _ossl_old_des_cbc_encrypt((i),(o),(l),(k),(iv),(e)) -# define des_ncbc_encrypt(i,o,l,k,iv,e)\ - _ossl_old_des_ncbc_encrypt((i),(o),(l),(k),(iv),(e)) -# define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\ - _ossl_old_des_xcbc_encrypt((i),(o),(l),(k),(iv),(inw),(outw),(e)) -# define des_cfb_encrypt(i,o,n,l,k,iv,e)\ - _ossl_old_des_cfb_encrypt((i),(o),(n),(l),(k),(iv),(e)) -# define des_ecb_encrypt(i,o,k,e)\ - _ossl_old_des_ecb_encrypt((i),(o),(k),(e)) -# define des_encrypt(d,k,e)\ - _ossl_old_des_encrypt((d),(k),(e)) -# define des_encrypt2(d,k,e)\ - _ossl_old_des_encrypt2((d),(k),(e)) -# define des_encrypt3(d,k1,k2,k3)\ - _ossl_old_des_encrypt3((d),(k1),(k2),(k3)) -# define des_decrypt3(d,k1,k2,k3)\ - _ossl_old_des_decrypt3((d),(k1),(k2),(k3)) -# define des_xwhite_in2out(k,i,o)\ - _ossl_old_des_xwhite_in2out((k),(i),(o)) -# define des_enc_read(f,b,l,k,iv)\ - _ossl_old_des_enc_read((f),(b),(l),(k),(iv)) -# define des_enc_write(f,b,l,k,iv)\ - _ossl_old_des_enc_write((f),(b),(l),(k),(iv)) -# define des_fcrypt(b,s,r)\ - _ossl_old_des_fcrypt((b),(s),(r)) -# define des_crypt(b,s)\ - _ossl_old_des_crypt((b),(s)) -# define des_ofb_encrypt(i,o,n,l,k,iv)\ - _ossl_old_des_ofb_encrypt((i),(o),(n),(l),(k),(iv)) -# define des_pcbc_encrypt(i,o,l,k,iv,e)\ - _ossl_old_des_pcbc_encrypt((i),(o),(l),(k),(iv),(e)) -# define des_quad_cksum(i,o,l,c,s)\ - _ossl_old_des_quad_cksum((i),(o),(l),(c),(s)) -# define des_random_seed(k)\ - _ossl_old_des_random_seed((k)) -# define des_random_key(r)\ - _ossl_old_des_random_key((r)) -# define des_read_password(k,p,v) \ - _ossl_old_des_read_password((k),(p),(v)) -# define des_read_2passwords(k1,k2,p,v) \ - _ossl_old_des_read_2passwords((k1),(k2),(p),(v)) -# define des_set_odd_parity(k)\ - _ossl_old_des_set_odd_parity((k)) -# define des_is_weak_key(k)\ - _ossl_old_des_is_weak_key((k)) -# define des_set_key(k,ks)\ - _ossl_old_des_set_key((k),(ks)) -# define des_key_sched(k,ks)\ - _ossl_old_des_key_sched((k),(ks)) -# define des_string_to_key(s,k)\ - _ossl_old_des_string_to_key((s),(k)) -# define des_string_to_2keys(s,k1,k2)\ - _ossl_old_des_string_to_2keys((s),(k1),(k2)) -# define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\ - _ossl_old_des_cfb64_encrypt((i),(o),(l),(ks),(iv),(n),(e)) -# define des_ofb64_encrypt(i,o,l,ks,iv,n)\ - _ossl_old_des_ofb64_encrypt((i),(o),(l),(ks),(iv),(n)) - -# define des_ecb2_encrypt(i,o,k1,k2,e) \ - des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) - -# define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ - des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) - -# define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ - des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) - -# define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ - des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) - -# define des_check_key DES_check_key -# define des_rw_mode DES_rw_mode -# endif - -const char *_ossl_old_des_options(void); -void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input, - _ossl_old_des_cblock *output, - _ossl_old_des_key_schedule ks1, - _ossl_old_des_key_schedule ks2, - _ossl_old_des_key_schedule ks3, int enc); -DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input, - _ossl_old_des_cblock *output, long length, - _ossl_old_des_key_schedule schedule, - _ossl_old_des_cblock *ivec); -void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input, - _ossl_old_des_cblock *output, long length, - _ossl_old_des_key_schedule schedule, - _ossl_old_des_cblock *ivec, int enc); -void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input, - _ossl_old_des_cblock *output, long length, - _ossl_old_des_key_schedule schedule, - _ossl_old_des_cblock *ivec, int enc); -void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input, - _ossl_old_des_cblock *output, long length, - _ossl_old_des_key_schedule schedule, - _ossl_old_des_cblock *ivec, - _ossl_old_des_cblock *inw, - _ossl_old_des_cblock *outw, int enc); -void _ossl_old_des_cfb_encrypt(unsigned char *in, unsigned char *out, - int numbits, long length, - _ossl_old_des_key_schedule schedule, - _ossl_old_des_cblock *ivec, int enc); -void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input, - _ossl_old_des_cblock *output, - _ossl_old_des_key_schedule ks, int enc); -void _ossl_old_des_encrypt(DES_LONG *data, _ossl_old_des_key_schedule ks, - int enc); -void _ossl_old_des_encrypt2(DES_LONG *data, _ossl_old_des_key_schedule ks, - int enc); -void _ossl_old_des_encrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1, - _ossl_old_des_key_schedule ks2, - _ossl_old_des_key_schedule ks3); -void _ossl_old_des_decrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1, - _ossl_old_des_key_schedule ks2, - _ossl_old_des_key_schedule ks3); -void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, - _ossl_old_des_cblock *output, long length, - _ossl_old_des_key_schedule ks1, - _ossl_old_des_key_schedule ks2, - _ossl_old_des_key_schedule ks3, - _ossl_old_des_cblock *ivec, int enc); -void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out, - long length, - _ossl_old_des_key_schedule ks1, - _ossl_old_des_key_schedule ks2, - _ossl_old_des_key_schedule ks3, - _ossl_old_des_cblock *ivec, int *num, - int enc); -void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out, - long length, - _ossl_old_des_key_schedule ks1, - _ossl_old_des_key_schedule ks2, - _ossl_old_des_key_schedule ks3, - _ossl_old_des_cblock *ivec, int *num); -int _ossl_old_des_enc_read(int fd, char *buf, int len, - _ossl_old_des_key_schedule sched, - _ossl_old_des_cblock *iv); -int _ossl_old_des_enc_write(int fd, char *buf, int len, - _ossl_old_des_key_schedule sched, - _ossl_old_des_cblock *iv); -char *_ossl_old_des_fcrypt(const char *buf, const char *salt, char *ret); -char *_ossl_old_des_crypt(const char *buf, const char *salt); -# if !defined(PERL5) -char *_ossl_old_crypt(const char *buf, const char *salt); -# endif -void _ossl_old_des_ofb_encrypt(unsigned char *in, unsigned char *out, - int numbits, long length, - _ossl_old_des_key_schedule schedule, - _ossl_old_des_cblock *ivec); -void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input, - _ossl_old_des_cblock *output, long length, - _ossl_old_des_key_schedule schedule, - _ossl_old_des_cblock *ivec, int enc); -DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input, - _ossl_old_des_cblock *output, long length, - int out_count, _ossl_old_des_cblock *seed); -void _ossl_old_des_random_seed(_ossl_old_des_cblock key); -void _ossl_old_des_random_key(_ossl_old_des_cblock ret); -int _ossl_old_des_read_password(_ossl_old_des_cblock *key, const char *prompt, - int verify); -int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1, - _ossl_old_des_cblock *key2, - const char *prompt, int verify); -void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key); -int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key); -int _ossl_old_des_set_key(_ossl_old_des_cblock *key, - _ossl_old_des_key_schedule schedule); -int _ossl_old_des_key_sched(_ossl_old_des_cblock *key, - _ossl_old_des_key_schedule schedule); -void _ossl_old_des_string_to_key(char *str, _ossl_old_des_cblock *key); -void _ossl_old_des_string_to_2keys(char *str, _ossl_old_des_cblock *key1, - _ossl_old_des_cblock *key2); -void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, - long length, - _ossl_old_des_key_schedule schedule, - _ossl_old_des_cblock *ivec, int *num, - int enc); -void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, - long length, - _ossl_old_des_key_schedule schedule, - _ossl_old_des_cblock *ivec, int *num); - -void _ossl_096_des_random_seed(des_cblock *key); - -/* - * The following definitions provide compatibility with the MIT Kerberos - * library. The _ossl_old_des_key_schedule structure is not binary - * compatible. - */ - -# define _KERBEROS_DES_H - -# define KRBDES_ENCRYPT DES_ENCRYPT -# define KRBDES_DECRYPT DES_DECRYPT - -# ifdef KERBEROS -# define ENCRYPT DES_ENCRYPT -# define DECRYPT DES_DECRYPT -# endif - -# ifndef NCOMPAT -# define C_Block des_cblock -# define Key_schedule des_key_schedule -# define KEY_SZ DES_KEY_SZ -# define string_to_key des_string_to_key -# define read_pw_string des_read_pw_string -# define random_key des_random_key -# define pcbc_encrypt des_pcbc_encrypt -# define set_key des_set_key -# define key_sched des_key_sched -# define ecb_encrypt des_ecb_encrypt -# define cbc_encrypt des_cbc_encrypt -# define ncbc_encrypt des_ncbc_encrypt -# define xcbc_encrypt des_xcbc_encrypt -# define cbc_cksum des_cbc_cksum -# define quad_cksum des_quad_cksum -# define check_parity des_check_key_parity -# endif - -# define des_fixup_key_parity DES_fixup_key_parity - -#ifdef __cplusplus -} -#endif - -/* for DES_read_pw_string et al */ -# include - -#endif diff --git a/crypto/des/des_old2.c b/crypto/des/des_old2.c deleted file mode 100644 index f7d28a6..0000000 --- a/crypto/des/des_old2.c +++ /dev/null @@ -1,80 +0,0 @@ -/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */ - -/* - * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING The - * function names in here are deprecated and are only present to provide an - * interface compatible with OpenSSL 0.9.6c. OpenSSL now provides functions - * where "des_" has been replaced with "DES_" in the names, to make it - * possible to make incompatible changes that are needed for C type security - * and other stuff. Please consider starting to use the DES_ functions - * rather than the des_ ones. The des_ functions will dissapear completely - * before OpenSSL 1.0! WARNING WARNING WARNING WARNING WARNING WARNING - * WARNING WARNING - */ - -/* - * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project - * 2001. - */ -/* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core at openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay at cryptsoft.com). This product includes software written by Tim - * Hudson (tjh at cryptsoft.com). - * - */ - -#undef OPENSSL_DES_LIBDES_COMPATIBILITY -#include -#include - -void _ossl_096_des_random_seed(DES_cblock *key) -{ - RAND_seed(key, sizeof(DES_cblock)); -} diff --git a/crypto/des/dess.cpp b/crypto/des/dess.cpp deleted file mode 100644 index 5549bab..0000000 --- a/crypto/des/dess.cpp +++ /dev/null @@ -1,67 +0,0 @@ -// -// gettsc.inl -// -// gives access to the Pentium's (secret) cycle counter -// -// This software was written by Leonard Janke (janke at unixg.ubc.ca) -// in 1996-7 and is entered, by him, into the public domain. - -#if defined(__WATCOMC__) -void GetTSC(unsigned long&); -#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax]; -#elif defined(__GNUC__) -inline -void GetTSC(unsigned long& tsc) -{ - asm volatile(".byte 15, 49\n\t" - : "=eax" (tsc) - : - : "%edx", "%eax"); -} -#elif defined(_MSC_VER) -inline -void GetTSC(unsigned long& tsc) -{ - unsigned long a; - __asm _emit 0fh - __asm _emit 31h - __asm mov a, eax; - tsc=a; -} -#endif - -#include -#include -#include - -void main(int argc,char *argv[]) - { - des_key_schedule key; - unsigned long s1,s2,e1,e2; - unsigned long data[2]; - int i,j; - - for (j=0; j<6; j++) - { - for (i=0; i<1000; i++) /**/ - { - des_encrypt1(&data[0],key,1); - GetTSC(s1); - des_encrypt1(&data[0],key,1); - des_encrypt1(&data[0],key,1); - des_encrypt1(&data[0],key,1); - GetTSC(e1); - GetTSC(s2); - des_encrypt1(&data[0],key,1); - des_encrypt1(&data[0],key,1); - des_encrypt1(&data[0],key,1); - des_encrypt1(&data[0],key,1); - GetTSC(e2); - des_encrypt1(&data[0],key,1); - } - - printf("des %d %d (%d)\n", - e1-s1,e2-s2,((e2-s2)-(e1-s1))); - } - } - diff --git a/crypto/des/destest.c b/crypto/des/destest.c index 14f4dfe..406e6de 100644 --- a/crypto/des/destest.c +++ b/crypto/des/destest.c @@ -357,8 +357,8 @@ int main(int argc, char *argv[]) { int j, err = 0; unsigned int i; - des_cblock in, out, outin, iv3; - des_key_schedule ks, ks2, ks3; + DES_cblock in, out, outin, iv3; + DES_key_schedule ks, ks2, ks3; unsigned char cbc_in[40]; unsigned char cbc_out[40]; DES_LONG cs; @@ -373,8 +373,8 @@ int main(int argc, char *argv[]) memcpy(in, plain_data[i], 8); memset(out, 0, 8); memset(outin, 0, 8); - des_ecb_encrypt(&in, &out, ks, DES_ENCRYPT); - des_ecb_encrypt(&out, &outin, ks, DES_DECRYPT); + DES_ecb_encrypt(&in, &out, &ks, DES_ENCRYPT); + DES_ecb_encrypt(&out, &outin, &ks, DES_DECRYPT); if (memcmp(out, cipher_data[i], 8) != 0) { printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n", @@ -398,8 +398,8 @@ int main(int argc, char *argv[]) memcpy(in, plain_data[i], 8); memset(out, 0, 8); memset(outin, 0, 8); - des_ecb2_encrypt(&in, &out, ks, ks2, DES_ENCRYPT); - des_ecb2_encrypt(&out, &outin, ks, ks2, DES_DECRYPT); + DES_ecb3_encrypt(&in,&out,&ks,&ks2,&ks,DES_ENCRYPT); + DES_ecb3_encrypt(&out,&outin,&ks,&ks2,&ks,DES_DECRYPT); if (memcmp(out, cipher_ecb2[i], 8) != 0) { printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n", @@ -423,7 +423,7 @@ int main(int argc, char *argv[]) memset(cbc_out, 0, 40); memset(cbc_in, 0, 40); memcpy(iv3, cbc_iv, sizeof(cbc_iv)); - des_ncbc_encrypt(cbc_data, cbc_out, strlen((char *)cbc_data) + 1, ks, + DES_ncbc_encrypt(cbc_data, cbc_out, strlen((char *)cbc_data) + 1, &ks, &iv3, DES_ENCRYPT); if (memcmp(cbc_out, cbc_ok, 32) != 0) { printf("cbc_encrypt encrypt error\n"); @@ -431,7 +431,7 @@ int main(int argc, char *argv[]) } memcpy(iv3, cbc_iv, sizeof(cbc_iv)); - des_ncbc_encrypt(cbc_out, cbc_in, strlen((char *)cbc_data) + 1, ks, + DES_ncbc_encrypt(cbc_out, cbc_in, strlen((char *)cbc_data) + 1, &ks, &iv3, DES_DECRYPT); if (memcmp(cbc_in, cbc_data, strlen((char *)cbc_data)) != 0) { printf("cbc_encrypt decrypt error\n"); @@ -446,14 +446,14 @@ int main(int argc, char *argv[]) memset(cbc_out, 0, 40); memset(cbc_in, 0, 40); memcpy(iv3, cbc_iv, sizeof(cbc_iv)); - des_xcbc_encrypt(cbc_data, cbc_out, strlen((char *)cbc_data) + 1, ks, + DES_xcbc_encrypt(cbc_data, cbc_out, strlen((char *)cbc_data) + 1, &ks, &iv3, &cbc2_key, &cbc3_key, DES_ENCRYPT); if (memcmp(cbc_out, xcbc_ok, 32) != 0) { printf("des_xcbc_encrypt encrypt error\n"); err = 1; } memcpy(iv3, cbc_iv, sizeof(cbc_iv)); - des_xcbc_encrypt(cbc_out, cbc_in, strlen((char *)cbc_data) + 1, ks, + DES_xcbc_encrypt(cbc_out, cbc_in, strlen((char *)cbc_data) + 1, &ks, &iv3, &cbc2_key, &cbc3_key, DES_DECRYPT); if (memcmp(cbc_in, cbc_data, strlen((char *)cbc_data) + 1) != 0) { printf("des_xcbc_encrypt decrypt error\n"); @@ -480,10 +480,10 @@ int main(int argc, char *argv[]) /* i=((i+7)/8)*8; */ memcpy(iv3, cbc_iv, sizeof(cbc_iv)); - des_ede3_cbc_encrypt(cbc_data, cbc_out, 16L, ks, ks2, ks3, &iv3, + DES_ede3_cbc_encrypt(cbc_data, cbc_out, 16L, &ks, &ks2, &ks3, &iv3, DES_ENCRYPT); - des_ede3_cbc_encrypt(&(cbc_data[16]), &(cbc_out[16]), i - 16, ks, ks2, - ks3, &iv3, DES_ENCRYPT); + DES_ede3_cbc_encrypt(&(cbc_data[16]), &(cbc_out[16]), i - 16, &ks, &ks2, + &ks3, &iv3, DES_ENCRYPT); if (memcmp (cbc_out, cbc3_ok, (unsigned int)(strlen((char *)cbc_data) + 1 + 7) / 8 * 8) != 0) { @@ -500,11 +500,11 @@ int main(int argc, char *argv[]) } memcpy(iv3, cbc_iv, sizeof(cbc_iv)); - des_ede3_cbc_encrypt(cbc_out, cbc_in, i, ks, ks2, ks3, &iv3, DES_DECRYPT); + DES_ede3_cbc_encrypt(cbc_out, cbc_in, i, &ks, &ks2, &ks3, &iv3, DES_DECRYPT); if (memcmp(cbc_in, cbc_data, strlen((char *)cbc_data) + 1) != 0) { unsigned int n; - printf("des_ede3_cbc_encrypt decrypt error\n"); + printf("DES_ede3_cbc_encrypt decrypt error\n"); for (n = 0; n < i; ++n) printf(" %02x", cbc_data[n]); printf("\n"); @@ -521,13 +521,13 @@ int main(int argc, char *argv[]) } memset(cbc_out, 0, 40); memset(cbc_in, 0, 40); - des_pcbc_encrypt(cbc_data, cbc_out, strlen((char *)cbc_data) + 1, ks, + DES_pcbc_encrypt(cbc_data, cbc_out, strlen((char *)cbc_data) + 1, &ks, &cbc_iv, DES_ENCRYPT); if (memcmp(cbc_out, pcbc_ok, 32) != 0) { printf("pcbc_encrypt encrypt error\n"); err = 1; } - des_pcbc_encrypt(cbc_out, cbc_in, strlen((char *)cbc_data) + 1, ks, + DES_pcbc_encrypt(cbc_out, cbc_in, strlen((char *)cbc_data) + 1, &ks, &cbc_iv, DES_DECRYPT); if (memcmp(cbc_in, cbc_data, strlen((char *)cbc_data) + 1) != 0) { printf("pcbc_encrypt decrypt error\n"); @@ -551,8 +551,8 @@ int main(int argc, char *argv[]) memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); for (i = 0; i < sizeof(plain); i++) - des_cfb_encrypt(&(plain[i]), &(cfb_buf1[i]), - 8, 1, ks, &cfb_tmp, DES_ENCRYPT); + DES_cfb_encrypt(&(plain[i]), &(cfb_buf1[i]), + 8, 1, &ks, &cfb_tmp, DES_ENCRYPT); if (memcmp(cfb_cipher8, cfb_buf1, sizeof(plain)) != 0) { printf("cfb_encrypt small encrypt error\n"); err = 1; @@ -560,8 +560,8 @@ int main(int argc, char *argv[]) memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); for (i = 0; i < sizeof(plain); i++) - des_cfb_encrypt(&(cfb_buf1[i]), &(cfb_buf2[i]), - 8, 1, ks, &cfb_tmp, DES_DECRYPT); + DES_cfb_encrypt(&(cfb_buf1[i]), &(cfb_buf2[i]), + 8, 1, &ks, &cfb_tmp, DES_DECRYPT); if (memcmp(plain, cfb_buf2, sizeof(plain)) != 0) { printf("cfb_encrypt small decrypt error\n"); err = 1; @@ -575,7 +575,7 @@ int main(int argc, char *argv[]) printf("Doing ofb\n"); DES_set_key_checked(&ofb_key, &ks); memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv)); - des_ofb_encrypt(plain, ofb_buf1, 64, sizeof(plain) / 8, ks, &ofb_tmp); + DES_ofb_encrypt(plain, ofb_buf1, 64, sizeof(plain) / 8, &ks, &ofb_tmp); if (memcmp(ofb_cipher, ofb_buf1, sizeof(ofb_buf1)) != 0) { printf("ofb_encrypt encrypt error\n"); printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", @@ -589,7 +589,7 @@ int main(int argc, char *argv[]) err = 1; } memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv)); - des_ofb_encrypt(ofb_buf1, ofb_buf2, 64, sizeof(ofb_buf1) / 8, ks, + DES_ofb_encrypt(ofb_buf1, ofb_buf2, 64, sizeof(ofb_buf1) / 8, &ks, &ofb_tmp); if (memcmp(plain, ofb_buf2, sizeof(ofb_buf2)) != 0) { printf("ofb_encrypt decrypt error\n"); @@ -610,7 +610,7 @@ int main(int argc, char *argv[]) memset(ofb_buf2, 0, sizeof(ofb_buf1)); num = 0; for (i = 0; i < sizeof(plain); i++) { - des_ofb64_encrypt(&(plain[i]), &(ofb_buf1[i]), 1, ks, &ofb_tmp, &num); + DES_ofb64_encrypt(&(plain[i]), &(ofb_buf1[i]), 1, &ks, &ofb_tmp, &num); } if (memcmp(ofb_cipher, ofb_buf1, sizeof(ofb_buf1)) != 0) { printf("ofb64_encrypt encrypt error\n"); @@ -618,7 +618,7 @@ int main(int argc, char *argv[]) } memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv)); num = 0; - des_ofb64_encrypt(ofb_buf1, ofb_buf2, sizeof(ofb_buf1), ks, &ofb_tmp, + DES_ofb64_encrypt(ofb_buf1, ofb_buf2, sizeof(ofb_buf1), &ks, &ofb_tmp, &num); if (memcmp(plain, ofb_buf2, sizeof(ofb_buf2)) != 0) { printf("ofb64_encrypt decrypt error\n"); @@ -632,8 +632,8 @@ int main(int argc, char *argv[]) memset(ofb_buf2, 0, sizeof(ofb_buf1)); num = 0; for (i = 0; i < sizeof(plain); i++) { - des_ede3_ofb64_encrypt(&(plain[i]), &(ofb_buf1[i]), 1, ks, ks, - ks, &ofb_tmp, &num); + DES_ede3_ofb64_encrypt(&(plain[i]), &(ofb_buf1[i]), 1, &ks, &ks, + &ks, &ofb_tmp, &num); } if (memcmp(ofb_cipher, ofb_buf1, sizeof(ofb_buf1)) != 0) { printf("ede_ofb64_encrypt encrypt error\n"); @@ -641,7 +641,7 @@ int main(int argc, char *argv[]) } memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv)); num = 0; - des_ede3_ofb64_encrypt(ofb_buf1, ofb_buf2, sizeof(ofb_buf1), ks, ks, ks, + DES_ede3_ofb64_encrypt(ofb_buf1, ofb_buf2, sizeof(ofb_buf1), &ks, &ks, &ks, &ofb_tmp, &num); if (memcmp(plain, ofb_buf2, sizeof(ofb_buf2)) != 0) { printf("ede_ofb64_encrypt decrypt error\n"); @@ -650,7 +650,7 @@ int main(int argc, char *argv[]) printf("Doing cbc_cksum\n"); DES_set_key_checked(&cbc_key, &ks); - cs = des_cbc_cksum(cbc_data, &cret, strlen((char *)cbc_data), ks, + cs = DES_cbc_cksum(cbc_data, &cret, strlen((char *)cbc_data), &ks, &cbc_iv); if (cs != cbc_cksum_ret) { printf("bad return value (%08lX), should be %08lX\n", @@ -663,9 +663,9 @@ int main(int argc, char *argv[]) } printf("Doing quad_cksum\n"); - cs = des_quad_cksum(cbc_data, (des_cblock *)lqret, + cs = DES_quad_cksum(cbc_data, (DES_cblock *)lqret, (long)strlen((char *)cbc_data), 2, - (des_cblock *)cbc_iv); + (DES_cblock *)cbc_iv); if (cs != 0x70d7a63aL) { printf("quad_cksum error, ret %08lx should be 70d7a63a\n", (unsigned long)cs); @@ -696,15 +696,15 @@ int main(int argc, char *argv[]) printf("input word alignment test"); for (i = 0; i < 4; i++) { printf(" %d", i); - des_ncbc_encrypt(&(cbc_out[i]), cbc_in, - strlen((char *)cbc_data) + 1, ks, + DES_ncbc_encrypt(&(cbc_out[i]), cbc_in, + strlen((char *)cbc_data) + 1, &ks, &cbc_iv, DES_ENCRYPT); } printf("\noutput word alignment test"); for (i = 0; i < 4; i++) { printf(" %d", i); - des_ncbc_encrypt(cbc_out, &(cbc_in[i]), - strlen((char *)cbc_data) + 1, ks, + DES_ncbc_encrypt(cbc_out, &(cbc_in[i]), + strlen((char *)cbc_data) + 1, &ks, &cbc_iv, DES_ENCRYPT); } printf("\n"); @@ -749,12 +749,12 @@ static char *pt(unsigned char *p) static int cfb_test(int bits, unsigned char *cfb_cipher) { - des_key_schedule ks; + DES_key_schedule ks; int i, err = 0; DES_set_key_checked(&cfb_key, &ks); memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); - des_cfb_encrypt(plain, cfb_buf1, bits, sizeof(plain), ks, &cfb_tmp, + DES_cfb_encrypt(plain, cfb_buf1, bits, sizeof(plain), &ks, &cfb_tmp, DES_ENCRYPT); if (memcmp(cfb_cipher, cfb_buf1, sizeof(plain)) != 0) { err = 1; @@ -763,7 +763,7 @@ static int cfb_test(int bits, unsigned char *cfb_cipher) printf("%s\n", pt(&(cfb_buf1[i]))); } memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); - des_cfb_encrypt(cfb_buf1, cfb_buf2, bits, sizeof(plain), ks, &cfb_tmp, + DES_cfb_encrypt(cfb_buf1, cfb_buf2, bits, sizeof(plain), &ks, &cfb_tmp, DES_DECRYPT); if (memcmp(plain, cfb_buf2, sizeof(plain)) != 0) { err = 1; @@ -776,14 +776,14 @@ static int cfb_test(int bits, unsigned char *cfb_cipher) static int cfb64_test(unsigned char *cfb_cipher) { - des_key_schedule ks; + DES_key_schedule ks; int err = 0, i, n; DES_set_key_checked(&cfb_key, &ks); memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); n = 0; - des_cfb64_encrypt(plain, cfb_buf1, 12, ks, &cfb_tmp, &n, DES_ENCRYPT); - des_cfb64_encrypt(&(plain[12]), &(cfb_buf1[12]), sizeof(plain) - 12, ks, + DES_cfb64_encrypt(plain, cfb_buf1, 12, &ks, &cfb_tmp, &n, DES_ENCRYPT); + DES_cfb64_encrypt(&(plain[12]), &(cfb_buf1[12]), sizeof(plain) - 12, &ks, &cfb_tmp, &n, DES_ENCRYPT); if (memcmp(cfb_cipher, cfb_buf1, sizeof(plain)) != 0) { err = 1; @@ -793,9 +793,9 @@ static int cfb64_test(unsigned char *cfb_cipher) } memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); n = 0; - des_cfb64_encrypt(cfb_buf1, cfb_buf2, 17, ks, &cfb_tmp, &n, DES_DECRYPT); - des_cfb64_encrypt(&(cfb_buf1[17]), &(cfb_buf2[17]), - sizeof(plain) - 17, ks, &cfb_tmp, &n, DES_DECRYPT); + DES_cfb64_encrypt(cfb_buf1, cfb_buf2, 17, &ks, &cfb_tmp, &n, DES_DECRYPT); + DES_cfb64_encrypt(&(cfb_buf1[17]), &(cfb_buf2[17]), + sizeof(plain) - 17, &ks, &cfb_tmp, &n, DES_DECRYPT); if (memcmp(plain, cfb_buf2, sizeof(plain)) != 0) { err = 1; printf("cfb_encrypt decrypt error\n"); @@ -807,16 +807,16 @@ static int cfb64_test(unsigned char *cfb_cipher) static int ede_cfb64_test(unsigned char *cfb_cipher) { - des_key_schedule ks; + DES_key_schedule ks; int err = 0, i, n; DES_set_key_checked(&cfb_key, &ks); memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); n = 0; - des_ede3_cfb64_encrypt(plain, cfb_buf1, 12, ks, ks, ks, &cfb_tmp, &n, + DES_ede3_cfb64_encrypt(plain, cfb_buf1, 12, &ks, &ks, &ks, &cfb_tmp, &n, DES_ENCRYPT); - des_ede3_cfb64_encrypt(&(plain[12]), &(cfb_buf1[12]), - sizeof(plain) - 12, ks, ks, ks, + DES_ede3_cfb64_encrypt(&(plain[12]), &(cfb_buf1[12]), + sizeof(plain) - 12, &ks, &ks, &ks, &cfb_tmp, &n, DES_ENCRYPT); if (memcmp(cfb_cipher, cfb_buf1, sizeof(plain)) != 0) { err = 1; @@ -826,10 +826,10 @@ static int ede_cfb64_test(unsigned char *cfb_cipher) } memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv)); n = 0; - des_ede3_cfb64_encrypt(cfb_buf1, cfb_buf2, (long)17, ks, ks, ks, + DES_ede3_cfb64_encrypt(cfb_buf1, cfb_buf2, (long)17, &ks, &ks, &ks, &cfb_tmp, &n, DES_DECRYPT); - des_ede3_cfb64_encrypt(&(cfb_buf1[17]), &(cfb_buf2[17]), - sizeof(plain) - 17, ks, ks, ks, + DES_ede3_cfb64_encrypt(&(cfb_buf1[17]), &(cfb_buf2[17]), + sizeof(plain) - 17, &ks, &ks, &ks, &cfb_tmp, &n, DES_DECRYPT); if (memcmp(plain, cfb_buf2, sizeof(plain)) != 0) { err = 1; diff --git a/crypto/des/makefile.bc b/crypto/des/makefile.bc deleted file mode 100644 index c121f7c..0000000 --- a/crypto/des/makefile.bc +++ /dev/null @@ -1,50 +0,0 @@ -# -# Original BC Makefile from Teun -# -# -CC = bcc -TLIB = tlib /0 /C -# note: the -3 flag produces code for 386, 486, Pentium etc; omit it for 286s -OPTIMIZE= -3 -O2 -#WINDOWS= -W -CFLAGS = -c -ml -d $(OPTIMIZE) $(WINDOWS) -DMSDOS -LFLAGS = -ml $(WINDOWS) - -.c.obj: - $(CC) $(CFLAGS) $*.c - -.obj.exe: - $(CC) $(LFLAGS) -e$*.exe $*.obj libdes.lib - -all: $(LIB) destest.exe rpw.exe des.exe speed.exe - -# "make clean": use a directory containing only libdes .exe and .obj files... -clean: - del *.exe - del *.obj - del libdes.lib - del libdes.rsp - -OBJS= cbc_cksm.obj cbc_enc.obj ecb_enc.obj pcbc_enc.obj \ - qud_cksm.obj rand_key.obj set_key.obj str2key.obj \ - enc_read.obj enc_writ.obj fcrypt.obj cfb_enc.obj \ - ecb3_enc.obj ofb_enc.obj cbc3_enc.obj read_pwd.obj\ - cfb64enc.obj ofb64enc.obj ede_enc.obj cfb64ede.obj\ - ofb64ede.obj supp.obj - -LIB= libdes.lib - -$(LIB): $(OBJS) - del $(LIB) - makersp "+%s &\n" &&| - $(OBJS) -| >libdes.rsp - $(TLIB) libdes.lib @libdes.rsp,nul - del libdes.rsp - -destest.exe: destest.obj libdes.lib -rpw.exe: rpw.obj libdes.lib -speed.exe: speed.obj libdes.lib -des.exe: des.obj libdes.lib - - diff --git a/crypto/des/options.txt b/crypto/des/options.txt deleted file mode 100644 index 6e2b50f..0000000 --- a/crypto/des/options.txt +++ /dev/null @@ -1,39 +0,0 @@ -Note that the UNROLL option makes the 'inner' des loop unroll all 16 rounds -instead of the default 4. -RISC1 and RISC2 are 2 alternatives for the inner loop and -PTR means to use pointers arithmatic instead of arrays. - -FreeBSD - Pentium Pro 200mhz - gcc 2.7.2.2 - assembler 577,000 4620k/s -IRIX 6.2 - R10000 195mhz - cc (-O3 -n32) - UNROLL RISC2 PTR 496,000 3968k/s -solaris 2.5.1 usparc 167mhz?? - SC4.0 - UNROLL RISC1 PTR [1] 459,400 3672k/s -FreeBSD - Pentium Pro 200mhz - gcc 2.7.2.2 - UNROLL RISC1 433,000 3468k/s -solaris 2.5.1 usparc 167mhz?? - gcc 2.7.2 - UNROLL 380,000 3041k/s -linux - pentium 100mhz - gcc 2.7.0 - assembler 281,000 2250k/s -NT 4.0 - pentium 100mhz - VC 4.2 - assembler 281,000 2250k/s -AIX 4.1? - PPC604 100mhz - cc - UNROLL 275,000 2200k/s -IRIX 5.3 - R4400 200mhz - gcc 2.6.3 - UNROLL RISC2 PTR 235,300 1882k/s -IRIX 5.3 - R4400 200mhz - cc - UNROLL RISC2 PTR 233,700 1869k/s -NT 4.0 - pentium 100mhz - VC 4.2 - UNROLL RISC1 PTR 191,000 1528k/s -DEC Alpha 165mhz?? - cc - RISC2 PTR [2] 181,000 1448k/s -linux - pentium 100mhz - gcc 2.7.0 - UNROLL RISC1 PTR 158,500 1268k/s -HPUX 10 - 9000/887 - cc - UNROLL [3] 148,000 1190k/s -solaris 2.5.1 - sparc 10 50mhz - gcc 2.7.2 - UNROLL 123,600 989k/s -IRIX 5.3 - R4000 100mhz - cc - UNROLL RISC2 PTR 101,000 808k/s -DGUX - 88100 50mhz(?) - gcc 2.6.3 - UNROLL 81,000 648k/s -solaris 2.4 486 50mhz - gcc 2.6.3 - assembler 65,000 522k/s -HPUX 10 - 9000/887 - k&r cc (default compiler) - UNROLL PTR 76,000 608k/s -solaris 2.4 486 50mhz - gcc 2.6.3 - UNROLL RISC2 43,500 344k/s -AIX - old slow one :-) - cc - 39,000 312k/s - -Notes. -[1] For the ultra sparc, SunC 4.0 - cc -xtarget=ultra -xarch=v8plus -Xa -xO5, running 'des_opts' - gives a speed of 344,000 des/s while 'speed' gives 459,000 des/s. - I'll record the higher since it is coming from the library but it - is all rather weird. -[2] Similar to the ultra sparc ([1]), 181,000 for 'des_opts' vs 175,000. -[3] I was unable to get access to this machine when it was not heavily loaded. - As such, my timing program was never able to get more that %30 of the CPU. - This would cause the program to give much lower speed numbers because - it would be 'fighting' to stay in the cache with the other CPU burning - processes. diff --git a/crypto/des/read_pwd.c b/crypto/des/read_pwd.c deleted file mode 100644 index 42903d6..0000000 --- a/crypto/des/read_pwd.c +++ /dev/null @@ -1,493 +0,0 @@ -/* crypto/des/read_pwd.c */ -/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay at cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh at cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay at cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WIN32) -# ifdef OPENSSL_UNISTD -# include OPENSSL_UNISTD -# else -# include -# endif -/* - * If unistd.h defines _POSIX_VERSION, we conclude that we are on a POSIX - * system and have sigaction and termios. - */ -# if defined(_POSIX_VERSION) - -# define SIGACTION -# if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY) -# define TERMIOS -# endif - -# endif -#endif - -/* Define this if you have sigaction() */ -/* #define SIGACTION */ - -/* 06-Apr-92 Luke Brennan Support for VMS */ -#include "des_locl.h" -#include "cryptlib.h" -#include -#include -#include -#include -#include - -#ifdef OPENSSL_SYS_VMS /* prototypes for sys$whatever */ -# include -# ifdef __DECC -# pragma message disable DOLLARID -# endif -#endif - -#ifdef WIN_CONSOLE_BUG -# include -# ifndef OPENSSL_SYS_WINCE -# include -# endif -#endif - -/* - * There are 5 types of terminal interface supported, TERMIO, TERMIOS, VMS, - * MSDOS and SGTTY - */ - -#if defined(__sgi) && !defined(TERMIOS) -# define TERMIOS -# undef TERMIO -# undef SGTTY -#endif - -#if defined(linux) && !defined(TERMIO) -# undef TERMIOS -# define TERMIO -# undef SGTTY -#endif - -#ifdef _LIBC -# undef TERMIOS -# define TERMIO -# undef SGTTY -#endif - -#if !defined(TERMIO) && !defined(TERMIOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_MSDOS) -# undef TERMIOS -# undef TERMIO -# define SGTTY -#endif - -#if defined(OPENSSL_SYS_VXWORKS) -# undef TERMIOS -# undef TERMIO -# undef SGTTY -#endif - -#ifdef TERMIOS -# include -# define TTY_STRUCT struct termios -# define TTY_FLAGS c_lflag -# define TTY_get(tty,data) tcgetattr(tty,data) -# define TTY_set(tty,data) tcsetattr(tty,TCSANOW,data) -#endif - -#ifdef TERMIO -# include -# define TTY_STRUCT struct termio -# define TTY_FLAGS c_lflag -# define TTY_get(tty,data) ioctl(tty,TCGETA,data) -# define TTY_set(tty,data) ioctl(tty,TCSETA,data) -#endif - -#ifdef SGTTY -# include -# define TTY_STRUCT struct sgttyb -# define TTY_FLAGS sg_flags -# define TTY_get(tty,data) ioctl(tty,TIOCGETP,data) -# define TTY_set(tty,data) ioctl(tty,TIOCSETP,data) -#endif - -#if !defined(_LIBC) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) -# include -#endif - -#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WINCE) -# include -# define fgets(a,b,c) noecho_fgets(a,b,c) -#endif - -#ifdef OPENSSL_SYS_VMS -# include -# include -# include -# include -struct IOSB { - short iosb$w_value; - short iosb$w_count; - long iosb$l_info; -}; -#endif - -#ifndef NX509_SIG -# define NX509_SIG 32 -#endif - -static void read_till_nl(FILE *); -static void recsig(int); -static void pushsig(void); -static void popsig(void); -#if defined(OPENSSL_SYS_MSDOS) -static int noecho_fgets(char *buf, int size, FILE *tty); -#endif -#ifdef SIGACTION -static struct sigaction savsig[NX509_SIG]; -#else -static void (*savsig[NX509_SIG]) (int); -#endif -static jmp_buf save; - -int des_read_pw_string(char *buf, int length, const char *prompt, int verify) -{ - char buff[BUFSIZ]; - int ret; - - ret = - des_read_pw(buf, buff, (length > BUFSIZ) ? BUFSIZ : length, prompt, - verify); - OPENSSL_cleanse(buff, BUFSIZ); - return (ret); -} - -#ifdef OPENSSL_SYS_WINCE - -int des_read_pw(char *buf, char *buff, int size, const char *prompt, - int verify) -{ - memset(buf, 0, size); - memset(buff, 0, size); - return (0); -} - -#else /* !OPENSSL_SYS_WINCE */ - -static void read_till_nl(FILE *in) -{ -# define SIZE 4 - char buf[SIZE + 1]; - - do { - fgets(buf, SIZE, in); - } while (strchr(buf, '\n') == NULL); -} - -/* return 0 if ok, 1 (or -1) otherwise */ -int des_read_pw(char *buf, char *buff, int size, const char *prompt, - int verify) -{ -# ifdef OPENSSL_SYS_VMS - struct IOSB iosb; - $DESCRIPTOR(terminal, "TT"); - long tty_orig[3], tty_new[3]; - long status; - unsigned short channel = 0; -# else -# if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__) - TTY_STRUCT tty_orig, tty_new; -# endif -# endif - int number; - int ok; - /* - * statics are simply to avoid warnings about longjmp clobbering things - */ - static int ps; - int is_a_tty; - static FILE *tty; - char *p; - - if (setjmp(save)) { - ok = 0; - goto error; - } - - number = 5; - ok = 0; - ps = 0; - is_a_tty = 1; - tty = NULL; - -# ifdef OPENSSL_SYS_MSDOS - if ((tty = fopen("con", "r")) == NULL) - tty = stdin; -# elif defined(OPENSSL_SYS_VXWORKS) - tty = stdin; -# else - if ((tty = fopen("/dev/tty", "r")) == NULL) - tty = stdin; -# endif - -# if defined(TTY_get) && !defined(OPENSSL_SYS_VMS) - if (TTY_get(fileno(tty), &tty_orig) == -1) { -# ifdef ENOTTY - if (errno == ENOTTY) - is_a_tty = 0; - else -# endif -# ifdef EINVAL - /* - * Ariel Glenn ariel at columbia.edu reports that solaris can return - * EINVAL instead. This should be ok - */ - if (errno == EINVAL) - is_a_tty = 0; - else -# endif - return (-1); - } - memcpy(&(tty_new), &(tty_orig), sizeof(tty_orig)); -# endif -# ifdef OPENSSL_SYS_VMS - status = sys$assign(&terminal, &channel, 0, 0); - if (status != SS$_NORMAL) - return (-1); - status = - sys$qiow(0, channel, IO$_SENSEMODE, &iosb, 0, 0, tty_orig, 12, 0, 0, - 0, 0); - if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL)) - return (-1); -# endif - - pushsig(); - ps = 1; - -# ifdef TTY_FLAGS - tty_new.TTY_FLAGS &= ~ECHO; -# endif - -# if defined(TTY_set) && !defined(OPENSSL_SYS_VMS) - if (is_a_tty && (TTY_set(fileno(tty), &tty_new) == -1)) - return (-1); -# endif -# ifdef OPENSSL_SYS_VMS - tty_new[0] = tty_orig[0]; - tty_new[1] = tty_orig[1] | TT$M_NOECHO; - tty_new[2] = tty_orig[2]; - status = - sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12, 0, 0, 0, - 0); - if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL)) - return (-1); -# endif - ps = 2; - - while ((!ok) && (number--)) { - fputs(prompt, stderr); - fflush(stderr); - - buf[0] = '\0'; - fgets(buf, size, tty); - if (feof(tty)) - goto error; - if (ferror(tty)) - goto error; - if ((p = (char *)strchr(buf, '\n')) != NULL) - *p = '\0'; - else - read_till_nl(tty); - if (verify) { - fprintf(stderr, "\nVerifying password - %s", prompt); - fflush(stderr); - buff[0] = '\0'; - fgets(buff, size, tty); - if (feof(tty)) - goto error; - if ((p = (char *)strchr(buff, '\n')) != NULL) - *p = '\0'; - else - read_till_nl(tty); - - if (strcmp(buf, buff) != 0) { - fprintf(stderr, "\nVerify failure"); - fflush(stderr); - break; - /* continue; */ - } - } - ok = 1; - } - - error: - fprintf(stderr, "\n"); - /* What can we do if there is an error? */ -# if defined(TTY_set) && !defined(OPENSSL_SYS_VMS) - if (ps >= 2) - TTY_set(fileno(tty), &tty_orig); -# endif -# ifdef OPENSSL_SYS_VMS - if (ps >= 2) - status = - sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_orig, 12, 0, 0, - 0, 0); -# endif - - if (ps >= 1) - popsig(); - if (stdin != tty) - fclose(tty); -# ifdef OPENSSL_SYS_VMS - status = sys$dassgn(channel); -# endif - return (!ok); -} - -static void pushsig(void) -{ - int i; -# ifdef SIGACTION - struct sigaction sa; - - memset(&sa, 0, sizeof sa); - sa.sa_handler = recsig; -# endif - - for (i = 1; i < NX509_SIG; i++) { -# ifdef SIGUSR1 - if (i == SIGUSR1) - continue; -# endif -# ifdef SIGUSR2 - if (i == SIGUSR2) - continue; -# endif -# ifdef SIGACTION - sigaction(i, &sa, &savsig[i]); -# else - savsig[i] = signal(i, recsig); -# endif - } - -# ifdef SIGWINCH - signal(SIGWINCH, SIG_DFL); -# endif -} - -static void popsig(void) -{ - int i; - - for (i = 1; i < NX509_SIG; i++) { -# ifdef SIGUSR1 - if (i == SIGUSR1) - continue; -# endif -# ifdef SIGUSR2 - if (i == SIGUSR2) - continue; -# endif -# ifdef SIGACTION - sigaction(i, &savsig[i], NULL); -# else - signal(i, savsig[i]); -# endif - } -} - -static void recsig(int i) -{ - longjmp(save, 1); -} - -# ifdef OPENSSL_SYS_MSDOS -static int noecho_fgets(char *buf, int size, FILE *tty) -{ - int i; - char *p; - - p = buf; - for (;;) { - if (size == 0) { - *p = '\0'; - break; - } - size--; - i = getch(); - if (i == '\r') - i = '\n'; - *(p++) = i; - if (i == '\n') { - *p = '\0'; - break; - } - } -# ifdef WIN_CONSOLE_BUG - /* - * Win95 has several evil console bugs: one of these is that the last - * character read using getch() is passed to the next read: this is - * usually a CR so this can be trouble. No STDIO fix seems to work but - * flushing the console appears to do the trick. - */ - { - HANDLE inh; - inh = GetStdHandle(STD_INPUT_HANDLE); - FlushConsoleInputBuffer(inh); - } -# endif - return (strlen(buf)); -} -# endif -#endif /* !OPENSSL_SYS_WINCE */ diff --git a/crypto/des/rpw.c b/crypto/des/rpw.c deleted file mode 100644 index a382d1c..0000000 --- a/crypto/des/rpw.c +++ /dev/null @@ -1,90 +0,0 @@ -/* crypto/des/rpw.c */ -/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay at cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh at cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay at cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include - -int main(int argc, char *argv[]) -{ - DES_cblock k, k1; - int i; - - printf("read passwd\n"); - if ((i = des_read_password(&k, "Enter password:", 0)) == 0) { - printf("password = "); - for (i = 0; i < 8; i++) - printf("%02x ", k[i]); - } else - printf("error %d\n", i); - printf("\n"); - printf("read 2passwds and verify\n"); - if ((i = des_read_2passwords(&k, &k1, - "Enter verified password:", 1)) == 0) { - printf("password1 = "); - for (i = 0; i < 8; i++) - printf("%02x ", k[i]); - printf("\n"); - printf("password2 = "); - for (i = 0; i < 8; i++) - printf("%02x ", k1[i]); - printf("\n"); - return (1); - } - printf("error %d\n", i); - return (0); -} diff --git a/crypto/des/t/test b/crypto/des/t/test deleted file mode 100644 index 97acd05..0000000 --- a/crypto/des/t/test +++ /dev/null @@ -1,27 +0,0 @@ -#!./perl - -BEGIN { push(@INC, qw(../../../lib ../../lib ../lib lib)); } - -use DES; - -$key='00000000'; -$ks=DES::set_key($key); - at a=split(//,$ks); -foreach (@a) { printf "%02x-",ord($_); } -print "\n"; - - -$key=DES::random_key(); -print "($_)\n"; - at a=split(//,$key); -foreach (@a) { printf "%02x-",ord($_); } -print "\n"; -$str="this is and again into the breach"; -($k1,$k2)=DES::string_to_2keys($str); - at a=split(//,$k1); -foreach (@a) { printf "%02x-",ord($_); } -print "\n"; - at a=split(//,$k2); -foreach (@a) { printf "%02x-",ord($_); } -print "\n"; - diff --git a/crypto/des/times/486-50.sol b/crypto/des/times/486-50.sol deleted file mode 100644 index 0de62d6..0000000 --- a/crypto/des/times/486-50.sol +++ /dev/null @@ -1,16 +0,0 @@ -Solaris 2.4, 486 50mhz, gcc 2.6.3 -options des ecb/s -16 r2 i 43552.51 100.0% -16 r1 i 43487.45 99.9% -16 c p 43003.23 98.7% -16 r2 p 42339.00 97.2% -16 c i 41900.91 96.2% -16 r1 p 41360.64 95.0% - 4 c i 38728.48 88.9% - 4 c p 38225.63 87.8% - 4 r1 i 38085.79 87.4% - 4 r2 i 37825.64 86.9% - 4 r2 p 34611.00 79.5% - 4 r1 p 31802.00 73.0% --DDES_UNROLL -DDES_RISC2 - diff --git a/crypto/des/times/586-100.lnx b/crypto/des/times/586-100.lnx deleted file mode 100644 index 4323914..0000000 --- a/crypto/des/times/586-100.lnx +++ /dev/null @@ -1,20 +0,0 @@ -Pentium 100 -Linux 2 kernel -gcc 2.7.0 -O3 -fomit-frame-pointer -No X server running, just a console, it makes the top speed jump from 151,000 -to 158,000 :-). -options des ecb/s -assember 281000.00 177.1% -16 r1 p 158667.40 100.0% -16 r1 i 148471.70 93.6% -16 r2 p 143961.80 90.7% -16 r2 i 141689.20 89.3% - 4 r1 i 140100.00 88.3% - 4 r2 i 134049.40 84.5% -16 c i 124145.20 78.2% -16 c p 121584.20 76.6% - 4 c i 118116.00 74.4% - 4 r2 p 117977.90 74.4% - 4 c p 114971.40 72.5% - 4 r1 p 114578.40 72.2% --DDES_UNROLL -DDES_RISC1 -DDES_PTR diff --git a/crypto/des/times/686-200.fre b/crypto/des/times/686-200.fre deleted file mode 100644 index 7d83f6a..0000000 --- a/crypto/des/times/686-200.fre +++ /dev/null @@ -1,18 +0,0 @@ -Pentium 100 -Free BSD 2.1.5 kernel -gcc 2.7.2.2 -O3 -fomit-frame-pointer -options des ecb/s -assember 578000.00 133.1% -16 r2 i 434454.80 100.0% -16 r1 i 433621.43 99.8% -16 r2 p 431375.69 99.3% - 4 r1 i 423722.30 97.5% - 4 r2 i 422399.40 97.2% -16 r1 p 421739.40 97.1% -16 c i 399027.94 91.8% -16 c p 372251.70 85.7% - 4 c i 365118.35 84.0% - 4 c p 352880.51 81.2% - 4 r2 p 255104.90 58.7% - 4 r1 p 251289.18 57.8% --DDES_UNROLL -DDES_RISC2 diff --git a/crypto/des/times/aix.cc b/crypto/des/times/aix.cc deleted file mode 100644 index d96b74e..0000000 --- a/crypto/des/times/aix.cc +++ /dev/null @@ -1,26 +0,0 @@ -From: Paco Garcia - -This machine is a Bull Estrella Minitower Model MT604-100 -Processor : PPC604 -P.Speed : 100Mhz -Data/Instr Cache : 16 K -L2 Cache : 256 K -PCI BUS Speed : 33 Mhz -TransfRate PCI : 132 MB/s -Memory : 96 MB - -options des ecb/s - 4 c p 275118.61 100.0% - 4 c i 273545.07 99.4% - 4 r2 p 270441.02 98.3% - 4 r1 p 253052.15 92.0% - 4 r2 i 240842.97 87.5% - 4 r1 i 240556.66 87.4% -16 c i 224603.99 81.6% -16 c p 224483.98 81.6% -16 r2 p 215691.19 78.4% -16 r1 p 208332.83 75.7% -16 r1 i 199206.50 72.4% -16 r2 i 198963.70 72.3% --DDES_PTR - diff --git a/crypto/des/times/alpha.cc b/crypto/des/times/alpha.cc deleted file mode 100644 index 95c17ef..0000000 --- a/crypto/des/times/alpha.cc +++ /dev/null @@ -1,18 +0,0 @@ -cc -O2 -DES_LONG is 'unsigned int' - -options des ecb/s - 4 r2 p 181146.14 100.0% -16 r2 p 172102.94 95.0% - 4 r2 i 165424.11 91.3% -16 c p 160468.64 88.6% - 4 c p 156653.59 86.5% - 4 c i 155245.18 85.7% - 4 r1 p 154729.68 85.4% -16 r2 i 154137.69 85.1% -16 r1 p 152357.96 84.1% -16 c i 148743.91 82.1% - 4 r1 i 146695.59 81.0% -16 r1 i 144961.00 80.0% --DDES_RISC2 -DDES_PTR - diff --git a/crypto/des/times/hpux.cc b/crypto/des/times/hpux.cc deleted file mode 100644 index 3de856d..0000000 --- a/crypto/des/times/hpux.cc +++ /dev/null @@ -1,17 +0,0 @@ -HPUX 10 - 9000/887 - cc -D_HPUX_SOURCE -Aa +ESlit +O2 -Wl,-a,archive - -options des ecb/s -16 c i 149448.90 100.0% - 4 c i 145861.79 97.6% -16 r2 i 141710.96 94.8% -16 r1 i 139455.33 93.3% - 4 r2 i 138800.00 92.9% - 4 r1 i 136692.65 91.5% -16 r2 p 110228.17 73.8% -16 r1 p 109397.07 73.2% -16 c p 109209.89 73.1% - 4 c p 108014.71 72.3% - 4 r2 p 107873.88 72.2% - 4 r1 p 107685.83 72.1% --DDES_UNROLL - diff --git a/crypto/des/times/sparc.gcc b/crypto/des/times/sparc.gcc deleted file mode 100644 index 8eaa042..0000000 --- a/crypto/des/times/sparc.gcc +++ /dev/null @@ -1,17 +0,0 @@ -solaris 2.5.1 - sparc 10 50mhz - gcc 2.7.2 - -options des ecb/s -16 c i 124382.70 100.0% - 4 c i 118884.68 95.6% -16 c p 112261.20 90.3% -16 r2 i 111777.10 89.9% -16 r2 p 108896.30 87.5% -16 r1 p 108791.59 87.5% - 4 c p 107290.10 86.3% - 4 r1 p 104583.80 84.1% -16 r1 i 104206.20 83.8% - 4 r2 p 103709.80 83.4% - 4 r2 i 98306.43 79.0% - 4 r1 i 91525.80 73.6% --DDES_UNROLL - diff --git a/crypto/des/times/usparc.cc b/crypto/des/times/usparc.cc deleted file mode 100644 index 0864285..0000000 --- a/crypto/des/times/usparc.cc +++ /dev/null @@ -1,31 +0,0 @@ -solaris 2.5.1 usparc 167mhz?? - SC4.0 cc -fast -Xa -xO5 - -For the ultra sparc, SunC 4.0 cc -fast -Xa -xO5, running 'des_opts' -gives a speed of 475,000 des/s while 'speed' gives 417,000 des/s. -I believe the difference is tied up in optimisation that the compiler -is able to perform when the code is 'inlined'. For 'speed', the DES -routines are being linked from a library. I'll record the higher -speed since if performance is everything, you can always inline -'des_enc.c'. - -[ 16-Jan-06 - I've been playing with the - '-xtarget=ultra -xarch=v8plus -Xa -xO5 -Xa' - and while it makes the des_opts numbers much slower, it makes the - actual 'speed' numbers look better which is a realistic version of - using the libraries. ] - -options des ecb/s -16 r1 p 475516.90 100.0% -16 r2 p 439388.10 92.4% -16 c i 427001.40 89.8% -16 c p 419516.50 88.2% - 4 r2 p 409491.70 86.1% - 4 r1 p 404266.90 85.0% - 4 c p 398121.00 83.7% - 4 c i 370588.40 77.9% - 4 r1 i 362742.20 76.3% -16 r2 i 331275.50 69.7% -16 r1 i 324730.60 68.3% - 4 r2 i 63535.10 13.4% <-- very very weird, must be cache problems. --DDES_UNROLL -DDES_RISC1 -DDES_PTR - diff --git a/crypto/des/typemap b/crypto/des/typemap deleted file mode 100644 index a524f53..0000000 --- a/crypto/des/typemap +++ /dev/null @@ -1,34 +0,0 @@ -# -# DES SECTION -# -deschar * T_DESCHARP -des_cblock * T_CBLOCK -des_cblock T_CBLOCK -des_key_schedule T_SCHEDULE -des_key_schedule * T_SCHEDULE - -INPUT -T_CBLOCK - $var=(des_cblock *)SvPV($arg,len); - if (len < DES_KEY_SZ) - { - croak(\"$var needs to be at least %u bytes long\",DES_KEY_SZ); - } - -T_SCHEDULE - $var=(des_key_schedule *)SvPV($arg,len); - if (len < DES_SCHEDULE_SZ) - { - croak(\"$var needs to be at least %u bytes long\", - DES_SCHEDULE_SZ); - } - -OUTPUT -T_CBLOCK - sv_setpvn($arg,(char *)$var,DES_KEY_SZ); - -T_SCHEDULE - sv_setpvn($arg,(char *)$var,DES_SCHEDULE_SZ); - -T_DESCHARP - sv_setpvn($arg,(char *)$var,len); diff --git a/crypto/evp/Makefile b/crypto/evp/Makefile index 51730c1..925b094 100644 --- a/crypto/evp/Makefile +++ b/crypto/evp/Makefile @@ -263,7 +263,7 @@ e_cast.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h e_cast.o: ../../include/openssl/symhacks.h ../cryptlib.h e_cast.c evp_locl.h e_des.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_des.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -e_des.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +e_des.o: ../../include/openssl/des.h e_des.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h e_des.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h e_des.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h @@ -274,7 +274,7 @@ e_des.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h e_des.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des.c evp_locl.h e_des3.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_des3.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -e_des3.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +e_des3.o: ../../include/openssl/des.h e_des3.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h e_des3.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h e_des3.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h @@ -351,7 +351,7 @@ e_seed.o: e_seed.c evp_locl.h e_xcbc_d.o: ../../e_os.h ../../include/openssl/asn1.h e_xcbc_d.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h e_xcbc_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -e_xcbc_d.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h +e_xcbc_d.o: ../../include/openssl/e_os2.h e_xcbc_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h e_xcbc_d.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h e_xcbc_d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h @@ -519,7 +519,7 @@ m_md5.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h m_md5.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md5.c m_mdc2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_mdc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -m_mdc2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +m_mdc2.o: ../../include/openssl/des.h m_mdc2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h m_mdc2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h m_mdc2.o: ../../include/openssl/err.h ../../include/openssl/evp.h diff --git a/crypto/install-crypto.com b/crypto/install-crypto.com index e57b2ee..a43f433 100755 --- a/crypto/install-crypto.com +++ b/crypto/install-crypto.com @@ -94,7 +94,7 @@ $ exheader_mdc2 := mdc2.h $ exheader_hmac := hmac.h $ exheader_ripemd := ripemd.h $ exheader_whrlpool := whrlpool.h -$ exheader_des := des.h, des_old.h +$ exheader_des := des.h $ exheader_aes := aes.h $ exheader_rc2 := rc2.h $ exheader_rc4 := rc4.h diff --git a/crypto/mdc2/Makefile b/crypto/mdc2/Makefile index 1415531..0e66978 100644 --- a/crypto/mdc2/Makefile +++ b/crypto/mdc2/Makefile @@ -76,7 +76,7 @@ clean: mdc2_one.o: ../../e_os.h ../../include/openssl/bio.h mdc2_one.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -mdc2_one.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +mdc2_one.o: ../../include/openssl/des.h mdc2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h mdc2_one.o: ../../include/openssl/lhash.h ../../include/openssl/mdc2.h mdc2_one.o: ../../include/openssl/opensslconf.h @@ -85,7 +85,7 @@ mdc2_one.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h mdc2_one.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h mdc2_one.o: ../../include/openssl/ui_compat.h ../cryptlib.h mdc2_one.c mdc2dgst.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -mdc2dgst.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h +mdc2dgst.o: ../../include/openssl/e_os2.h mdc2dgst.o: ../../include/openssl/mdc2.h ../../include/openssl/opensslconf.h mdc2dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h mdc2dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h diff --git a/crypto/pem/Makefile b/crypto/pem/Makefile index 7691f83..9ac00b9 100644 --- a/crypto/pem/Makefile +++ b/crypto/pem/Makefile @@ -123,7 +123,7 @@ pem_info.o: ../cryptlib.h pem_info.c pem_lib.o: ../../e_os.h ../../include/openssl/asn1.h pem_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -pem_lib.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h +pem_lib.o: ../../include/openssl/e_os2.h pem_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pem_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h pem_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h diff --git a/makevms.com b/makevms.com index ac1ccc9..6a73441 100755 --- a/makevms.com +++ b/makevms.com @@ -793,7 +793,7 @@ $ EXHEADER_MDC2 := mdc2.h $ EXHEADER_HMAC := hmac.h $ EXHEADER_RIPEMD := ripemd.h $ EXHEADER_WHRLPOOL := whrlpool.h -$ EXHEADER_DES := des.h, des_old.h +$ EXHEADER_DES := des.h $ EXHEADER_AES := aes.h $ EXHEADER_RC2 := rc2.h $ EXHEADER_RC4 := rc4.h diff --git a/test/Makefile b/test/Makefile index fda5d76..f0eb183 100644 --- a/test/Makefile +++ b/test/Makefile @@ -570,7 +570,7 @@ casttest.o: ../include/openssl/opensslconf.h casttest.c constant_time_test.o: ../crypto/constant_time_locl.h ../e_os.h constant_time_test.o: ../include/openssl/e_os2.h constant_time_test.o: ../include/openssl/opensslconf.h constant_time_test.c -destest.o: ../include/openssl/des.h ../include/openssl/des_old.h +destest.o: ../include/openssl/des.h destest.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h destest.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h destest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h @@ -736,7 +736,7 @@ md5test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h md5test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h md5test.c mdc2test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h mdc2test.o: ../include/openssl/crypto.h ../include/openssl/des.h -mdc2test.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h +mdc2test.o: ../include/openssl/e_os2.h mdc2test.o: ../include/openssl/evp.h ../include/openssl/mdc2.h mdc2test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h mdc2test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h From rsalz at openssl.org Tue Feb 3 03:40:55 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 3 Feb 2015 04:40:55 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150203034057.5D1BE1DF121@butler.localdomain> The branch master has been updated via c303d4d8686b9b46b5d85acdd94ec896433b813f (commit) from 24956ca00f014a917fb181a8abc39b349f3f316f (commit) - Log ----------------------------------------------------------------- commit c303d4d8686b9b46b5d85acdd94ec896433b813f Author: Rich Salz Date: Mon Feb 2 22:40:36 2015 -0500 old_des fix windows build, remove docs Remove outdated doc files. Fix windows build after old_des was removed. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: doc/crypto/des.pod | 31 ------------------------- doc/crypto/ui_compat.pod | 57 ---------------------------------------------- util/mkdef.pl | 2 +- 3 files changed, 1 insertion(+), 89 deletions(-) delete mode 100644 doc/crypto/ui_compat.pod diff --git a/doc/crypto/des.pod b/doc/crypto/des.pod index 2afe572..6742a4c 100644 --- a/doc/crypto/des.pod +++ b/doc/crypto/des.pod @@ -312,37 +312,6 @@ functions directly. Single-key DES is insecure due to its short key size. ECB mode is not suitable for most applications; see L. -=head1 HISTORY - -In OpenSSL 0.9.7, all des_ functions were renamed to DES_ to avoid -clashes with older versions of libdes. Compatibility des_ functions -are provided for a short while, as well as crypt(). -Declarations for these are in . There is no DES_ -variant for des_random_seed(). -This will happen to other functions -as well if they are deemed redundant (des_random_seed() just calls -RAND_seed() and is present for backward compatibility only), buggy or -already scheduled for removal. - -des_cbc_cksum(), des_cbc_encrypt(), des_ecb_encrypt(), -des_is_weak_key(), des_key_sched(), des_pcbc_encrypt(), -des_quad_cksum(), des_random_key() and des_string_to_key() -are available in the MIT Kerberos library; -des_check_key_parity(), des_fixup_key_parity() and des_is_weak_key() -are available in newer versions of that library. - -des_set_key_checked() and des_set_key_unchecked() were added in -OpenSSL 0.9.5. - -des_generate_random_block(), des_init_random_number_generator(), -des_new_random_key(), des_set_random_generator_seed() and -des_set_sequence_number() and des_rand_data() are used in newer -versions of Kerberos but are not implemented here. - -des_random_key() generated cryptographically weak random data in -SSLeay and in OpenSSL prior version 0.9.5, as well as in the original -MIT library. - =head1 AUTHOR Eric Young (eay at cryptsoft.com). Modified for the OpenSSL project diff --git a/doc/crypto/ui_compat.pod b/doc/crypto/ui_compat.pod deleted file mode 100644 index adf2ae5..0000000 --- a/doc/crypto/ui_compat.pod +++ /dev/null @@ -1,57 +0,0 @@ -=pod - -=head1 NAME - -des_read_password, des_read_2passwords, des_read_pw_string, des_read_pw - -Compatibility user interface functions - -=head1 SYNOPSIS - - #include - - int des_read_password(DES_cblock *key,const char *prompt,int verify); - int des_read_2passwords(DES_cblock *key1,DES_cblock *key2, - const char *prompt,int verify); - - int des_read_pw_string(char *buf,int length,const char *prompt,int verify); - int des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify); - -=head1 DESCRIPTION - -The DES library contained a few routines to prompt for passwords. These -aren't necessarely dependent on DES, and have therefore become part of the -UI compatibility library. - -des_read_pw() writes the string specified by I to standard output -turns echo off and reads an input string from the terminal. The string is -returned in I, which must have spac for at least I bytes. -If I is set, the user is asked for the password twice and unless -the two copies match, an error is returned. The second password is stored -in I, which must therefore also be at least I bytes. A return -code of -1 indicates a system error, 1 failure due to use interaction, and -0 is success. All other functions described here use des_read_pw() to do -the work. - -des_read_pw_string() is a variant of des_read_pw() that provides a buffer -for you if I is set. - -des_read_password() calls des_read_pw() and converts the password to a -DES key by calling DES_string_to_key(); des_read_2password() operates in -the same way as des_read_password() except that it generates two keys -by using the DES_string_to_2key() function. - -=head1 NOTES - -des_read_pw_string() is available in the MIT Kerberos library as well, and -is also available under the name EVP_read_pw_string(). - -=head1 SEE ALSO - -L, L - -=head1 AUTHOR - -Richard Levitte (richard at levitte.org) for the OpenSSL project -(http://www.openssl.org). - -=cut diff --git a/util/mkdef.pl b/util/mkdef.pl index 03fbf20..be7dd42 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -281,7 +281,7 @@ my $crypto ="crypto/crypto.h"; $crypto.=" crypto/cryptlib.h"; $crypto.=" crypto/o_dir.h"; $crypto.=" crypto/o_str.h"; -$crypto.=" crypto/des/des.h crypto/des/des_old.h" ; # unless $no_des; +$crypto.=" crypto/des/des.h" ; # unless $no_des; $crypto.=" crypto/idea/idea.h" ; # unless $no_idea; $crypto.=" crypto/rc4/rc4.h" ; # unless $no_rc4; $crypto.=" crypto/rc5/rc5.h" ; # unless $no_rc5; From steve at openssl.org Tue Feb 3 14:01:56 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 3 Feb 2015 15:01:56 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150203140156.650301DF121@butler.localdomain> The branch master has been updated via 52e028b9de371da62c1e51b46592517b1068d770 (commit) from c303d4d8686b9b46b5d85acdd94ec896433b813f (commit) - Log ----------------------------------------------------------------- commit 52e028b9de371da62c1e51b46592517b1068d770 Author: Dr. Stephen Henson Date: Sun Feb 1 13:06:32 2015 +0000 Check PKCS#8 pkey field is valid before cleansing. PR:3683 Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/asn1/p8_pkey.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/asn1/p8_pkey.c b/crypto/asn1/p8_pkey.c index 9075483..0a425cd 100644 --- a/crypto/asn1/p8_pkey.c +++ b/crypto/asn1/p8_pkey.c @@ -69,7 +69,8 @@ static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, /* Since the structure must still be valid use ASN1_OP_FREE_PRE */ if (operation == ASN1_OP_FREE_PRE) { PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval; - if (key->pkey->value.octet_string) + if (key->pkey && key->pkey->type == V_ASN1_OCTET_STRING + && key->pkey->value.octet_string != NULL) OPENSSL_cleanse(key->pkey->value.octet_string->data, key->pkey->value.octet_string->length); } From steve at openssl.org Tue Feb 3 14:03:20 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 3 Feb 2015 15:03:20 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <20150203140320.DB1A41DF1AC@butler.localdomain> The branch OpenSSL_1_0_0-stable has been updated via 99ff40515d65ca98730f14fb7bf4da7c1534ddf9 (commit) from 192e148154dc02a3d867cc2f45d33eb94436f9a6 (commit) - Log ----------------------------------------------------------------- commit 99ff40515d65ca98730f14fb7bf4da7c1534ddf9 Author: Dr. Stephen Henson Date: Sun Feb 1 13:06:32 2015 +0000 Check PKCS#8 pkey field is valid before cleansing. PR:3683 Reviewed-by: Tim Hudson (cherry picked from commit 52e028b9de371da62c1e51b46592517b1068d770) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/p8_pkey.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/asn1/p8_pkey.c b/crypto/asn1/p8_pkey.c index 9075483..0a425cd 100644 --- a/crypto/asn1/p8_pkey.c +++ b/crypto/asn1/p8_pkey.c @@ -69,7 +69,8 @@ static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, /* Since the structure must still be valid use ASN1_OP_FREE_PRE */ if (operation == ASN1_OP_FREE_PRE) { PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval; - if (key->pkey->value.octet_string) + if (key->pkey && key->pkey->type == V_ASN1_OCTET_STRING + && key->pkey->value.octet_string != NULL) OPENSSL_cleanse(key->pkey->value.octet_string->data, key->pkey->value.octet_string->length); } From steve at openssl.org Tue Feb 3 14:03:21 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 3 Feb 2015 15:03:21 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150203140321.3039B1DF1AE@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via f17a4ad7d7b5b6131f951409f7be79eaac62fd31 (commit) from 79e028575541e8fb37fe4d0889c985b2db0b6011 (commit) - Log ----------------------------------------------------------------- commit f17a4ad7d7b5b6131f951409f7be79eaac62fd31 Author: Dr. Stephen Henson Date: Sun Feb 1 13:06:32 2015 +0000 Check PKCS#8 pkey field is valid before cleansing. PR:3683 Reviewed-by: Tim Hudson (cherry picked from commit 52e028b9de371da62c1e51b46592517b1068d770) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/p8_pkey.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/asn1/p8_pkey.c b/crypto/asn1/p8_pkey.c index 9075483..0a425cd 100644 --- a/crypto/asn1/p8_pkey.c +++ b/crypto/asn1/p8_pkey.c @@ -69,7 +69,8 @@ static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, /* Since the structure must still be valid use ASN1_OP_FREE_PRE */ if (operation == ASN1_OP_FREE_PRE) { PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval; - if (key->pkey->value.octet_string) + if (key->pkey && key->pkey->type == V_ASN1_OCTET_STRING + && key->pkey->value.octet_string != NULL) OPENSSL_cleanse(key->pkey->value.octet_string->data, key->pkey->value.octet_string->length); } From steve at openssl.org Tue Feb 3 14:03:20 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 3 Feb 2015 15:03:20 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <20150203140321.13E441DF1AD@butler.localdomain> The branch OpenSSL_1_0_1-stable has been updated via 6b7c68e0388e499a1c2846131fca7ffd7b3fa78f (commit) from 81ce20e6ac1d3298bfff8bd059007968f05115e0 (commit) - Log ----------------------------------------------------------------- commit 6b7c68e0388e499a1c2846131fca7ffd7b3fa78f Author: Dr. Stephen Henson Date: Sun Feb 1 13:06:32 2015 +0000 Check PKCS#8 pkey field is valid before cleansing. PR:3683 Reviewed-by: Tim Hudson (cherry picked from commit 52e028b9de371da62c1e51b46592517b1068d770) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/p8_pkey.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/asn1/p8_pkey.c b/crypto/asn1/p8_pkey.c index 9075483..0a425cd 100644 --- a/crypto/asn1/p8_pkey.c +++ b/crypto/asn1/p8_pkey.c @@ -69,7 +69,8 @@ static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, /* Since the structure must still be valid use ASN1_OP_FREE_PRE */ if (operation == ASN1_OP_FREE_PRE) { PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval; - if (key->pkey->value.octet_string) + if (key->pkey && key->pkey->type == V_ASN1_OCTET_STRING + && key->pkey->value.octet_string != NULL) OPENSSL_cleanse(key->pkey->value.octet_string->data, key->pkey->value.octet_string->length); } From steve at openssl.org Tue Feb 3 14:03:20 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 3 Feb 2015 15:03:20 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <20150203140320.CADED1DF121@butler.localdomain> The branch OpenSSL_0_9_8-stable has been updated via d64a227f1f433cd754baee4065127d28723237ff (commit) from 6844c129682c525af278bac75cb5d0696b85fa10 (commit) - Log ----------------------------------------------------------------- commit d64a227f1f433cd754baee4065127d28723237ff Author: Dr. Stephen Henson Date: Sun Feb 1 13:06:32 2015 +0000 Check PKCS#8 pkey field is valid before cleansing. PR:3683 Reviewed-by: Tim Hudson (cherry picked from commit 52e028b9de371da62c1e51b46592517b1068d770) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/p8_pkey.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/asn1/p8_pkey.c b/crypto/asn1/p8_pkey.c index d8fc07b..6cd36ce 100644 --- a/crypto/asn1/p8_pkey.c +++ b/crypto/asn1/p8_pkey.c @@ -68,7 +68,8 @@ static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) /* Since the structure must still be valid use ASN1_OP_FREE_PRE */ if (operation == ASN1_OP_FREE_PRE) { PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval; - if (key->pkey->value.octet_string) + if (key->pkey && key->pkey->type == V_ASN1_OCTET_STRING + && key->pkey->value.octet_string != NULL) OPENSSL_cleanse(key->pkey->value.octet_string->data, key->pkey->value.octet_string->length); } From steve at openssl.org Tue Feb 3 14:54:11 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 3 Feb 2015 15:54:11 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150203145412.82E3C1DF121@butler.localdomain> The branch master has been updated via 156a872233b56558c72561789b8f33ff71a88fa7 (commit) via 6668b6b8b0c1bcb6c6168ab22159a12cac41ae79 (commit) via c536461499a3e93166921181847b3ed9b2d85c7d (commit) via 0cfb0e75b9dbf1a605c47e1b79c76d43a1f8344d (commit) via ddc06b35565d9f2888e8d946ee7ae292bc902afd (commit) via c660ec63a83090051f3e110b00bd5753f21bce51 (commit) via 48fbcbacd2b22ab8d1bd9203a8fdc316eaab62f1 (commit) via 6f152a15d433c249b4b73d0a7968d4ea63925a24 (commit) from 52e028b9de371da62c1e51b46592517b1068d770 (commit) - Log ----------------------------------------------------------------- commit 156a872233b56558c72561789b8f33ff71a88fa7 Author: Dr. Stephen Henson Date: Sat Jan 24 17:09:55 2015 +0000 Add SSL_get_extms_support documentation. Document SSL_get_extms_support(). Modify behaviour of SSL_get_extms_support() so it returns -1 if the master secret support of the peer is not known (e.g. handshake in progress). Reviewed-by: Tim Hudson Reviewed-by: Matt Caswell commit 6668b6b8b0c1bcb6c6168ab22159a12cac41ae79 Author: Dr. Stephen Henson Date: Fri Jan 23 14:03:48 2015 +0000 Add CHANGES entry. Reviewed-by: Tim Hudson Reviewed-by: Matt Caswell commit c536461499a3e93166921181847b3ed9b2d85c7d Author: Dr. Stephen Henson Date: Fri Jan 23 02:52:20 2015 +0000 Ctrl to retrieve extms support. Reviewed-by: Tim Hudson Reviewed-by: Matt Caswell commit 0cfb0e75b9dbf1a605c47e1b79c76d43a1f8344d Author: Dr. Stephen Henson Date: Fri Jan 23 02:49:16 2015 +0000 Add extms support to master key generation. Update master secret calculation to support extended master secret. TLS 1.2 client authentication adds a complication because we need to cache the handshake messages. This is simpllified however because the point at which the handshake hashes are calculated for extended master secret is identical to that required for TLS 1.2 client authentication (immediately after client key exchange which is also immediately before certificate verify). Reviewed-by: Tim Hudson Reviewed-by: Matt Caswell commit ddc06b35565d9f2888e8d946ee7ae292bc902afd Author: Dr. Stephen Henson Date: Fri Jan 23 02:45:13 2015 +0000 Extended master secret extension support. Add and retrieve extended master secret extension, setting the flag SSL_SESS_FLAG_EXTMS appropriately. Note: this just sets the flag and doesn't include the changes to master secret generation. Reviewed-by: Tim Hudson Reviewed-by: Matt Caswell commit c660ec63a83090051f3e110b00bd5753f21bce51 Author: Dr. Stephen Henson Date: Fri Jan 23 02:41:09 2015 +0000 Rewrite ssl3_send_client_key_exchange to support extms. Rewrite ssl3_send_client_key_exchange to retain the premaster secret instead of using it immediately. This is needed because the premaster secret is used after the client key exchange message has been sent to compute the extended master secret. Reviewed-by: Tim Hudson Reviewed-by: Matt Caswell commit 48fbcbacd2b22ab8d1bd9203a8fdc316eaab62f1 Author: Dr. Stephen Henson Date: Fri Jan 23 02:37:27 2015 +0000 Utility function to retrieve handshake hashes. Retrieve handshake hashes in a separate function. This tidies the existing code and will be used for extended master secret generation. Reviewed-by: Tim Hudson Reviewed-by: Matt Caswell commit 6f152a15d433c249b4b73d0a7968d4ea63925a24 Author: Dr. Stephen Henson Date: Fri Jan 23 02:29:50 2015 +0000 Add flags field to SSL_SESSION. Add a "flags" field to SSL_SESSION. This will contain various flags such as encrypt-then-mac and extended master secret support. Reviewed-by: Tim Hudson Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: CHANGES | 6 ++ doc/ssl/SSL_get_extms_support.pod | 33 ++++++ ssl/d1_srvr.c | 16 +-- ssl/s3_clnt.c | 200 +++++++++++++++++++++---------------- ssl/s3_srvr.c | 16 +-- ssl/ssl.h | 4 + ssl/ssl_asn1.c | 23 +++++ ssl/ssl_cert.c | 5 + ssl/ssl_lib.c | 36 +++++++ ssl/ssl_locl.h | 10 ++ ssl/ssl_txt.c | 4 + ssl/t1_enc.c | 94 ++++++++--------- ssl/t1_lib.c | 14 +++ ssl/t1_trce.c | 3 +- ssl/tls1.h | 15 ++- 15 files changed, 330 insertions(+), 149 deletions(-) create mode 100644 doc/ssl/SSL_get_extms_support.pod diff --git a/CHANGES b/CHANGES index 11176ce..8fcfcce 100644 --- a/CHANGES +++ b/CHANGES @@ -3,6 +3,12 @@ _______________ Changes between 1.0.2 and 1.1.0 [xx XXX xxxx] + + *) Added support for TLS extended master secret from + draft-ietf-tls-session-hash-03.txt. Thanks for Alfredo Pironti for an + initial patch which was a great help during development. + [Steve Henson] + *) All libssl internal structures have been removed from the public header files, and the OPENSSL_NO_SSL_INTERN option has been removed (since it is now redundant). Users should not attempt to access internal structures diff --git a/doc/ssl/SSL_get_extms_support.pod b/doc/ssl/SSL_get_extms_support.pod new file mode 100644 index 0000000..427819a --- /dev/null +++ b/doc/ssl/SSL_get_extms_support.pod @@ -0,0 +1,33 @@ +=pod + +=head1 NAME + +SSL_get_extms_support - extended master secret support + +=head1 SYNOPSIS + + #include + + int SSL_get_extms_support(SSL *ssl); + +=head1 DESCRIPTION + +SSL_get_extms_support() indicates whether the current session used extended +master secret. + +This function is implemented as a macro. + +=head1 RETURN VALUES + +SSL_get_extms_support() returns 1 if the current session used extended +master secret, 0 if it did not and -1 if a handshake is currently in +progress i.e. it is not possible to determine if extended master secret +was used. + +=back + +=head1 SEE ALSO + +L + +=cut diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 1ccdc35..55d37e7 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -655,17 +655,19 @@ int dtls1_accept(SSL *s) s->init_num = 0; if (!s->session->peer) break; - /* - * For sigalgs freeze the handshake buffer at this point and - * digest cached records. - */ if (!s->s3->handshake_buffer) { SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR); return -1; } - s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE; - if (!ssl3_digest_cached_records(s)) - return -1; + /* + * For sigalgs freeze the handshake buffer. If we support + * extms we've done this already. + */ + if (!(s->s3->flags & SSL_SESS_FLAG_EXTMS)) { + s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE; + if (!ssl3_digest_cached_records(s)) + return -1; + } } else { s->state = SSL3_ST_SR_CERT_VRFY_A; s->init_num = 0; diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index a383eee..5e2b543 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -2338,6 +2338,8 @@ int ssl3_send_client_key_exchange(SSL *s) int encoded_pt_len = 0; BN_CTX *bn_ctx = NULL; #endif + unsigned char *pms = NULL; + size_t pmslen = 0; if (s->state == SSL3_ST_CW_KEY_EXCH_A) { p = ssl_handshake_start(s); @@ -2350,7 +2352,10 @@ int ssl3_send_client_key_exchange(SSL *s) #ifndef OPENSSL_NO_RSA else if (alg_k & SSL_kRSA) { RSA *rsa; - unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; + pmslen = SSL_MAX_MASTER_KEY_LENGTH; + pms = OPENSSL_malloc(pmslen); + if (!pms) + goto memerr; if (s->session->sess_cert == NULL) { /* @@ -2378,19 +2383,16 @@ int ssl3_send_client_key_exchange(SSL *s) EVP_PKEY_free(pkey); } - tmp_buf[0] = s->client_version >> 8; - tmp_buf[1] = s->client_version & 0xff; - if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0) + pms[0] = s->client_version >> 8; + pms[1] = s->client_version & 0xff; + if (RAND_bytes(pms + 2, pmslen - 2) <= 0) goto err; - s->session->master_key_length = sizeof tmp_buf; - q = p; /* Fix buf for TLS and beyond */ if (s->version > SSL3_VERSION) p += 2; - n = RSA_public_encrypt(sizeof tmp_buf, - tmp_buf, p, rsa, RSA_PKCS1_PADDING); + n = RSA_public_encrypt(pmslen, pms, p, rsa, RSA_PKCS1_PADDING); # ifdef PKCS1_CHECK if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++; @@ -2408,14 +2410,6 @@ int ssl3_send_client_key_exchange(SSL *s) s2n(n, q); n += 2; } - - s->session->master_key_length = - s->method->ssl3_enc->generate_master_secret(s, - s-> - session->master_key, - tmp_buf, - sizeof tmp_buf); - OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); } #endif #ifndef OPENSSL_NO_KRB5 @@ -2505,9 +2499,14 @@ int ssl3_send_client_key_exchange(SSL *s) n += 2; } - tmp_buf[0] = s->client_version >> 8; - tmp_buf[1] = s->client_version & 0xff; - if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0) + pmslen = SSL_MAX_MASTER_KEY_LENGTH; + pms = OPENSSL_malloc(pmslen); + if (!pms) + goto memerr; + + pms[0] = s->client_version >> 8; + pms[1] = s->client_version & 0xff; + if (RAND_bytes(pms + 2, pmslen - 2) <= 0) goto err; /*- @@ -2520,8 +2519,7 @@ int ssl3_send_client_key_exchange(SSL *s) memset(iv, 0, sizeof iv); /* per RFC 1510 */ EVP_EncryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv); - EVP_EncryptUpdate(&ciph_ctx, epms, &outl, tmp_buf, - sizeof tmp_buf); + EVP_EncryptUpdate(&ciph_ctx, epms, &outl, pms, pmslen); EVP_EncryptFinal_ex(&ciph_ctx, &(epms[outl]), &padl); outl += padl; if (outl > (int)sizeof epms) { @@ -2536,15 +2534,6 @@ int ssl3_send_client_key_exchange(SSL *s) memcpy(p, epms, outl); p += outl; n += outl + 2; - - s->session->master_key_length = - s->method->ssl3_enc->generate_master_secret(s, - s-> - session->master_key, - tmp_buf, - sizeof tmp_buf); - - OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); OPENSSL_cleanse(epms, outl); } #endif @@ -2603,12 +2592,17 @@ int ssl3_send_client_key_exchange(SSL *s) } } + pmslen = DH_size(dh_clnt); + pms = OPENSSL_malloc(pmslen); + if (!pms) + goto memerr; + /* * use the 'p' output buffer for the DH key, but make sure to * clear it out afterwards */ - n = DH_compute_key(p, dh_srvr->pub_key, dh_clnt); + n = DH_compute_key(pms, dh_srvr->pub_key, dh_clnt); if (scert->peer_dh_tmp == NULL) DH_free(dh_srvr); @@ -2618,15 +2612,6 @@ int ssl3_send_client_key_exchange(SSL *s) goto err; } - /* generate master key from the result */ - s->session->master_key_length = - s->method->ssl3_enc->generate_master_secret(s, - s-> - session->master_key, - p, n); - /* clean up */ - memset(p, 0, n); - if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) n = 0; else { @@ -2758,22 +2743,16 @@ int ssl3_send_client_key_exchange(SSL *s) SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); goto err; } - n = ECDH_compute_key(p, (field_size + 7) / 8, srvr_ecpoint, - clnt_ecdh, NULL); - if (n <= 0) { + pmslen = (field_size + 7) / 8; + pms = OPENSSL_malloc(pmslen); + if (!pms) + goto memerr; + n = ECDH_compute_key(pms, pmslen, srvr_ecpoint, clnt_ecdh, NULL); + if (n <= 0 || pmslen != (size_t)n) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); goto err; } - /* generate master key from the result */ - s->session->master_key_length = - s->method->ssl3_enc->generate_master_secret(s, - s-> - session->master_key, - p, n); - - memset(p, 0, n); /* clean up */ - if (ecdh_clnt_cert) { /* Send empty client key exch message */ n = 0; @@ -2828,10 +2807,15 @@ int ssl3_send_client_key_exchange(SSL *s) size_t msglen; unsigned int md_len; int keytype; - unsigned char premaster_secret[32], shared_ukm[32], tmp[256]; + unsigned char shared_ukm[32], tmp[256]; EVP_MD_CTX *ukm_hash; EVP_PKEY *pub_key; + pmslen = 32; + pms = OPENSSL_malloc(pmslen); + if (!pms) + goto memerr; + /* * Get server sertificate PKEY and create ctx from it */ @@ -2861,7 +2845,7 @@ int ssl3_send_client_key_exchange(SSL *s) EVP_PKEY_encrypt_init(pkey_ctx); /* Generate session key */ - RAND_bytes(premaster_secret, 32); + RAND_bytes(pms, pmslen); /* * If we have client certificate, use its secret as peer key */ @@ -2901,8 +2885,7 @@ int ssl3_send_client_key_exchange(SSL *s) */ *(p++) = V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED; msglen = 255; - if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, premaster_secret, 32) - < 0) { + if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, pms, pmslen) < 0) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_LIBRARY_BUG); goto err; @@ -2923,12 +2906,6 @@ int ssl3_send_client_key_exchange(SSL *s) s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY; } EVP_PKEY_CTX_free(pkey_ctx); - s->session->master_key_length = - s->method->ssl3_enc->generate_master_secret(s, - s-> - session->master_key, - premaster_secret, - 32); EVP_PKEY_free(pub_key); } @@ -2953,15 +2930,6 @@ int ssl3_send_client_key_exchange(SSL *s) ERR_R_MALLOC_FAILURE); goto err; } - - if ((s->session->master_key_length = - SRP_generate_client_master_secret(s, - s->session->master_key)) < - 0) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); - goto err; - } } #endif #ifndef OPENSSL_NO_PSK @@ -2974,8 +2942,7 @@ int ssl3_send_client_key_exchange(SSL *s) char identity[PSK_MAX_IDENTITY_LEN + 2]; size_t identity_len; unsigned char *t = NULL; - unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN * 2 + 4]; - unsigned int pre_ms_len = 0, psk_len = 0; + unsigned int psk_len = 0; int psk_err = 1; n = 0; @@ -2986,10 +2953,15 @@ int ssl3_send_client_key_exchange(SSL *s) } memset(identity, 0, sizeof(identity)); + /* Allocate maximum size buffer */ + pmslen = PSK_MAX_PSK_LEN * 2 + 4; + pms = OPENSSL_malloc(pmslen); + if (!pms) + goto memerr; + psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint, identity, sizeof(identity) - 1, - psk_or_pre_ms, - sizeof(psk_or_pre_ms)); + pms, pmslen); if (psk_len > PSK_MAX_PSK_LEN) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); @@ -2999,6 +2971,8 @@ int ssl3_send_client_key_exchange(SSL *s) SSL_R_PSK_IDENTITY_NOT_FOUND); goto psk_err; } + /* Change pmslen to real length */ + pmslen = 2 + psk_len + 2 + psk_len; identity[PSK_MAX_IDENTITY_LEN + 1] = '\0'; identity_len = strlen(identity); if (identity_len > PSK_MAX_IDENTITY_LEN) { @@ -3007,9 +2981,8 @@ int ssl3_send_client_key_exchange(SSL *s) goto psk_err; } /* create PSK pre_master_secret */ - pre_ms_len = 2 + psk_len + 2 + psk_len; - t = psk_or_pre_ms; - memmove(psk_or_pre_ms + psk_len + 4, psk_or_pre_ms, psk_len); + t = pms; + memmove(pms + psk_len + 4, pms, psk_len); s2n(psk_len, t); memset(t, 0, psk_len); t += psk_len; @@ -3035,19 +3008,12 @@ int ssl3_send_client_key_exchange(SSL *s) goto psk_err; } - s->session->master_key_length = - s->method->ssl3_enc->generate_master_secret(s, - s-> - session->master_key, - psk_or_pre_ms, - pre_ms_len); s2n(identity_len, p); memcpy(p, identity, identity_len); n = 2 + identity_len; psk_err = 0; psk_err: OPENSSL_cleanse(identity, sizeof(identity)); - OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms)); if (psk_err != 0) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); goto err; @@ -3065,8 +3031,60 @@ int ssl3_send_client_key_exchange(SSL *s) } /* SSL3_ST_CW_KEY_EXCH_B */ - return ssl_do_write(s); + n = ssl_do_write(s); +#ifndef OPENSSL_NO_SRP + /* Check for SRP */ + if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) { + /* + * If everything written generate master key: no need to save PMS as + * SRP_generate_client_master_secret generates it internally. + */ + if (n > 0) { + if ((s->session->master_key_length = + SRP_generate_client_master_secret(s, + s->session->master_key)) < + 0) { + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + goto err; + } + } + } else +#endif + /* If we haven't written everything save PMS */ + if (n <= 0) { + s->cert->pms = pms; + s->cert->pmslen = pmslen; + } else { + /* If we don't have a PMS restore */ + if (pms == NULL) { + pms = s->cert->pms; + pmslen = s->cert->pmslen; + } + if (pms == NULL) { + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); + goto err; + } + s->session->master_key_length = + s->method->ssl3_enc->generate_master_secret(s, + s-> + session->master_key, + pms, pmslen); + OPENSSL_cleanse(pms, pmslen); + OPENSSL_free(pms); + s->cert->pms = NULL; + } + return n; + memerr: + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); err: + if (pms) { + OPENSSL_cleanse(pms, pmslen); + OPENSSL_free(pms); + s->cert->pms = NULL; + } #ifndef OPENSSL_NO_ECDH BN_CTX_free(bn_ctx); if (encodedPoint != NULL) @@ -3132,7 +3150,15 @@ int ssl3_send_client_verify(SSL *s) } s2n(u, p); n = u + 4; - if (!ssl3_digest_cached_records(s)) + /* + * For extended master secret we've already digested cached + * records. + */ + if (s->session->flags & SSL_SESS_FLAG_EXTMS) { + BIO_free(s->s3->handshake_buffer); + s->s3->handshake_buffer = NULL; + s->s3->flags &= ~TLS1_FLAGS_KEEP_HANDSHAKE; + } else if (!ssl3_digest_cached_records(s)) goto err; } else #ifndef OPENSSL_NO_RSA diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index e929658..f31b76a 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -620,17 +620,19 @@ int ssl3_accept(SSL *s) s->init_num = 0; if (!s->session->peer) break; - /* - * For sigalgs freeze the handshake buffer at this point and - * digest cached records. - */ if (!s->s3->handshake_buffer) { SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR); return -1; } - s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE; - if (!ssl3_digest_cached_records(s)) - return -1; + /* + * For sigalgs freeze the handshake buffer. If we support + * extms we've done this already. + */ + if (!(s->s3->flags & SSL_SESS_FLAG_EXTMS)) { + s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE; + if (!ssl3_digest_cached_records(s)) + return -1; + } } else { int offset = 0; int dgst_num; diff --git a/ssl/ssl.h b/ssl/ssl.h index df91c18..a3b8a81 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -656,6 +656,9 @@ void SSL_set_msg_callback(SSL *ssl, # define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) # define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) +# define SSL_get_extms_support(s) \ + SSL_ctrl((s),SSL_CTRL_GET_EXTMS_SUPPORT,0,NULL) + # ifndef OPENSSL_NO_SRP /* see tls_srp.c */ @@ -1212,6 +1215,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_CTRL_CHECK_PROTO_VERSION 119 # define DTLS_CTRL_SET_LINK_MTU 120 # define DTLS_CTRL_GET_LINK_MIN_MTU 121 +# define SSL_CTRL_GET_EXTMS_SUPPORT 122 # define SSL_CERT_SET_FIRST 1 # define SSL_CERT_SET_NEXT 2 # define SSL_CERT_SET_SERVER 3 diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index 3eaee1d..b27e058 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -115,6 +115,7 @@ typedef struct ssl_session_asn1_st { #ifndef OPENSSL_NO_SRP ASN1_OCTET_STRING srp_username; #endif /* OPENSSL_NO_SRP */ + ASN1_INTEGER flags; } SSL_SESSION_ASN1; int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) @@ -134,6 +135,8 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) #ifndef OPENSSL_NO_SRP int v12 = 0; #endif + unsigned char fbuf[LSIZE2]; + int v13 = 0; long l; SSL_SESSION_ASN1 a; M_ASN1_I2D_vars(in); @@ -256,6 +259,13 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) } #endif /* OPENSSL_NO_SRP */ + if (in->flags) { + a.flags.length = LSIZE2; + a.flags.type = V_ASN1_INTEGER; + a.flags.data = fbuf; + ASN1_INTEGER_set(&a.flags, in->flags); + } + M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER); M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER); M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING); @@ -304,6 +314,8 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) M_ASN1_I2D_len_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING, 12, v12); #endif /* OPENSSL_NO_SRP */ + if (in->flags) + M_ASN1_I2D_len_EXP_opt(&(a.flags), i2d_ASN1_INTEGER, 13, v13); M_ASN1_I2D_seq_total(); @@ -356,6 +368,8 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) M_ASN1_I2D_put_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING, 12, v12); #endif /* OPENSSL_NO_SRP */ + if (in->flags) + M_ASN1_I2D_put_EXP_opt(&a.flags, i2d_ASN1_INTEGER, 13, v13); M_ASN1_I2D_finish(); } @@ -593,6 +607,15 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, } else ret->srp_username = NULL; #endif /* OPENSSL_NO_SRP */ + ai.length = 0; + M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 13); + if (ai.data != NULL) { + ret->flags = ASN1_INTEGER_get(aip); + OPENSSL_free(ai.data); + ai.data = NULL; + ai.length = 0; + } else + ret->flags = 0; M_ASN1_D2I_Finish(a, SSL_SESSION_free, SSL_F_D2I_SSL_SESSION); } diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index f2de54b..1178d43 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -476,6 +476,11 @@ void ssl_cert_free(CERT *c) custom_exts_free(&c->cli_ext); custom_exts_free(&c->srv_ext); #endif + if (c->pms) { + OPENSSL_cleanse(c->pms, c->pmslen); + OPENSSL_free(c->pms); + c->pms = NULL; + } OPENSSL_free(c); } diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 2a84ff2..bcb6be1 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1134,6 +1134,13 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) return (int)s->cert->ciphers_rawlen; } else return ssl_put_cipher_by_char(s, NULL, NULL); + case SSL_CTRL_GET_EXTMS_SUPPORT: + if (!s->session || SSL_in_init(s) || s->in_handshake) + return -1; + if (s->session->flags & SSL_SESS_FLAG_EXTMS) + return 1; + else + return 0; default: return (s->method->ssl_ctrl(s, cmd, larg, parg)); } @@ -3479,6 +3486,35 @@ void ssl_clear_hash_ctx(EVP_MD_CTX **hash) *hash = NULL; } +/* Retrieve handshake hashes */ +int ssl_handshake_hash(SSL *s, unsigned char *out, int outlen) +{ + unsigned char *p = out; + int idx, ret = 0; + long mask; + EVP_MD_CTX ctx; + const EVP_MD *md; + EVP_MD_CTX_init(&ctx); + for (idx = 0; ssl_get_handshake_digest(idx, &mask, &md); idx++) { + if (mask & ssl_get_algorithm2(s)) { + int hashsize = EVP_MD_size(md); + EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx]; + if (!hdgst || hashsize < 0 || hashsize > outlen) + goto err; + if (!EVP_MD_CTX_copy_ex(&ctx, hdgst)) + goto err; + if (!EVP_DigestFinal_ex(&ctx, p, NULL)) + goto err; + p += hashsize; + outlen -= hashsize; + } + } + ret = p - out; + err: + EVP_MD_CTX_cleanup(&ctx); + return ret; +} + void SSL_set_debug(SSL *s, int debug) { s->debug = debug; diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 56d6108..49425d8 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -597,6 +597,7 @@ struct ssl_method_st { * Ticket [10] EXPLICIT OCTET STRING, -- session ticket (clients only) * Compression_meth [11] EXPLICIT OCTET STRING, -- optional compression method * SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username + * flags [ 13 ] EXPLICIT INTEGER -- optional flags * } * Look in ssl/ssl_asn1.c for more details * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). @@ -674,8 +675,12 @@ struct ssl_session_st { # ifndef OPENSSL_NO_SRP char *srp_username; # endif + long flags; }; +/* Extended master secret support */ +# define SSL_SESS_FLAG_EXTMS 0x1 + # ifndef OPENSSL_NO_SRP @@ -1674,6 +1679,9 @@ typedef struct cert_st { */ unsigned char *ctypes; size_t ctype_num; + /* Temporary storage for premaster secret */ + unsigned char *pms; + size_t pmslen; /* * signature algorithms peer reports: e.g. supported signature algorithms * extension for server or as part of a certificate request for client. @@ -2406,6 +2414,8 @@ int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len, int *al); +int ssl_handshake_hash(SSL *s, unsigned char *out, int outlen); + /* s3_cbc.c */ void ssl3_cbc_copy_mac(unsigned char *out, const SSL3_RECORD *rec, unsigned md_size); diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c index 76a7cce..e5774d2 100644 --- a/ssl/ssl_txt.c +++ b/ssl/ssl_txt.c @@ -244,6 +244,10 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) X509_verify_cert_error_string(x->verify_result)) <= 0) goto err; + if (BIO_printf(bp, " Extended master secret: %s\n", + x->flags & SSL_SESS_FLAG_EXTMS ? "yes" : "no") <= 0) + goto err; + return (1); err: return (0); diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 3f4973e..ff6273f 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -919,57 +919,28 @@ int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out) return ((int)ret); } -int tls1_final_finish_mac(SSL *s, - const char *str, int slen, unsigned char *out) +int tls1_final_finish_mac(SSL *s, const char *str, int slen, + unsigned char *out) { - unsigned int i; - EVP_MD_CTX ctx; - unsigned char buf[2 * EVP_MAX_MD_SIZE]; - unsigned char *q, buf2[12]; - int idx; - long mask; - int err = 0; - const EVP_MD *md; - - q = buf; + int hashlen; + unsigned char hash[2 * EVP_MAX_MD_SIZE]; + unsigned char buf2[12]; if (s->s3->handshake_buffer) if (!ssl3_digest_cached_records(s)) return 0; - EVP_MD_CTX_init(&ctx); + hashlen = ssl_handshake_hash(s, hash, sizeof(hash)); - for (idx = 0; ssl_get_handshake_digest(idx, &mask, &md); idx++) { - if (mask & ssl_get_algorithm2(s)) { - int hashsize = EVP_MD_size(md); - EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx]; - if (!hdgst || hashsize < 0 - || hashsize > (int)(sizeof buf - (size_t)(q - buf))) { - /* - * internal error: 'buf' is too small for this cipersuite! - */ - err = 1; - } else { - if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) || - !EVP_DigestFinal_ex(&ctx, q, &i) || - (i != (unsigned int)hashsize)) - err = 1; - q += hashsize; - } - } - } + if (hashlen == 0) + return 0; if (!tls1_PRF(ssl_get_algorithm2(s), - str, slen, buf, (int)(q - buf), NULL, 0, NULL, 0, NULL, 0, + str, slen, hash, hashlen, NULL, 0, NULL, 0, NULL, 0, s->session->master_key, s->session->master_key_length, out, buf2, sizeof buf2)) - err = 1; - EVP_MD_CTX_cleanup(&ctx); - - if (err) return 0; - else - return sizeof buf2; + return sizeof buf2; } int tls1_mac(SSL *ssl, unsigned char *md, int send) @@ -1099,13 +1070,41 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, len); #endif /* KSSL_DEBUG */ - - tls1_PRF(ssl_get_algorithm2(s), - TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE, - s->s3->client_random, SSL3_RANDOM_SIZE, - co, col, - s->s3->server_random, SSL3_RANDOM_SIZE, - so, sol, p, len, s->session->master_key, buff, sizeof buff); + if (s->session->flags & SSL_SESS_FLAG_EXTMS) { + unsigned char hash[EVP_MAX_MD_SIZE * 2]; + int hashlen; + /* If we don't have any digests cache records */ + if (s->s3->handshake_buffer) { + /* + * keep record buffer: this wont affect client auth because we're + * freezing the buffer at the same point (after client key + * exchange and before certificate verify) + */ + s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE; + ssl3_digest_cached_records(s); + } + hashlen = ssl_handshake_hash(s, hash, sizeof(hash)); +#ifdef SSL_DEBUG + fprintf(stderr, "Handshake hashes:\n"); + BIO_dump_fp(stderr, (char *)hash, hashlen); +#endif + tls1_PRF(ssl_get_algorithm2(s), + TLS_MD_EXTENDED_MASTER_SECRET_CONST, + TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE, + hash, hashlen, + co, col, + NULL, 0, + so, sol, p, len, s->session->master_key, buff, sizeof buff); + OPENSSL_cleanse(hash, hashlen); + } else { + tls1_PRF(ssl_get_algorithm2(s), + TLS_MD_MASTER_SECRET_CONST, + TLS_MD_MASTER_SECRET_CONST_SIZE, + s->s3->client_random, SSL3_RANDOM_SIZE, + co, col, + s->s3->server_random, SSL3_RANDOM_SIZE, + so, sol, p, len, s->session->master_key, buff, sizeof buff); + } #ifdef SSL_DEBUG fprintf(stderr, "Premaster Secret:\n"); BIO_dump_fp(stderr, (char *)p, len); @@ -1204,6 +1203,9 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, if (memcmp(val, TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE) == 0) goto err1; + if (memcmp(val, TLS_MD_EXTENDED_MASTER_SECRET_CONST, + TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE) == 0) + goto err1; if (memcmp(val, TLS_MD_KEY_EXPANSION_CONST, TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0) goto err1; diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 9be7347..22f7047 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1445,6 +1445,8 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, s2n(TLSEXT_TYPE_encrypt_then_mac, ret); s2n(0, ret); # endif + s2n(TLSEXT_TYPE_extended_master_secret, ret); + s2n(0, ret); /* * Add padding to workaround bugs in F5 terminators. See @@ -1682,6 +1684,10 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, } } # endif + if (!s->hit && s->session->flags & SSL_SESS_FLAG_EXTMS) { + s2n(TLSEXT_TYPE_extended_master_secret, ret); + s2n(0, ret); + } if (s->s3->alpn_selected) { const unsigned char *selected = s->s3->alpn_selected; @@ -2300,6 +2306,10 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, else if (type == TLSEXT_TYPE_encrypt_then_mac) s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC; # endif + else if (type == TLSEXT_TYPE_extended_master_secret) { + if (!s->hit) + s->session->flags |= SSL_SESS_FLAG_EXTMS; + } /* * If this ClientHello extension was unhandled and this is a * nonresumed connection, check whether the extension is a custom @@ -2594,6 +2604,10 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC; } # endif + else if (type == TLSEXT_TYPE_extended_master_secret) { + if (!s->hit) + s->session->flags |= SSL_SESS_FLAG_EXTMS; + } /* * If this extension type was not otherwise handled, but matches a * custom_cli_ext_record, then send it to the c callback diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 26160ed..4161750 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -363,7 +363,8 @@ static ssl_trace_tbl ssl_exts_tbl[] = { {TLSEXT_TYPE_session_ticket, "session_ticket"}, {TLSEXT_TYPE_renegotiate, "renegotiate"}, {TLSEXT_TYPE_next_proto_neg, "next_proto_neg"}, - {TLSEXT_TYPE_padding, "padding"} + {TLSEXT_TYPE_padding, "padding"}, + {TLSEXT_TYPE_extended_master_secret, "extended_master_secret"} }; static ssl_trace_tbl ssl_curve_tbl[] = { diff --git a/ssl/tls1.h b/ssl/tls1.h index 1f756a4..af03f13 100644 --- a/ssl/tls1.h +++ b/ssl/tls1.h @@ -250,6 +250,12 @@ extern "C" { * http://www.ietf.org/id/draft-ietf-tls-encrypt-then-mac-02.txt */ # define TLSEXT_TYPE_encrypt_then_mac 22 +/* + * Extended master secret extension. + * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml + * https://tools.ietf.org/id/draft-ietf-tls-session-hash-03.txt + */ +# define TLSEXT_TYPE_extended_master_secret 23 /* ExtensionType value from RFC4507 */ # define TLSEXT_TYPE_session_ticket 35 @@ -776,7 +782,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_FINISH_MAC_LENGTH 12 -# define TLS_MD_MAX_CONST_SIZE 20 +# define TLS_MD_MAX_CONST_SIZE 22 # define TLS_MD_CLIENT_FINISH_CONST "client finished" # define TLS_MD_CLIENT_FINISH_CONST_SIZE 15 # define TLS_MD_SERVER_FINISH_CONST "server finished" @@ -791,6 +797,8 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS_MD_IV_BLOCK_CONST_SIZE 8 # define TLS_MD_MASTER_SECRET_CONST "master secret" # define TLS_MD_MASTER_SECRET_CONST_SIZE 13 +# define TLS_MD_EXTENDED_MASTER_SECRET_CONST "extended master secret" +# define TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE 22 # ifdef CHARSET_EBCDIC # undef TLS_MD_CLIENT_FINISH_CONST @@ -840,6 +848,11 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) * master secret */ # define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" +# undef TLS_MD_EXTENDED_MASTER_SECRET_CONST +/* + * extended master secret + */ +# define TLS_MD_EXTENDED_MASTER_SECRET_CONST "\x65\x78\x74\x65\x63\x64\x65\x64\x20\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" # endif /* TLS Session Ticket extension struct */ From rsalz at openssl.org Tue Feb 3 16:21:31 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 3 Feb 2015 17:21:31 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150203162131.BADED1DF121@butler.localdomain> The branch master has been updated via dfb56425b68314b2b57e17c82c1df42e7a015132 (commit) from 156a872233b56558c72561789b8f33ff71a88fa7 (commit) - Log ----------------------------------------------------------------- commit dfb56425b68314b2b57e17c82c1df42e7a015132 Author: Rich Salz Date: Tue Feb 3 11:20:56 2015 -0500 Dead code: crypto/dh,modes,pkcs12,ripemd,rsa,srp And an uncompiled C++ test file. Also remove srp_lcl.h, with help from Richard. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/dh/dh_check.c | 10 +----- crypto/dh/dh_gen.c | 12 +------ crypto/modes/gcm128.c | 3 -- crypto/pkcs12/p12_key.c | 7 ---- crypto/ripemd/asm/rips.cpp | 82 ------------------------------------------ crypto/ripemd/rmd_locl.h | 18 +++------- crypto/rsa/rsa_null.c | 11 ------ crypto/srp/Makefile | 4 +-- crypto/srp/srp_lcl.h | 84 -------------------------------------------- crypto/srp/srp_lib.c | 5 +-- crypto/srp/srp_vfy.c | 7 +--- 11 files changed, 11 insertions(+), 232 deletions(-) delete mode 100644 crypto/ripemd/asm/rips.cpp delete mode 100644 crypto/srp/srp_lcl.h diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index 347467c..7a8e063 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -116,15 +116,7 @@ int DH_check(const DH *dh, int *ret) l = BN_mod_word(dh->p, 24); if (l != 11) *ret |= DH_NOT_SUITABLE_GENERATOR; - } -#if 0 - else if (BN_is_word(dh->g, DH_GENERATOR_3)) { - l = BN_mod_word(dh->p, 12); - if (l != 5) - *ret |= DH_NOT_SUITABLE_GENERATOR; - } -#endif - else if (BN_is_word(dh->g, DH_GENERATOR_5)) { + } else if (BN_is_word(dh->g, DH_GENERATOR_5)) { l = BN_mod_word(dh->p, 10); if ((l != 3) && (l != 7)) *ret |= DH_NOT_SUITABLE_GENERATOR; diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index 9b9db64..99ccae3 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -136,17 +136,7 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, if (!BN_set_word(t2, 11)) goto err; g = 2; - } -#if 0 /* does not work for safe primes */ - else if (generator == DH_GENERATOR_3) { - if (!BN_set_word(t1, 12)) - goto err; - if (!BN_set_word(t2, 5)) - goto err; - g = 3; - } -#endif - else if (generator == DH_GENERATOR_5) { + } else if (generator == DH_GENERATOR_5) { if (!BN_set_word(t1, 10)) goto err; if (!BN_set_word(t2, 3)) diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c index 5c75c91..1d1b0d9 100644 --- a/crypto/modes/gcm128.c +++ b/crypto/modes/gcm128.c @@ -1036,9 +1036,6 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, # endif #endif -#if 0 - n = (unsigned int)mlen % 16; /* alternative to ctx->mres */ -#endif mlen += len; if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len)) return -1; diff --git a/crypto/pkcs12/p12_key.c b/crypto/pkcs12/p12_key.c index 99b8260..5a06208 100644 --- a/crypto/pkcs12/p12_key.c +++ b/crypto/pkcs12/p12_key.c @@ -118,13 +118,6 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, int tmpn = n; #endif -#if 0 - if (!pass) { - PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } -#endif - EVP_MD_CTX_init(&ctx); #ifdef DEBUG_KEYGEN fprintf(stderr, "KEYGEN DEBUG\n"); diff --git a/crypto/ripemd/asm/rips.cpp b/crypto/ripemd/asm/rips.cpp deleted file mode 100644 index f7a1367..0000000 --- a/crypto/ripemd/asm/rips.cpp +++ /dev/null @@ -1,82 +0,0 @@ -// -// gettsc.inl -// -// gives access to the Pentium's (secret) cycle counter -// -// This software was written by Leonard Janke (janke at unixg.ubc.ca) -// in 1996-7 and is entered, by him, into the public domain. - -#if defined(__WATCOMC__) -void GetTSC(unsigned long&); -#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax]; -#elif defined(__GNUC__) -inline -void GetTSC(unsigned long& tsc) -{ - asm volatile(".byte 15, 49\n\t" - : "=eax" (tsc) - : - : "%edx", "%eax"); -} -#elif defined(_MSC_VER) -inline -void GetTSC(unsigned long& tsc) -{ - unsigned long a; - __asm _emit 0fh - __asm _emit 31h - __asm mov a, eax; - tsc=a; -} -#endif - -#include -#include -#include - -#define ripemd160_block_x86 ripemd160_block_asm_host_order - -extern "C" { -void ripemd160_block_x86(RIPEMD160_CTX *ctx, unsigned char *buffer,int num); -} - -void main(int argc,char *argv[]) - { - unsigned char buffer[64*256]; - RIPEMD160_CTX ctx; - unsigned long s1,s2,e1,e2; - unsigned char k[16]; - unsigned long data[2]; - unsigned char iv[8]; - int i,num=0,numm; - int j=0; - - if (argc >= 2) - num=atoi(argv[1]); - - if (num == 0) num=16; - if (num > 250) num=16; - numm=num+2; -#if 0 - num*=64; - numm*=64; -#endif - - for (j=0; j<6; j++) - { - for (i=0; i<10; i++) /**/ - { - ripemd160_block_x86(&ctx,buffer,numm); - GetTSC(s1); - ripemd160_block_x86(&ctx,buffer,numm); - GetTSC(e1); - GetTSC(s2); - ripemd160_block_x86(&ctx,buffer,num); - GetTSC(e2); - ripemd160_block_x86(&ctx,buffer,num); - } - printf("ripemd160 (%d bytes) %d %d (%.2f)\n",num*64, - e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2); - } - } - diff --git a/crypto/ripemd/rmd_locl.h b/crypto/ripemd/rmd_locl.h index 497a1a1..5a2eed3 100644 --- a/crypto/ripemd/rmd_locl.h +++ b/crypto/ripemd/rmd_locl.h @@ -94,22 +94,14 @@ void ripemd160_block_data_order(RIPEMD160_CTX *c, const void *p, size_t num); #include "md32_common.h" -#if 0 -# define F1(x,y,z) ((x)^(y)^(z)) -# define F2(x,y,z) (((x)&(y))|((~x)&z)) -# define F3(x,y,z) (((x)|(~y))^(z)) -# define F4(x,y,z) (((x)&(z))|((y)&(~(z)))) -# define F5(x,y,z) ((x)^((y)|(~(z)))) -#else /* * Transformed F2 and F4 are courtesy of Wei Dai */ -# define F1(x,y,z) ((x) ^ (y) ^ (z)) -# define F2(x,y,z) ((((y) ^ (z)) & (x)) ^ (z)) -# define F3(x,y,z) (((~(y)) | (x)) ^ (z)) -# define F4(x,y,z) ((((x) ^ (y)) & (z)) ^ (y)) -# define F5(x,y,z) (((~(z)) | (y)) ^ (x)) -#endif +#define F1(x,y,z) ((x) ^ (y) ^ (z)) +#define F2(x,y,z) ((((y) ^ (z)) & (x)) ^ (z)) +#define F3(x,y,z) (((~(y)) | (x)) ^ (z)) +#define F4(x,y,z) ((((x) ^ (y)) & (z)) ^ (y)) +#define F5(x,y,z) (((~(z)) | (y)) ^ (x)) #define RIPEMD160_A 0x67452301L #define RIPEMD160_B 0xEFCDAB89L diff --git a/crypto/rsa/rsa_null.c b/crypto/rsa/rsa_null.c index 241b431..535660a 100644 --- a/crypto/rsa/rsa_null.c +++ b/crypto/rsa/rsa_null.c @@ -79,9 +79,6 @@ static int RSA_null_public_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding); static int RSA_null_private_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding); -#if 0 /* not currently used */ -static int RSA_null_mod_exp(const BIGNUM *r0, const BIGNUM *i, RSA *rsa); -#endif static int RSA_null_init(RSA *rsa); static int RSA_null_finish(RSA *rsa); static RSA_METHOD rsa_null_meth = { @@ -136,14 +133,6 @@ static int RSA_null_public_decrypt(int flen, const unsigned char *from, return -1; } -#if 0 /* not currently used */ -static int RSA_null_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa) -{ - ... err(RSA_F_RSA_NULL_MOD_EXP, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); - return -1; -} -#endif - static int RSA_null_init(RSA *rsa) { return (1); diff --git a/crypto/srp/Makefile b/crypto/srp/Makefile index 0c37ec7..3674dd6 100644 --- a/crypto/srp/Makefile +++ b/crypto/srp/Makefile @@ -82,7 +82,7 @@ srp_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h srp_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h srp_lib.o: ../../include/openssl/sha.h ../../include/openssl/srp.h srp_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -srp_lib.o: ../cryptlib.h ../include/internal/bn_srp.h srp_lcl.h srp_lib.c +srp_lib.o: ../cryptlib.h ../include/internal/bn_srp.h srp_lib.c srp_vfy.o: ../../e_os.h ../../include/openssl/asn1.h srp_vfy.o: ../../include/openssl/bio.h ../../include/openssl/bn.h srp_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -94,4 +94,4 @@ srp_vfy.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h srp_vfy.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h srp_vfy.o: ../../include/openssl/srp.h ../../include/openssl/stack.h srp_vfy.o: ../../include/openssl/symhacks.h ../../include/openssl/txt_db.h -srp_vfy.o: ../cryptlib.h srp_lcl.h srp_vfy.c +srp_vfy.o: ../cryptlib.h srp_vfy.c diff --git a/crypto/srp/srp_lcl.h b/crypto/srp/srp_lcl.h deleted file mode 100644 index 9a7fce1..0000000 --- a/crypto/srp/srp_lcl.h +++ /dev/null @@ -1,84 +0,0 @@ -/* crypto/srp/srp_lcl.h */ -/* - * Written by Peter Sylvester (peter.sylvester at edelweb.fr) for the EdelKey - * project and contributed to the OpenSSL project 2004. - */ -/* ==================================================================== - * Copyright (c) 2004 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing at OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay at cryptsoft.com). This product includes software written by Tim - * Hudson (tjh at cryptsoft.com). - * - */ -#ifndef HEADER_SRP_LCL_H -# define HEADER_SRP_LCL_H - -# include -# include - -# if 0 -# define srp_bn_print(a) {fprintf(stderr, #a "="); BN_print_fp(stderr,a); \ - fprintf(stderr,"\n");} -# else -# define srp_bn_print(a) -# endif - - - -#ifdef __cplusplus -extern "C" { -#endif - - - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c index 6997a28..9e1de74 100644 --- a/crypto/srp/srp_lib.c +++ b/crypto/srp/srp_lib.c @@ -59,7 +59,7 @@ */ #ifndef OPENSSL_NO_SRP # include "cryptlib.h" -# include "srp_lcl.h" +# include # include # include # include "internal/bn_srp.h" @@ -317,9 +317,6 @@ char *SRP_check_known_gN_param(BIGNUM *g, BIGNUM *N) if ((g == NULL) || (N == NULL)) return 0; - srp_bn_print(g); - srp_bn_print(N); - for (i = 0; i < KNOWN_GN_NUMBER; i++) { if (BN_cmp(knowngN[i].g, g) == 0 && BN_cmp(knowngN[i].N, N) == 0) return knowngN[i].id; diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c index df82ca3..4aed5b4 100644 --- a/crypto/srp/srp_vfy.c +++ b/crypto/srp/srp_vfy.c @@ -59,7 +59,7 @@ */ #ifndef OPENSSL_NO_SRP # include "cryptlib.h" -# include "srp_lcl.h" +# include # include # include # include @@ -607,9 +607,6 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, (verifier == NULL) || (N == NULL) || (g == NULL) || (bn_ctx == NULL)) goto err; - srp_bn_print(N); - srp_bn_print(g); - if (*salt == NULL) { RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN); @@ -627,8 +624,6 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, goto err; } - srp_bn_print(*verifier); - result = 1; err: From steve at openssl.org Tue Feb 3 16:50:19 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 3 Feb 2015 17:50:19 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150203165019.62B211DF121@butler.localdomain> The branch master has been updated via a724e79ed761ea535a6c7457c90da5ff4b1cea69 (commit) via 3d47c1d331fdc7574d2275cda1a630ccdb624b08 (commit) from dfb56425b68314b2b57e17c82c1df42e7a015132 (commit) - Log ----------------------------------------------------------------- commit a724e79ed761ea535a6c7457c90da5ff4b1cea69 Author: Dr. Stephen Henson Date: Tue Feb 3 01:31:33 2015 +0000 Preliminary ASN1_TIME documentation. Reviewed-by: Rich Salz commit 3d47c1d331fdc7574d2275cda1a630ccdb624b08 Author: Dr. Stephen Henson Date: Tue Feb 3 14:53:15 2015 +0000 Remove unused variables. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: doc/crypto/ASN1_TIME_set.pod | 129 ++++++++++++++++++++++++++++++++++++++++++ ssl/t1_enc.c | 10 ++-- 2 files changed, 133 insertions(+), 6 deletions(-) create mode 100644 doc/crypto/ASN1_TIME_set.pod diff --git a/doc/crypto/ASN1_TIME_set.pod b/doc/crypto/ASN1_TIME_set.pod new file mode 100644 index 0000000..ae2b53d --- /dev/null +++ b/doc/crypto/ASN1_TIME_set.pod @@ -0,0 +1,129 @@ +=pod + +=head1 NAME + +ASN1_TIME_set, ASN1_TIME_adj, ASN1_TIME_check, ASN1_TIME_set_string, +ASN1_TIME_print, ASN1_TIME_diff - ASN.1 Time functions. + +=head1 SYNOPSIS + + ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); + ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, + int offset_day, long offset_sec); + int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); + int ASN1_TIME_check(const ASN1_TIME *t); + int ASN1_TIME_print(BIO *b, const ASN1_TIME *s); + + int ASN1_TIME_diff(int *pday, int *psec, + const ASN1_TIME *from, const ASN1_TIME *to); + +=head1 DESCRIPTION + +The function ASN1_TIME_set() sets the ASN1_TIME structure B to the +time represented by the time_t value B. If B is NULL a new ASN1_TIME +structure is allocated and returned. + +ASN1_TIME_adj() sets the ASN1_TIME structure B to the time represented +by the time B and B after the time_t value B. +The values of B or B can be negative to set a +time before B. The B value can also exceed the number of +seconds in a day. If B is NULL a new ASN1_TIME structure is allocated +and returned. + +ASN1_TIME_set_string() sets ASN1_TIME structure B to the time +represented by string B which must be in appropriate ASN.1 time +format (for example YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ). + +ASN1_TIME_check() checks the syntax of ASN1_TIME structure B. + +ASN1_TIME_print() prints out the time B to BIO B in human readable +format. It will be of the format MMM DD HH:MM:SS YYYY [GMT], for example +"Feb 3 00:55:52 2015 GMT" it does not include a newline. If the time +structure has invalid format it prints out "Bad time value" and returns +an error. + +ASN1_TIME_diff() sets B<*pday> and B<*psec> to the time difference between +B and B. If B represents a time later than B then +one or both (depending on the time difference) of B<*pday> and B<*psec> +will be positive. If B represents a time earlier than B then +one or both of B<*pday> and B<*psec> will be negative. If B and B +represent the same time then B<*pday> and B<*psec> will both be zero. +If both B<*pday> and B<*psec> are non-zero they will always have the same +sign. The value of B<*psec> will always be less than the number of seconds +in a day. If B or B is NULL the current time is used. + +=head1 NOTES + +The ASN1_TIME structure corresponds to the ASN.1 structure B +defined in RFC5280 et al. The time setting functions obey the rules outlined +in RFC5280: if the date can be represented by UTCTime it is used, else +GeneralizedTime is used. + +The ASN1_TIME structure is represented as an ASN1_STRING internally and can +be freed up using ASN1_STRING_free(). + +The ASN1_TIME structure can represent years from 0000 to 9999 but no attempt +is made to correct ancient calendar changes (for example from Julian to +Gregorian calendars). + +Some applications add offset times directly to a time_t value and pass the +results to ASN1_TIME_set() (or equivalent). This can cause problems as the +time_t value can overflow on some systems resulting in unexpected results. +New applications should use ASN1_TIME_adj() instead and pass the offset value +in the B and B parameters instead of directly +manipulating a time_t value. + +=head1 BUGS + +ASN1_TIME_print() currently does not print out the time zone: it either prints +out "GMT" or nothing. But all certificates complying with RFC5280 et al use GMT +anyway. + +=head1 EXAMPLES + +Set a time structure to one hour after the current time and print it out: + + #include + #include + ASN1_TIME *tm; + time_t t; + BIO *b; + t = time(NULL); + tm = ASN1_TIME_adj(NULL, t, 0, 60 * 60); + b = BIO_new_fp(stdout, BIO_NOCLOSE); + ASN1_TIME_print(b, tm); + ASN1_STRING_free(tm); + BIO_free(b); + +Determine if one time is later or sooner than the current time: + + int day, sec; + + if (!ASN1_TIME_diff(&day, &sec, NULL, to)) + /* Invalid time format */ + + if (day > 0 || sec > 0) + printf("Later\n"); + else if (day < 0 || sec < 0) + printf("Sooner\n"); + else + printf("Same\n"); + +=head1 RETURN VALUES + +ASN1_TIME_set() and ASN1_TIME_adj() return a pointer to an ASN1_TIME structure +or NULL if an error occurred. + +ASN1_TIME_set_string() returns 1 if the time value is successfully set and +0 otherwise. + +ASN1_TIME_check() returns 1 if the structure is syntactically correct and 0 +otherwise. + +ASN1_TIME_print() returns 1 if the time is successfully printed out and 0 if +an error occurred (I/O error or invalid time format). + +ASN1_TIME_diff() returns 1 for sucess and 0 for failure. It can fail if the +pass ASN1_TIME structure has invalid syntax for example. + +=cut diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index ff6273f..a432dca 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -1062,8 +1062,6 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, int len) { unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH]; - const void *co = NULL, *so = NULL; - int col = 0, sol = 0; #ifdef KSSL_DEBUG fprintf(stderr, "tls1_generate_master_secret(%p,%p, %p, %d)\n", s, out, p, @@ -1092,18 +1090,18 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, TLS_MD_EXTENDED_MASTER_SECRET_CONST, TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE, hash, hashlen, - co, col, NULL, 0, - so, sol, p, len, s->session->master_key, buff, sizeof buff); + NULL, 0, + NULL, 0, p, len, s->session->master_key, buff, sizeof buff); OPENSSL_cleanse(hash, hashlen); } else { tls1_PRF(ssl_get_algorithm2(s), TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE, s->s3->client_random, SSL3_RANDOM_SIZE, - co, col, + NULL, 0, s->s3->server_random, SSL3_RANDOM_SIZE, - so, sol, p, len, s->session->master_key, buff, sizeof buff); + NULL, 0, p, len, s->session->master_key, buff, sizeof buff); } #ifdef SSL_DEBUG fprintf(stderr, "Premaster Secret:\n"); From steve at openssl.org Tue Feb 3 16:50:48 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 3 Feb 2015 17:50:48 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150203165049.207F31DF121@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via 3b740cebd513b9df928e8f40a1d47d3b06dc7af5 (commit) from f17a4ad7d7b5b6131f951409f7be79eaac62fd31 (commit) - Log ----------------------------------------------------------------- commit 3b740cebd513b9df928e8f40a1d47d3b06dc7af5 Author: Dr. Stephen Henson Date: Tue Feb 3 01:31:33 2015 +0000 Preliminary ASN1_TIME documentation. Reviewed-by: Rich Salz (cherry picked from commit a724e79ed761ea535a6c7457c90da5ff4b1cea69) ----------------------------------------------------------------------- Summary of changes: doc/crypto/ASN1_TIME_set.pod | 129 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 129 insertions(+) create mode 100644 doc/crypto/ASN1_TIME_set.pod diff --git a/doc/crypto/ASN1_TIME_set.pod b/doc/crypto/ASN1_TIME_set.pod new file mode 100644 index 0000000..ae2b53d --- /dev/null +++ b/doc/crypto/ASN1_TIME_set.pod @@ -0,0 +1,129 @@ +=pod + +=head1 NAME + +ASN1_TIME_set, ASN1_TIME_adj, ASN1_TIME_check, ASN1_TIME_set_string, +ASN1_TIME_print, ASN1_TIME_diff - ASN.1 Time functions. + +=head1 SYNOPSIS + + ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); + ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, + int offset_day, long offset_sec); + int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); + int ASN1_TIME_check(const ASN1_TIME *t); + int ASN1_TIME_print(BIO *b, const ASN1_TIME *s); + + int ASN1_TIME_diff(int *pday, int *psec, + const ASN1_TIME *from, const ASN1_TIME *to); + +=head1 DESCRIPTION + +The function ASN1_TIME_set() sets the ASN1_TIME structure B to the +time represented by the time_t value B. If B is NULL a new ASN1_TIME +structure is allocated and returned. + +ASN1_TIME_adj() sets the ASN1_TIME structure B to the time represented +by the time B and B after the time_t value B. +The values of B or B can be negative to set a +time before B. The B value can also exceed the number of +seconds in a day. If B is NULL a new ASN1_TIME structure is allocated +and returned. + +ASN1_TIME_set_string() sets ASN1_TIME structure B to the time +represented by string B which must be in appropriate ASN.1 time +format (for example YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ). + +ASN1_TIME_check() checks the syntax of ASN1_TIME structure B. + +ASN1_TIME_print() prints out the time B to BIO B in human readable +format. It will be of the format MMM DD HH:MM:SS YYYY [GMT], for example +"Feb 3 00:55:52 2015 GMT" it does not include a newline. If the time +structure has invalid format it prints out "Bad time value" and returns +an error. + +ASN1_TIME_diff() sets B<*pday> and B<*psec> to the time difference between +B and B. If B represents a time later than B then +one or both (depending on the time difference) of B<*pday> and B<*psec> +will be positive. If B represents a time earlier than B then +one or both of B<*pday> and B<*psec> will be negative. If B and B +represent the same time then B<*pday> and B<*psec> will both be zero. +If both B<*pday> and B<*psec> are non-zero they will always have the same +sign. The value of B<*psec> will always be less than the number of seconds +in a day. If B or B is NULL the current time is used. + +=head1 NOTES + +The ASN1_TIME structure corresponds to the ASN.1 structure B +defined in RFC5280 et al. The time setting functions obey the rules outlined +in RFC5280: if the date can be represented by UTCTime it is used, else +GeneralizedTime is used. + +The ASN1_TIME structure is represented as an ASN1_STRING internally and can +be freed up using ASN1_STRING_free(). + +The ASN1_TIME structure can represent years from 0000 to 9999 but no attempt +is made to correct ancient calendar changes (for example from Julian to +Gregorian calendars). + +Some applications add offset times directly to a time_t value and pass the +results to ASN1_TIME_set() (or equivalent). This can cause problems as the +time_t value can overflow on some systems resulting in unexpected results. +New applications should use ASN1_TIME_adj() instead and pass the offset value +in the B and B parameters instead of directly +manipulating a time_t value. + +=head1 BUGS + +ASN1_TIME_print() currently does not print out the time zone: it either prints +out "GMT" or nothing. But all certificates complying with RFC5280 et al use GMT +anyway. + +=head1 EXAMPLES + +Set a time structure to one hour after the current time and print it out: + + #include + #include + ASN1_TIME *tm; + time_t t; + BIO *b; + t = time(NULL); + tm = ASN1_TIME_adj(NULL, t, 0, 60 * 60); + b = BIO_new_fp(stdout, BIO_NOCLOSE); + ASN1_TIME_print(b, tm); + ASN1_STRING_free(tm); + BIO_free(b); + +Determine if one time is later or sooner than the current time: + + int day, sec; + + if (!ASN1_TIME_diff(&day, &sec, NULL, to)) + /* Invalid time format */ + + if (day > 0 || sec > 0) + printf("Later\n"); + else if (day < 0 || sec < 0) + printf("Sooner\n"); + else + printf("Same\n"); + +=head1 RETURN VALUES + +ASN1_TIME_set() and ASN1_TIME_adj() return a pointer to an ASN1_TIME structure +or NULL if an error occurred. + +ASN1_TIME_set_string() returns 1 if the time value is successfully set and +0 otherwise. + +ASN1_TIME_check() returns 1 if the structure is syntactically correct and 0 +otherwise. + +ASN1_TIME_print() returns 1 if the time is successfully printed out and 0 if +an error occurred (I/O error or invalid time format). + +ASN1_TIME_diff() returns 1 for sucess and 0 for failure. It can fail if the +pass ASN1_TIME structure has invalid syntax for example. + +=cut From steve at openssl.org Wed Feb 4 13:34:26 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Wed, 4 Feb 2015 14:34:26 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150204133426.BF0881E035F@butler.localdomain> The branch master has been updated via 6922ddee1b7b1bddbe0d59a5bbdcf8ff39343434 (commit) from a724e79ed761ea535a6c7457c90da5ff4b1cea69 (commit) - Log ----------------------------------------------------------------- commit 6922ddee1b7b1bddbe0d59a5bbdcf8ff39343434 Author: Dr. Stephen Henson Date: Wed Feb 4 03:31:34 2015 +0000 Make objxref.pl output in correct format Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/objects/objxref.pl | 37 +++++++++++++++++++++---------------- 1 file changed, 21 insertions(+), 16 deletions(-) diff --git a/crypto/objects/objxref.pl b/crypto/objects/objxref.pl index 833f4ab..1913b9d 100644 --- a/crypto/objects/objxref.pl +++ b/crypto/objects/objxref.pl @@ -63,30 +63,36 @@ $pname =~ s|^.[^/]/||; print < The branch OpenSSL_1_0_1-stable has been updated via ac7d33deec9a61ff4bdf3b6c89725b588a8917e7 (commit) from 6b7c68e0388e499a1c2846131fca7ffd7b3fa78f (commit) - Log ----------------------------------------------------------------- commit ac7d33deec9a61ff4bdf3b6c89725b588a8917e7 Author: Dr. Stephen Henson Date: Wed Feb 4 03:31:34 2015 +0000 Make objxref.pl output in correct format Reviewed-by: Tim Hudson (cherry picked from commit 6922ddee1b7b1bddbe0d59a5bbdcf8ff39343434) ----------------------------------------------------------------------- Summary of changes: crypto/objects/objxref.pl | 37 +++++++++++++++++++++---------------- 1 file changed, 21 insertions(+), 16 deletions(-) diff --git a/crypto/objects/objxref.pl b/crypto/objects/objxref.pl index 6c4c832..35c0651 100644 --- a/crypto/objects/objxref.pl +++ b/crypto/objects/objxref.pl @@ -62,30 +62,36 @@ $pname =~ s|^.[^/]/||; print < The branch OpenSSL_1_0_0-stable has been updated via beac071b13b56e05873f7b08bff9cb4706de3d98 (commit) from 99ff40515d65ca98730f14fb7bf4da7c1534ddf9 (commit) - Log ----------------------------------------------------------------- commit beac071b13b56e05873f7b08bff9cb4706de3d98 Author: Dr. Stephen Henson Date: Wed Feb 4 03:31:34 2015 +0000 Make objxref.pl output in correct format Reviewed-by: Tim Hudson (cherry picked from commit 6922ddee1b7b1bddbe0d59a5bbdcf8ff39343434) ----------------------------------------------------------------------- Summary of changes: crypto/objects/objxref.pl | 37 +++++++++++++++++++++---------------- 1 file changed, 21 insertions(+), 16 deletions(-) diff --git a/crypto/objects/objxref.pl b/crypto/objects/objxref.pl index 6c4c832..35c0651 100644 --- a/crypto/objects/objxref.pl +++ b/crypto/objects/objxref.pl @@ -62,30 +62,36 @@ $pname =~ s|^.[^/]/||; print < The branch OpenSSL_1_0_2-stable has been updated via 75c77a71fa50b5dc0678800caf6a521cdfc8f1dc (commit) from 3b740cebd513b9df928e8f40a1d47d3b06dc7af5 (commit) - Log ----------------------------------------------------------------- commit 75c77a71fa50b5dc0678800caf6a521cdfc8f1dc Author: Dr. Stephen Henson Date: Wed Feb 4 03:31:34 2015 +0000 Make objxref.pl output in correct format Reviewed-by: Tim Hudson (cherry picked from commit 6922ddee1b7b1bddbe0d59a5bbdcf8ff39343434) ----------------------------------------------------------------------- Summary of changes: crypto/objects/objxref.pl | 37 +++++++++++++++++++++---------------- 1 file changed, 21 insertions(+), 16 deletions(-) diff --git a/crypto/objects/objxref.pl b/crypto/objects/objxref.pl index 833f4ab..1913b9d 100644 --- a/crypto/objects/objxref.pl +++ b/crypto/objects/objxref.pl @@ -63,30 +63,36 @@ $pname =~ s|^.[^/]/||; print < The branch master has been updated via f0983d3953fdc3e162e97ae4d35086e687aa4c89 (commit) via 5496cd3e5d9a0ab4c1235bdda9872eeb5ec130bb (commit) from 6922ddee1b7b1bddbe0d59a5bbdcf8ff39343434 (commit) - Log ----------------------------------------------------------------- commit f0983d3953fdc3e162e97ae4d35086e687aa4c89 Author: Dr. Stephen Henson Date: Sun Feb 1 14:51:46 2015 +0000 Updates to reformat script. Don't change files if they're unmodified. Indicate which files have changed and a summary. Reviewed-by: Rich Salz commit 5496cd3e5d9a0ab4c1235bdda9872eeb5ec130bb Author: Dr. Stephen Henson Date: Tue Feb 3 22:53:15 2015 +0000 More unused FIPS module code. Remove fips_algvs.c Remove unused fips module build code from Configure and Makefile.org Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: Configure | 34 +---- Makefile.org | 84 ------------ test/Makefile | 2 +- test/fips_algvs.c | 312 -------------------------------------------- util/openssl-format-source | 26 +++- 5 files changed, 23 insertions(+), 435 deletions(-) delete mode 100644 test/fips_algvs.c diff --git a/Configure b/Configure index d56c3d9..c9d3aeb 100755 --- a/Configure +++ b/Configure @@ -1124,24 +1124,7 @@ my $IsMK1MF=scalar grep /^$target$/, at MK1MF_Builds; $exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target =~ /^mingw/); $exe_ext=".nlm" if ($target =~ /netware/); $exe_ext=".pm" if ($target =~ /vos/); -if ($openssldir eq "" and $prefix eq "") - { - if ($fips) - { - if (exists $ENV{FIPSDIR}) - { - $openssldir="$ENV{FIPSDIR}"; - } - else - { - $openssldir="/usr/local/ssl/fips-2.0"; - } - } - else - { - $openssldir="/usr/local/ssl"; - } - } +$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq ""); $prefix=$openssldir if $prefix eq ""; $default_ranlib= &which("ranlib") or $default_ranlib="true"; @@ -1149,10 +1132,6 @@ $perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl") or $perl="perl"; my $make = $ENV{'MAKE'} || "make"; -my $fips_auth_key = $ENV{'FIPS_AUTH_KEY'}; -my $fips_auth_officer = $ENV{'FIPS_AUTH_OFFICER'}; -my $fips_auth_user = $ENV{'FIPS_AUTH_USER'}; - $cross_compile_prefix=$ENV{'CROSS_COMPILE'} if $cross_compile_prefix eq ""; chop $openssldir if $openssldir =~ /\/$/; @@ -2027,16 +2006,9 @@ BEGIN BEGIN BLOCK "040904b0" BEGIN -#if defined(FIPS) - VALUE "Comments", "WARNING: TEST VERSION ONLY ***NOT*** FIPS 140-2 VALIDATED.\\0" -#endif // Required: VALUE "CompanyName", "The OpenSSL Project, http://www.openssl.org/\\0" -#if defined(FIPS) - VALUE "FileDescription", "TEST UNVALIDATED FIPS140-2 DLL\\0" -#else VALUE "FileDescription", "OpenSSL Shared Library\\0" -#endif VALUE "FileVersion", "$version\\0" #if defined(CRYPTO) VALUE "InternalName", "libeay32\\0" @@ -2044,10 +2016,6 @@ BEGIN #elif defined(SSL) VALUE "InternalName", "ssleay32\\0" VALUE "OriginalFilename", "ssleay32.dll\\0" -#elif defined(FIPS) - VALUE "InternalName", "libosslfips\\0" - VALUE "OriginalFilename", "libosslfips.dll\\0" -#endif VALUE "ProductName", "The OpenSSL Toolkit\\0" VALUE "ProductVersion", "$version\\0" // Optional: diff --git a/Makefile.org b/Makefile.org index 2e4c76e..3fa129c 100644 --- a/Makefile.org +++ b/Makefile.org @@ -245,7 +245,6 @@ BUILDENV= PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \ PERLASM_SCHEME='$(PERLASM_SCHEME)' \ FIPSLIBDIR='${FIPSLIBDIR}' \ FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \ - FIPS_EX_OBJ='${FIPS_EX_OBJ}' \ THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, # which in turn eliminates ambiguities in variable treatment with -e. @@ -277,89 +276,6 @@ BUILD_ONE_CMD=\ reflect: @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV) -FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \ - ../crypto/aes/aes_ecb.o \ - ../crypto/aes/aes_ofb.o \ - ../crypto/bn/bn_add.o \ - ../crypto/bn/bn_blind.o \ - ../crypto/bn/bn_ctx.o \ - ../crypto/bn/bn_div.o \ - ../crypto/bn/bn_exp2.o \ - ../crypto/bn/bn_exp.o \ - ../crypto/bn/bn_gcd.o \ - ../crypto/bn/bn_gf2m.o \ - ../crypto/bn/bn_lib.o \ - ../crypto/bn/bn_mod.o \ - ../crypto/bn/bn_mont.o \ - ../crypto/bn/bn_mul.o \ - ../crypto/bn/bn_nist.o \ - ../crypto/bn/bn_prime.o \ - ../crypto/bn/bn_rand.o \ - ../crypto/bn/bn_recp.o \ - ../crypto/bn/bn_shift.o \ - ../crypto/bn/bn_sqr.o \ - ../crypto/bn/bn_word.o \ - ../crypto/bn/bn_x931p.o \ - ../crypto/buffer/buf_str.o \ - ../crypto/cmac/cmac.o \ - ../crypto/cryptlib.o \ - ../crypto/des/cfb64ede.o \ - ../crypto/des/cfb64enc.o \ - ../crypto/des/cfb_enc.o \ - ../crypto/des/ecb3_enc.o \ - ../crypto/des/ofb64ede.o \ - ../crypto/des/fcrypt.o \ - ../crypto/des/set_key.o \ - ../crypto/dh/dh_check.o \ - ../crypto/dh/dh_gen.o \ - ../crypto/dh/dh_key.o \ - ../crypto/dsa/dsa_gen.o \ - ../crypto/dsa/dsa_key.o \ - ../crypto/dsa/dsa_ossl.o \ - ../crypto/ec/ec_curve.o \ - ../crypto/ec/ec_cvt.o \ - ../crypto/ec/ec_key.o \ - ../crypto/ec/ec_lib.o \ - ../crypto/ec/ecp_mont.o \ - ../crypto/ec/ec_mult.o \ - ../crypto/ec/ecp_nist.o \ - ../crypto/ec/ecp_smpl.o \ - ../crypto/ec/ec2_mult.o \ - ../crypto/ec/ec2_smpl.o \ - ../crypto/ecdh/ech_key.o \ - ../crypto/ecdh/ech_ossl.o \ - ../crypto/ecdsa/ecs_ossl.o \ - ../crypto/evp/e_aes.o \ - ../crypto/evp/e_des3.o \ - ../crypto/evp/e_null.o \ - ../crypto/evp/m_sha1.o \ - ../crypto/evp/m_dss1.o \ - ../crypto/evp/m_dss.o \ - ../crypto/evp/m_ecdsa.o \ - ../crypto/hmac/hmac.o \ - ../crypto/modes/cbc128.o \ - ../crypto/modes/ccm128.o \ - ../crypto/modes/cfb128.o \ - ../crypto/modes/ctr128.o \ - ../crypto/modes/gcm128.o \ - ../crypto/modes/ofb128.o \ - ../crypto/modes/xts128.o \ - ../crypto/rsa/rsa_eay.o \ - ../crypto/rsa/rsa_gen.o \ - ../crypto/rsa/rsa_crpt.o \ - ../crypto/rsa/rsa_none.o \ - ../crypto/rsa/rsa_oaep.o \ - ../crypto/rsa/rsa_pk1.o \ - ../crypto/rsa/rsa_pss.o \ - ../crypto/rsa/rsa_ssl.o \ - ../crypto/rsa/rsa_x931.o \ - ../crypto/rsa/rsa_x931g.o \ - ../crypto/sha/sha1dgst.o \ - ../crypto/sha/sha256.o \ - ../crypto/sha/sha512.o \ - ../crypto/thr_id.o \ - ../crypto/uid.o - sub_all: build_all build_all: build_libs build_apps build_tests build_tools diff --git a/test/Makefile b/test/Makefile index f0eb183..fa5bd9f 100644 --- a/test/Makefile +++ b/test/Makefile @@ -12,7 +12,7 @@ PERL= perl # KRB5 stuff KRB5_INCLUDES= LIBKRB5= -TEST= fips_algvs.c igetest.c +TEST= igetest.c PEX_LIBS= EX_LIBS= #-lnsl -lsocket diff --git a/test/fips_algvs.c b/test/fips_algvs.c deleted file mode 100644 index 18a5bab..0000000 --- a/test/fips_algvs.c +++ /dev/null @@ -1,312 +0,0 @@ -/* test/fips_algvs.c */ -/* - * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project - * 2011 - */ -/* ==================================================================== - * Copyright (c) 2011 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing at OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay at cryptsoft.com). This product includes software written by Tim - * Hudson (tjh at cryptsoft.com). - * - */ - -#include -#include -#include - -#ifndef OPENSSL_FIPS -# include - -int main(int argc, char **argv) -{ - printf("No FIPS ALGVS support\n"); - return 0; -} -#else - -# define FIPS_ALGVS - -extern int fips_aesavs_main(int argc, char **argv); -extern int fips_cmactest_main(int argc, char **argv); -extern int fips_desmovs_main(int argc, char **argv); -extern int fips_dhvs_main(int argc, char **argv); -extern int fips_drbgvs_main(int argc, char **argv); -extern int fips_dssvs_main(int argc, char **argv); -extern int fips_ecdhvs_main(int argc, char **argv); -extern int fips_ecdsavs_main(int argc, char **argv); -extern int fips_gcmtest_main(int argc, char **argv); -extern int fips_hmactest_main(int argc, char **argv); -extern int fips_rngvs_main(int argc, char **argv); -extern int fips_rsagtest_main(int argc, char **argv); -extern int fips_rsastest_main(int argc, char **argv); -extern int fips_rsavtest_main(int argc, char **argv); -extern int fips_shatest_main(int argc, char **argv); -extern int fips_test_suite_main(int argc, char **argv); - -# include "fips_aesavs.c" -# include "fips_cmactest.c" -# include "fips_desmovs.c" -# include "fips_dhvs.c" -# include "fips_drbgvs.c" -# include "fips_dssvs.c" -# include "fips_ecdhvs.c" -# include "fips_ecdsavs.c" -# include "fips_gcmtest.c" -# include "fips_hmactest.c" -# include "fips_rngvs.c" -# include "fips_rsagtest.c" -# include "fips_rsastest.c" -# include "fips_rsavtest.c" -# include "fips_shatest.c" -# include "fips_test_suite.c" - -typedef struct { - const char *name; - int (*func) (int argc, char **argv); -} ALGVS_FUNCTION; - -static ALGVS_FUNCTION algvs[] = { - {"fips_aesavs", fips_aesavs_main}, - {"fips_cmactest", fips_cmactest_main}, - {"fips_desmovs", fips_desmovs_main}, - {"fips_dhvs", fips_dhvs_main}, - {"fips_drbgvs", fips_drbgvs_main}, - {"fips_dssvs", fips_dssvs_main}, - {"fips_ecdhvs", fips_ecdhvs_main}, - {"fips_ecdsavs", fips_ecdsavs_main}, - {"fips_gcmtest", fips_gcmtest_main}, - {"fips_hmactest", fips_hmactest_main}, - {"fips_rngvs", fips_rngvs_main}, - {"fips_rsagtest", fips_rsagtest_main}, - {"fips_rsastest", fips_rsastest_main}, - {"fips_rsavtest", fips_rsavtest_main}, - {"fips_shatest", fips_shatest_main}, - {"fips_test_suite", fips_test_suite_main}, - {NULL, 0} -}; - -/* Argument parsing taken from apps/apps.c */ - -typedef struct args_st { - char **data; - int count; -} ARGS; - -static int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[]) -{ - int num, i; - char *p; - - *argc = 0; - *argv = NULL; - - i = 0; - if (arg->count == 0) { - arg->count = 20; - arg->data = (char **)OPENSSL_malloc(sizeof(char *) * arg->count); - } - for (i = 0; i < arg->count; i++) - arg->data[i] = NULL; - - num = 0; - p = buf; - for (;;) { - /* first scan over white space */ - if (!*p) - break; - while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n'))) - p++; - if (!*p) - break; - - /* The start of something good :-) */ - if (num >= arg->count) { - fprintf(stderr, "Too many arguments!!\n"); - return 0; - } - arg->data[num++] = p; - - /* now look for the end of this */ - if ((*p == '\'') || (*p == '\"')) { /* scan for closing quote */ - i = *(p++); - arg->data[num - 1]++; /* jump over quote */ - while (*p && (*p != i)) - p++; - *p = '\0'; - } else { - while (*p && ((*p != ' ') && (*p != '\t') && (*p != '\n'))) - p++; - - if (*p == '\0') - p--; - else - *p = '\0'; - } - p++; - } - *argc = num; - *argv = arg->data; - return (1); -} - -static int run_prg(int argc, char **argv) -{ - ALGVS_FUNCTION *t; - const char *prg_name; - prg_name = strrchr(argv[0], '/'); - if (prg_name) - prg_name++; - else - prg_name = argv[0]; - for (t = algvs; t->name; t++) { - if (!strcmp(prg_name, t->name)) - return t->func(argc, argv); - } - return -100; -} - -int main(int argc, char **argv) -{ - char buf[1024]; - char **args = argv + 1; - const char *sname = "fipstests.sh"; - ARGS arg; - int xargc; - char **xargv; - int lineno = 0, badarg = 0; - int nerr = 0, quiet = 0, verbose = 0; - int rv; - FILE *in = NULL; -# ifdef FIPS_ALGVS_MEMCHECK - CRYPTO_malloc_debug_init(); - OPENSSL_init(); - CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); -# endif - - if (*args && *args[0] != '-') { - rv = run_prg(argc - 1, args); -# ifdef FIPS_ALGVS_MEMCHECK - CRYPTO_mem_leaks_fp(stderr); -# endif - return rv; - } - while (!badarg && *args && *args[0] == '-') { - if (!strcmp(*args, "-script")) { - if (args[1]) { - args++; - sname = *args; - } else - badarg = 1; - } else if (!strcmp(*args, "-quiet")) - quiet = 1; - else if (!strcmp(*args, "-verbose")) - verbose = 1; - else - badarg = 1; - args++; - } - - if (badarg) { - fprintf(stderr, "Error processing arguments\n"); - return 1; - } - - in = fopen(sname, "r"); - if (!in) { - fprintf(stderr, "Error opening script file \"%s\"\n", sname); - return 1; - } - - arg.data = NULL; - arg.count = 0; - - while (fgets(buf, sizeof(buf), in)) { - lineno++; - if (!chopup_args(&arg, buf, &xargc, &xargv)) - fprintf(stderr, "Error processing line %d\n", lineno); - else { - if (!quiet) { - int i; - int narg = verbose ? xargc : xargc - 2; - printf("Running command line:"); - for (i = 0; i < narg; i++) - printf(" %s", xargv[i]); - printf("\n"); - } - rv = run_prg(xargc, xargv); - if (FIPS_module_mode()) - FIPS_module_mode_set(0, NULL); - if (rv != 0) - nerr++; - if (rv == -100) - fprintf(stderr, "ERROR: Command not found\n"); - else if (rv != 0) - fprintf(stderr, "ERROR: returned %d\n", rv); - else if (verbose) - printf("\tCommand run successfully\n"); - } - } - - if (!quiet) - printf("Completed with %d errors\n", nerr); - - if (arg.data) - OPENSSL_free(arg.data); - - fclose(in); -# ifdef FIPS_ALGVS_MEMCHECK - CRYPTO_mem_leaks_fp(stderr); -# endif - if (nerr == 0) - return 0; - return 1; -} -#endif diff --git a/util/openssl-format-source b/util/openssl-format-source index 4e90147..6380a10 100755 --- a/util/openssl-format-source +++ b/util/openssl-format-source @@ -30,6 +30,7 @@ VERBOSE=false DONT=false STOPARGS=false COMMENTS=false +CHANGED=false DEBUG="" # for this exercise, we want to force the openssl style, so we roll @@ -82,10 +83,6 @@ do fi fi - if [ "$VERBOSE" = "true" ]; then - echo "$j" - fi - if [ "$DONT" = "false" ]; then tmp=$(mktemp /tmp/indent.XXXXXX) trap 'rm -f "$tmp"' HUP INT TERM EXIT @@ -138,7 +135,18 @@ do else expand "$j" | indent $INDENT_ARGS > "$tmp" fi; - mv "$tmp" "$j" + if cmp -s "$tmp" "$j"; then + if [ "$VERBOSE" = "true" ]; then + echo "$j unchanged" + fi + rm "$tmp" + else + if [ "$VERBOSE" = "true" ]; then + echo "$j changed" + fi + CHANGED=true + mv "$tmp" "$j" + fi ;; esac fi @@ -146,3 +154,11 @@ do done +if [ "$VERBOSE" = "true" ]; then + echo + if [ "$CHANGED" = "true" ]; then + echo "SOURCE WAS MODIFIED" + else + echo "SOURCE WAS NOT MODIFIED" + fi +fi From steve at openssl.org Wed Feb 4 23:00:37 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Thu, 5 Feb 2015 00:00:37 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150204230038.0FC401E035F@butler.localdomain> The branch master has been updated via a479d72dba4afc17f46db5429a5271f1202e2d55 (commit) from f0983d3953fdc3e162e97ae4d35086e687aa4c89 (commit) - Log ----------------------------------------------------------------- commit a479d72dba4afc17f46db5429a5271f1202e2d55 Author: Dr. Stephen Henson Date: Wed Feb 4 22:51:01 2015 +0000 fix windows build Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: Configure | 1 + 1 file changed, 1 insertion(+) diff --git a/Configure b/Configure index c9d3aeb..5fb5f13 100755 --- a/Configure +++ b/Configure @@ -2016,6 +2016,7 @@ BEGIN #elif defined(SSL) VALUE "InternalName", "ssleay32\\0" VALUE "OriginalFilename", "ssleay32.dll\\0" +#endif VALUE "ProductName", "The OpenSSL Toolkit\\0" VALUE "ProductVersion", "$version\\0" // Optional: From rsalz at openssl.org Wed Feb 4 23:50:52 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 5 Feb 2015 00:50:52 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150204235052.AAA401E035F@butler.localdomain> The branch master has been updated via 1f7103b6ebd1579e4ead17405f89d44330386949 (commit) from a479d72dba4afc17f46db5429a5271f1202e2d55 (commit) - Log ----------------------------------------------------------------- commit 1f7103b6ebd1579e4ead17405f89d44330386949 Author: Rich Salz Date: Wed Feb 4 18:50:00 2015 -0500 Fix various build breaks TABLE wasn't updated from a previous Configure change Missed an RMD160/RIPE/RIPEMD unification in mkdef.pl Makefile install_sw referenced file doc/openssl-shared.txt (RT3686) Needed to run 'make update' because - Various old code has been removed - Varous old #ifdef tests were removed Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: Makefile.org | 2 - TABLE | 2 +- util/libeay.num | 799 ++++++++++++++++++++++++++++--------------------------- util/mkdef.pl | 6 +- util/ssleay.num | 34 +-- 5 files changed, 422 insertions(+), 421 deletions(-) diff --git a/Makefile.org b/Makefile.org index 3fa129c..f60ecf3 100644 --- a/Makefile.org +++ b/Makefile.org @@ -600,8 +600,6 @@ install_sw: if [ "$(INSTALLTOP)" != "/usr" ]; then \ echo 'OpenSSL shared libraries have been installed in:'; \ echo ' $(INSTALLTOP)'; \ - echo ''; \ - sed -e '1,/^$$/d' doc/openssl-shared.txt; \ fi; \ fi cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig diff --git a/TABLE b/TABLE index 886fa62..6235666 100644 --- a/TABLE +++ b/TABLE @@ -1668,7 +1668,7 @@ $multilib = *** debug-ben-debug-64-clang $cc = clang -$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -fsanitize=undefined -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe +$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = diff --git a/util/libeay.num b/util/libeay.num index 03f0d39..9920db1 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -15,28 +15,28 @@ ASN1_STRING_cmp 14 EXIST::FUNCTION: ASN1_STRING_dup 15 EXIST::FUNCTION: ASN1_STRING_free 16 EXIST::FUNCTION: ASN1_STRING_new 17 EXIST::FUNCTION: -ASN1_STRING_print 18 EXIST::FUNCTION:BIO +ASN1_STRING_print 18 EXIST::FUNCTION: ASN1_STRING_set 19 EXIST::FUNCTION: ASN1_STRING_type_new 20 EXIST::FUNCTION: ASN1_TYPE_free 21 EXIST::FUNCTION: ASN1_TYPE_new 22 EXIST::FUNCTION: ASN1_UNIVERSALSTRING_to_string 23 EXIST::FUNCTION: ASN1_UTCTIME_check 24 EXIST::FUNCTION: -ASN1_UTCTIME_print 25 EXIST::FUNCTION:BIO +ASN1_UTCTIME_print 25 EXIST::FUNCTION: ASN1_UTCTIME_set 26 EXIST::FUNCTION: ASN1_check_infinite_end 27 EXIST::FUNCTION: -ASN1_d2i_bio 28 EXIST::FUNCTION:BIO -ASN1_d2i_fp 29 EXIST::FUNCTION:FP_API -ASN1_digest 30 EXIST::FUNCTION:EVP +ASN1_d2i_bio 28 EXIST::FUNCTION: +ASN1_d2i_fp 29 EXIST::FUNCTION:STDIO +ASN1_digest 30 EXIST::FUNCTION: ASN1_dup 31 EXIST::FUNCTION: ASN1_get_object 32 EXIST::FUNCTION: -ASN1_i2d_bio 33 EXIST::FUNCTION:BIO -ASN1_i2d_fp 34 EXIST::FUNCTION:FP_API +ASN1_i2d_bio 33 EXIST::FUNCTION: +ASN1_i2d_fp 34 EXIST::FUNCTION:STDIO ASN1_object_size 35 EXIST::FUNCTION: -ASN1_parse 36 EXIST::FUNCTION:BIO +ASN1_parse 36 EXIST::FUNCTION: ASN1_put_object 37 EXIST::FUNCTION: -ASN1_sign 38 EXIST::FUNCTION:EVP -ASN1_verify 39 EXIST::FUNCTION:EVP +ASN1_sign 38 EXIST::FUNCTION: +ASN1_verify 39 EXIST::FUNCTION: BF_cbc_encrypt 40 EXIST::FUNCTION:BF BF_cfb64_encrypt 41 EXIST::FUNCTION:BF BF_ecb_encrypt 42 EXIST::FUNCTION:BF @@ -52,10 +52,10 @@ BIO_int_ctrl 53 EXIST::FUNCTION: BIO_debug_callback 54 EXIST::FUNCTION: BIO_dump 55 EXIST::FUNCTION: BIO_dup_chain 56 EXIST::FUNCTION: -BIO_f_base64 57 EXIST::FUNCTION:BIO +BIO_f_base64 57 EXIST::FUNCTION: BIO_f_buffer 58 EXIST::FUNCTION: -BIO_f_cipher 59 EXIST::FUNCTION:BIO -BIO_f_md 60 EXIST::FUNCTION:BIO +BIO_f_cipher 59 EXIST::FUNCTION: +BIO_f_md 60 EXIST::FUNCTION: BIO_f_null 61 EXIST::FUNCTION: BIO_f_proxy_server 62 NOEXIST::FUNCTION: BIO_fd_non_fatal_error 63 EXIST::FUNCTION: @@ -75,8 +75,8 @@ BIO_new 78 EXIST::FUNCTION: BIO_new_accept 79 EXIST::FUNCTION: BIO_new_connect 80 EXIST::FUNCTION: BIO_new_fd 81 EXIST::FUNCTION: -BIO_new_file 82 EXIST::FUNCTION:FP_API -BIO_new_fp 83 EXIST::FUNCTION:FP_API +BIO_new_file 82 EXIST::FUNCTION:STDIO +BIO_new_fp 83 EXIST::FUNCTION:STDIO BIO_new_socket 84 EXIST::FUNCTION: BIO_pop 85 EXIST::FUNCTION: BIO_printf 86 EXIST::FUNCTION: @@ -86,13 +86,13 @@ BIO_read 89 EXIST::FUNCTION: BIO_s_accept 90 EXIST::FUNCTION: BIO_s_connect 91 EXIST::FUNCTION: BIO_s_fd 92 EXIST::FUNCTION: -BIO_s_file 93 EXIST::FUNCTION:FP_API +BIO_s_file 93 EXIST::FUNCTION:STDIO BIO_s_mem 95 EXIST::FUNCTION: BIO_s_null 96 EXIST::FUNCTION: BIO_s_proxy_client 97 NOEXIST::FUNCTION: BIO_s_socket 98 EXIST::FUNCTION: BIO_set 100 EXIST::FUNCTION: -BIO_set_cipher 101 EXIST::FUNCTION:BIO +BIO_set_cipher 101 EXIST::FUNCTION: BIO_set_tcp_ndelay 102 EXIST::FUNCTION: BIO_sock_cleanup 103 EXIST::FUNCTION: BIO_sock_error 104 EXIST::FUNCTION: @@ -126,7 +126,7 @@ BN_gcd 131 EXIST::FUNCTION: BN_generate_prime 132 EXIST::FUNCTION:DEPRECATED BN_get_word 133 EXIST::FUNCTION: BN_is_bit_set 134 EXIST::FUNCTION: -BN_is_prime 135 EXIST::FUNCTION:DEPRECATED +BN_is_prime 135 NOEXIST::FUNCTION: BN_lshift 136 EXIST::FUNCTION: BN_lshift1 137 EXIST::FUNCTION: BN_mask_bits 138 EXIST::FUNCTION: @@ -144,7 +144,7 @@ BN_num_bits 151 EXIST::FUNCTION: BN_num_bits_word 152 EXIST::FUNCTION: BN_options 153 EXIST::FUNCTION: BN_print 154 EXIST::FUNCTION: -BN_print_fp 155 EXIST::FUNCTION:FP_API +BN_print_fp 155 EXIST::FUNCTION:STDIO BN_rand 156 EXIST::FUNCTION: BN_reciprocal 157 EXIST::FUNCTION: BN_rshift 158 EXIST::FUNCTION: @@ -181,7 +181,7 @@ CRYPTO_malloc 188 EXIST::FUNCTION: CRYPTO_mem_ctrl 189 EXIST::FUNCTION: CRYPTO_mem_leaks 190 EXIST::FUNCTION: CRYPTO_mem_leaks_cb 191 EXIST::FUNCTION: -CRYPTO_mem_leaks_fp 192 EXIST::FUNCTION:FP_API +CRYPTO_mem_leaks_fp 192 EXIST::FUNCTION:STDIO CRYPTO_realloc 193 EXIST::FUNCTION: CRYPTO_remalloc 194 EXIST::FUNCTION: CRYPTO_set_add_lock_callback 195 EXIST::FUNCTION: @@ -196,30 +196,30 @@ DH_generate_key 203 EXIST::FUNCTION:DH DH_generate_parameters 204 EXIST::FUNCTION:DEPRECATED,DH DH_new 205 EXIST::FUNCTION:DH DH_size 206 EXIST::FUNCTION:DH -DHparams_print 207 EXIST::FUNCTION:BIO,DH -DHparams_print_fp 208 EXIST::FUNCTION:DH,FP_API +DHparams_print 207 EXIST::FUNCTION:DH +DHparams_print_fp 208 EXIST::FUNCTION:DH,STDIO DSA_free 209 EXIST::FUNCTION:DSA DSA_generate_key 210 EXIST::FUNCTION:DSA DSA_generate_parameters 211 EXIST::FUNCTION:DEPRECATED,DSA DSA_is_prime 212 NOEXIST::FUNCTION: DSA_new 213 EXIST::FUNCTION:DSA -DSA_print 214 EXIST::FUNCTION:BIO,DSA -DSA_print_fp 215 EXIST::FUNCTION:DSA,FP_API +DSA_print 214 EXIST::FUNCTION:DSA +DSA_print_fp 215 EXIST::FUNCTION:DSA,STDIO DSA_sign 216 EXIST::FUNCTION:DSA DSA_sign_setup 217 EXIST::FUNCTION:DSA DSA_size 218 EXIST::FUNCTION:DSA DSA_verify 219 EXIST::FUNCTION:DSA -DSAparams_print 220 EXIST::FUNCTION:BIO,DSA -DSAparams_print_fp 221 EXIST::FUNCTION:DSA,FP_API +DSAparams_print 220 EXIST::FUNCTION:DSA +DSAparams_print_fp 221 EXIST::FUNCTION:DSA,STDIO ERR_clear_error 222 EXIST::FUNCTION: ERR_error_string 223 EXIST::FUNCTION: ERR_free_strings 224 EXIST::FUNCTION: ERR_func_error_string 225 EXIST::FUNCTION: -ERR_get_err_state_table 226 EXIST::FUNCTION:LHASH +ERR_get_err_state_table 226 EXIST::FUNCTION: ERR_get_error 227 EXIST::FUNCTION: ERR_get_error_line 228 EXIST::FUNCTION: ERR_get_state 229 EXIST::FUNCTION: -ERR_get_string_table 230 EXIST::FUNCTION:LHASH +ERR_get_string_table 230 EXIST::FUNCTION: ERR_lib_error_string 231 EXIST::FUNCTION: ERR_load_ASN1_strings 232 EXIST::FUNCTION: ERR_load_BIO_strings 233 EXIST::FUNCTION: @@ -239,8 +239,8 @@ ERR_load_crypto_strings 246 EXIST::FUNCTION: ERR_load_strings 247 EXIST::FUNCTION: ERR_peek_error 248 EXIST::FUNCTION: ERR_peek_error_line 249 EXIST::FUNCTION: -ERR_print_errors 250 EXIST::FUNCTION:BIO -ERR_print_errors_fp 251 EXIST::FUNCTION:FP_API +ERR_print_errors 250 EXIST::FUNCTION: +ERR_print_errors_fp 251 EXIST::FUNCTION:STDIO ERR_put_error 252 EXIST::FUNCTION: ERR_reason_error_string 253 EXIST::FUNCTION: ERR_remove_state 254 EXIST::FUNCTION:DEPRECATED @@ -301,8 +301,8 @@ EVP_des_ede_cfb64 308 EXIST::FUNCTION:DES EVP_des_ede_ofb 309 EXIST::FUNCTION:DES EVP_des_ofb 310 EXIST::FUNCTION:DES EVP_desx_cbc 311 EXIST::FUNCTION:DES -EVP_dss 312 EXIST::FUNCTION:DSA,SHA -EVP_dss1 313 EXIST::FUNCTION:DSA,SHA +EVP_dss 312 NOEXIST::FUNCTION: +EVP_dss1 313 EXIST::FUNCTION:DSA EVP_enc_null 314 EXIST::FUNCTION: EVP_get_cipherbyname 315 EXIST::FUNCTION: EVP_get_digestbyname 316 EXIST::FUNCTION: @@ -321,8 +321,8 @@ EVP_rc2_ofb 328 EXIST::FUNCTION:RC2 EVP_rc4 329 EXIST::FUNCTION:RC4 EVP_read_pw_string 330 EXIST::FUNCTION: EVP_set_pw_prompt 331 EXIST::FUNCTION: -EVP_sha 332 EXIST::FUNCTION:SHA -EVP_sha1 333 EXIST::FUNCTION:SHA +EVP_sha 332 NOEXIST::FUNCTION: +EVP_sha1 333 EXIST::FUNCTION: MD2 334 EXIST::FUNCTION:MD2 MD2_Final 335 EXIST::FUNCTION:MD2 MD2_Init 336 EXIST::FUNCTION:MD2 @@ -340,8 +340,8 @@ NETSCAPE_SPKAC_free 347 EXIST::FUNCTION: NETSCAPE_SPKAC_new 348 EXIST::FUNCTION: NETSCAPE_SPKI_free 349 EXIST::FUNCTION: NETSCAPE_SPKI_new 350 EXIST::FUNCTION: -NETSCAPE_SPKI_sign 351 EXIST::FUNCTION:EVP -NETSCAPE_SPKI_verify 352 EXIST::FUNCTION:EVP +NETSCAPE_SPKI_sign 351 EXIST::FUNCTION: +NETSCAPE_SPKI_verify 352 EXIST::FUNCTION: OBJ_add_object 353 EXIST::FUNCTION: OBJ_bsearch 354 NOEXIST::FUNCTION: OBJ_cleanup 355 EXIST::FUNCTION: @@ -357,9 +357,9 @@ OBJ_obj2nid 364 EXIST::FUNCTION: OBJ_sn2nid 365 EXIST::FUNCTION: OBJ_txt2nid 366 EXIST::FUNCTION: PEM_ASN1_read 367 EXIST::FUNCTION: -PEM_ASN1_read_bio 368 EXIST::FUNCTION:BIO +PEM_ASN1_read_bio 368 EXIST::FUNCTION: PEM_ASN1_write 369 EXIST::FUNCTION: -PEM_ASN1_write_bio 370 EXIST::FUNCTION:BIO +PEM_ASN1_write_bio 370 EXIST::FUNCTION: PEM_SealFinal 371 EXIST::FUNCTION:RSA PEM_SealInit 372 EXIST::FUNCTION:RSA PEM_SealUpdate 373 EXIST::FUNCTION:RSA @@ -367,23 +367,23 @@ PEM_SignFinal 374 EXIST::FUNCTION: PEM_SignInit 375 EXIST::FUNCTION: PEM_SignUpdate 376 EXIST::FUNCTION: PEM_X509_INFO_read 377 EXIST::FUNCTION: -PEM_X509_INFO_read_bio 378 EXIST::FUNCTION:BIO -PEM_X509_INFO_write_bio 379 EXIST::FUNCTION:BIO +PEM_X509_INFO_read_bio 378 EXIST::FUNCTION: +PEM_X509_INFO_write_bio 379 EXIST::FUNCTION: PEM_dek_info 380 EXIST::FUNCTION: PEM_do_header 381 EXIST::FUNCTION: PEM_get_EVP_CIPHER_INFO 382 EXIST::FUNCTION: PEM_proc_type 383 EXIST::FUNCTION: PEM_read 384 EXIST::FUNCTION: -PEM_read_DHparams 385 EXIST:!WIN16:FUNCTION:DH -PEM_read_DSAPrivateKey 386 EXIST:!WIN16:FUNCTION:DSA -PEM_read_DSAparams 387 EXIST:!WIN16:FUNCTION:DSA -PEM_read_PKCS7 388 EXIST:!WIN16:FUNCTION: -PEM_read_PrivateKey 389 EXIST:!WIN16:FUNCTION: -PEM_read_RSAPrivateKey 390 EXIST:!WIN16:FUNCTION:RSA -PEM_read_X509 391 EXIST:!WIN16:FUNCTION: -PEM_read_X509_CRL 392 EXIST:!WIN16:FUNCTION: -PEM_read_X509_REQ 393 EXIST:!WIN16:FUNCTION: -PEM_read_bio 394 EXIST::FUNCTION:BIO +PEM_read_DHparams 385 EXIST::FUNCTION:DH +PEM_read_DSAPrivateKey 386 EXIST::FUNCTION:DSA +PEM_read_DSAparams 387 EXIST::FUNCTION:DSA +PEM_read_PKCS7 388 EXIST::FUNCTION: +PEM_read_PrivateKey 389 EXIST::FUNCTION: +PEM_read_RSAPrivateKey 390 EXIST::FUNCTION:RSA +PEM_read_X509 391 EXIST::FUNCTION: +PEM_read_X509_CRL 392 EXIST::FUNCTION: +PEM_read_X509_REQ 393 EXIST::FUNCTION: +PEM_read_bio 394 EXIST::FUNCTION: PEM_read_bio_DHparams 395 EXIST::FUNCTION:DH PEM_read_bio_DSAPrivateKey 396 EXIST::FUNCTION:DSA PEM_read_bio_DSAparams 397 EXIST::FUNCTION:DSA @@ -394,16 +394,16 @@ PEM_read_bio_X509 401 EXIST::FUNCTION: PEM_read_bio_X509_CRL 402 EXIST::FUNCTION: PEM_read_bio_X509_REQ 403 EXIST::FUNCTION: PEM_write 404 EXIST::FUNCTION: -PEM_write_DHparams 405 EXIST:!WIN16:FUNCTION:DH -PEM_write_DSAPrivateKey 406 EXIST:!WIN16:FUNCTION:DSA -PEM_write_DSAparams 407 EXIST:!WIN16:FUNCTION:DSA -PEM_write_PKCS7 408 EXIST:!WIN16:FUNCTION: -PEM_write_PrivateKey 409 EXIST:!WIN16:FUNCTION: -PEM_write_RSAPrivateKey 410 EXIST:!WIN16:FUNCTION:RSA -PEM_write_X509 411 EXIST:!WIN16:FUNCTION: -PEM_write_X509_CRL 412 EXIST:!WIN16:FUNCTION: -PEM_write_X509_REQ 413 EXIST:!WIN16:FUNCTION: -PEM_write_bio 414 EXIST::FUNCTION:BIO +PEM_write_DHparams 405 EXIST::FUNCTION:DH +PEM_write_DSAPrivateKey 406 EXIST::FUNCTION:DSA +PEM_write_DSAparams 407 EXIST::FUNCTION:DSA +PEM_write_PKCS7 408 EXIST::FUNCTION: +PEM_write_PrivateKey 409 EXIST::FUNCTION: +PEM_write_RSAPrivateKey 410 EXIST::FUNCTION:RSA +PEM_write_X509 411 EXIST::FUNCTION: +PEM_write_X509_CRL 412 EXIST::FUNCTION: +PEM_write_X509_REQ 413 EXIST::FUNCTION: +PEM_write_bio 414 EXIST::FUNCTION: PEM_write_bio_DHparams 415 EXIST::FUNCTION:DH PEM_write_bio_DSAPrivateKey 416 EXIST::FUNCTION:DSA PEM_write_bio_DSAparams 417 EXIST::FUNCTION:DSA @@ -477,8 +477,8 @@ RSA_free 484 EXIST::FUNCTION:RSA RSA_generate_key 485 EXIST::FUNCTION:DEPRECATED,RSA RSA_new 486 EXIST::FUNCTION:RSA RSA_new_method 487 EXIST::FUNCTION:RSA -RSA_print 488 EXIST::FUNCTION:BIO,RSA -RSA_print_fp 489 EXIST::FUNCTION:FP_API,RSA +RSA_print 488 EXIST::FUNCTION:RSA +RSA_print_fp 489 EXIST::FUNCTION:RSA,STDIO RSA_private_decrypt 490 EXIST::FUNCTION:RSA RSA_private_encrypt 491 EXIST::FUNCTION:RSA RSA_public_decrypt 492 EXIST::FUNCTION:RSA @@ -489,14 +489,14 @@ RSA_sign_ASN1_OCTET_STRING 496 EXIST::FUNCTION:RSA RSA_size 497 EXIST::FUNCTION:RSA RSA_verify 498 EXIST::FUNCTION:RSA RSA_verify_ASN1_OCTET_STRING 499 EXIST::FUNCTION:RSA -SHA 500 EXIST::FUNCTION:SHA,SHA0 -SHA1 501 EXIST::FUNCTION:SHA,SHA1 -SHA1_Final 502 EXIST::FUNCTION:SHA,SHA1 -SHA1_Init 503 EXIST::FUNCTION:SHA,SHA1 -SHA1_Update 504 EXIST::FUNCTION:SHA,SHA1 -SHA_Final 505 EXIST::FUNCTION:SHA,SHA0 -SHA_Init 506 EXIST::FUNCTION:SHA,SHA0 -SHA_Update 507 EXIST::FUNCTION:SHA,SHA0 +SHA 500 NOEXIST::FUNCTION: +SHA1 501 EXIST::FUNCTION: +SHA1_Final 502 EXIST::FUNCTION: +SHA1_Init 503 EXIST::FUNCTION: +SHA1_Update 504 EXIST::FUNCTION: +SHA_Final 505 NOEXIST::FUNCTION: +SHA_Init 506 NOEXIST::FUNCTION: +SHA_Update 507 NOEXIST::FUNCTION: OpenSSL_add_all_algorithms 508 NOEXIST::FUNCTION: OpenSSL_add_all_ciphers 509 EXIST::FUNCTION: OpenSSL_add_all_digests 510 EXIST::FUNCTION: @@ -504,8 +504,8 @@ TXT_DB_create_index 511 EXIST::FUNCTION: TXT_DB_free 512 EXIST::FUNCTION: TXT_DB_get_by_index 513 EXIST::FUNCTION: TXT_DB_insert 514 EXIST::FUNCTION: -TXT_DB_read 515 EXIST::FUNCTION:BIO -TXT_DB_write 516 EXIST::FUNCTION:BIO +TXT_DB_read 515 EXIST::FUNCTION: +TXT_DB_write 516 EXIST::FUNCTION: X509_ALGOR_free 517 EXIST::FUNCTION: X509_ALGOR_new 518 EXIST::FUNCTION: X509_ATTRIBUTE_free 519 EXIST::FUNCTION: @@ -525,8 +525,8 @@ X509_CRL_get_ext_by_OBJ 532 EXIST::FUNCTION: X509_CRL_get_ext_by_critical 533 EXIST::FUNCTION: X509_CRL_get_ext_count 534 EXIST::FUNCTION: X509_CRL_new 535 EXIST::FUNCTION: -X509_CRL_sign 536 EXIST::FUNCTION:EVP -X509_CRL_verify 537 EXIST::FUNCTION:EVP +X509_CRL_sign 536 EXIST::FUNCTION: +X509_CRL_verify 537 EXIST::FUNCTION: X509_EXTENSION_create_by_NID 538 EXIST::FUNCTION: X509_EXTENSION_create_by_OBJ 539 EXIST::FUNCTION: X509_EXTENSION_dup 540 EXIST::FUNCTION: @@ -538,8 +538,8 @@ X509_EXTENSION_new 545 EXIST::FUNCTION: X509_EXTENSION_set_critical 546 EXIST::FUNCTION: X509_EXTENSION_set_data 547 EXIST::FUNCTION: X509_EXTENSION_set_object 548 EXIST::FUNCTION: -X509_INFO_free 549 EXIST::FUNCTION:EVP -X509_INFO_new 550 EXIST::FUNCTION:EVP +X509_INFO_free 549 EXIST::FUNCTION: +X509_INFO_new 550 EXIST::FUNCTION: X509_LOOKUP_by_alias 551 EXIST::FUNCTION: X509_LOOKUP_by_fingerprint 552 EXIST::FUNCTION: X509_LOOKUP_by_issuer_serial 553 EXIST::FUNCTION: @@ -563,7 +563,7 @@ X509_NAME_ENTRY_set_object 570 EXIST::FUNCTION: X509_NAME_add_entry 571 EXIST::FUNCTION: X509_NAME_cmp 572 EXIST::FUNCTION: X509_NAME_delete_entry 573 EXIST::FUNCTION: -X509_NAME_digest 574 EXIST::FUNCTION:EVP +X509_NAME_digest 574 EXIST::FUNCTION: X509_NAME_dup 575 EXIST::FUNCTION: X509_NAME_entry_count 576 EXIST::FUNCTION: X509_NAME_free 577 EXIST::FUNCTION: @@ -574,8 +574,8 @@ X509_NAME_get_text_by_NID 581 EXIST::FUNCTION: X509_NAME_get_text_by_OBJ 582 EXIST::FUNCTION: X509_NAME_hash 583 EXIST::FUNCTION: X509_NAME_new 584 EXIST::FUNCTION: -X509_NAME_oneline 585 EXIST::FUNCTION:EVP -X509_NAME_print 586 EXIST::FUNCTION:BIO +X509_NAME_oneline 585 EXIST::FUNCTION: +X509_NAME_print 586 EXIST::FUNCTION: X509_NAME_set 587 EXIST::FUNCTION: X509_OBJECT_free_contents 588 EXIST::FUNCTION: X509_OBJECT_retrieve_by_subject 589 EXIST::FUNCTION: @@ -592,14 +592,14 @@ X509_REQ_dup 599 EXIST::FUNCTION: X509_REQ_free 600 EXIST::FUNCTION: X509_REQ_get_pubkey 601 EXIST::FUNCTION: X509_REQ_new 602 EXIST::FUNCTION: -X509_REQ_print 603 EXIST::FUNCTION:BIO -X509_REQ_print_fp 604 EXIST::FUNCTION:FP_API +X509_REQ_print 603 EXIST::FUNCTION: +X509_REQ_print_fp 604 EXIST::FUNCTION:STDIO X509_REQ_set_pubkey 605 EXIST::FUNCTION: X509_REQ_set_subject_name 606 EXIST::FUNCTION: X509_REQ_set_version 607 EXIST::FUNCTION: -X509_REQ_sign 608 EXIST::FUNCTION:EVP +X509_REQ_sign 608 EXIST::FUNCTION: X509_REQ_to_X509 609 EXIST::FUNCTION: -X509_REQ_verify 610 EXIST::FUNCTION:EVP +X509_REQ_verify 610 EXIST::FUNCTION: X509_REVOKED_add_ext 611 EXIST::FUNCTION: X509_REVOKED_delete_ext 612 EXIST::FUNCTION: X509_REVOKED_free 613 EXIST::FUNCTION: @@ -629,7 +629,7 @@ X509_certificate_type 635 EXIST::FUNCTION: X509_check_private_key 636 EXIST::FUNCTION: X509_cmp_current_time 637 EXIST::FUNCTION: X509_delete_ext 638 EXIST::FUNCTION: -X509_digest 639 EXIST::FUNCTION:EVP +X509_digest 639 EXIST::FUNCTION: X509_dup 640 EXIST::FUNCTION: X509_free 641 EXIST::FUNCTION: X509_get_default_cert_area 642 EXIST::FUNCTION: @@ -655,8 +655,8 @@ X509_issuer_name_cmp 661 EXIST::FUNCTION: X509_issuer_name_hash 662 EXIST::FUNCTION: X509_load_cert_file 663 EXIST::FUNCTION:STDIO X509_new 664 EXIST::FUNCTION: -X509_print 665 EXIST::FUNCTION:BIO -X509_print_fp 666 EXIST::FUNCTION:FP_API +X509_print 665 EXIST::FUNCTION: +X509_print_fp 666 EXIST::FUNCTION:STDIO X509_set_issuer_name 667 EXIST::FUNCTION: X509_set_notAfter 668 EXIST::FUNCTION: X509_set_notBefore 669 EXIST::FUNCTION: @@ -664,11 +664,11 @@ X509_set_pubkey 670 EXIST::FUNCTION: X509_set_serialNumber 671 EXIST::FUNCTION: X509_set_subject_name 672 EXIST::FUNCTION: X509_set_version 673 EXIST::FUNCTION: -X509_sign 674 EXIST::FUNCTION:EVP +X509_sign 674 EXIST::FUNCTION: X509_subject_name_cmp 675 EXIST::FUNCTION: X509_subject_name_hash 676 EXIST::FUNCTION: X509_to_X509_REQ 677 EXIST::FUNCTION: -X509_verify 678 EXIST::FUNCTION:EVP +X509_verify 678 EXIST::FUNCTION: X509_verify_cert 679 EXIST::FUNCTION: X509_verify_cert_error_string 680 EXIST::FUNCTION: X509v3_add_ext 681 EXIST::FUNCTION: @@ -690,8 +690,8 @@ X509v3_pack_type_by_OBJ 696 NOEXIST::FUNCTION: X509v3_unpack_string 697 NOEXIST::FUNCTION: _des_crypt 698 NOEXIST::FUNCTION: a2d_ASN1_OBJECT 699 EXIST::FUNCTION: -a2i_ASN1_INTEGER 700 EXIST::FUNCTION:BIO -a2i_ASN1_STRING 701 EXIST::FUNCTION:BIO +a2i_ASN1_INTEGER 700 EXIST::FUNCTION: +a2i_ASN1_STRING 701 EXIST::FUNCTION: asn1_Finish 702 EXIST::FUNCTION: asn1_GetSequence 703 EXIST::FUNCTION: bn_div_words 704 NOEXIST::FUNCTION: @@ -701,7 +701,7 @@ bn_mul_words 707 NOEXIST::FUNCTION: BN_uadd 708 EXIST::FUNCTION: BN_usub 709 EXIST::FUNCTION: bn_sqr_words 710 NOEXIST::FUNCTION: -_ossl_old_crypt 711 EXIST:!PERL5:FUNCTION:DES +_ossl_old_crypt 711 NOEXIST::FUNCTION: d2i_ASN1_BIT_STRING 712 EXIST::FUNCTION: d2i_ASN1_BOOLEAN 713 EXIST::FUNCTION: d2i_ASN1_HEADER 714 NOEXIST::FUNCTION: @@ -719,8 +719,8 @@ d2i_ASN1_bytes 725 EXIST::FUNCTION: d2i_ASN1_type_bytes 726 EXIST::FUNCTION: d2i_DHparams 727 EXIST::FUNCTION:DH d2i_DSAPrivateKey 728 EXIST::FUNCTION:DSA -d2i_DSAPrivateKey_bio 729 EXIST::FUNCTION:BIO,DSA -d2i_DSAPrivateKey_fp 730 EXIST::FUNCTION:DSA,FP_API +d2i_DSAPrivateKey_bio 729 EXIST::FUNCTION:DSA +d2i_DSAPrivateKey_fp 730 EXIST::FUNCTION:DSA,STDIO d2i_DSAPublicKey 731 EXIST::FUNCTION:DSA d2i_DSAparams 732 EXIST::FUNCTION:DSA d2i_NETSCAPE_SPKAC 733 EXIST::FUNCTION: @@ -737,12 +737,12 @@ d2i_PKCS7_SIGNED 743 EXIST::FUNCTION: d2i_PKCS7_SIGNER_INFO 744 EXIST::FUNCTION: d2i_PKCS7_SIGN_ENVELOPE 745 EXIST::FUNCTION: d2i_PKCS7_bio 746 EXIST::FUNCTION: -d2i_PKCS7_fp 747 EXIST::FUNCTION:FP_API +d2i_PKCS7_fp 747 EXIST::FUNCTION:STDIO d2i_PrivateKey 748 EXIST::FUNCTION: d2i_PublicKey 749 EXIST::FUNCTION: d2i_RSAPrivateKey 750 EXIST::FUNCTION:RSA -d2i_RSAPrivateKey_bio 751 EXIST::FUNCTION:BIO,RSA -d2i_RSAPrivateKey_fp 752 EXIST::FUNCTION:FP_API,RSA +d2i_RSAPrivateKey_bio 751 EXIST::FUNCTION:RSA +d2i_RSAPrivateKey_fp 752 EXIST::FUNCTION:RSA,STDIO d2i_RSAPublicKey 753 EXIST::FUNCTION:RSA d2i_X509 754 EXIST::FUNCTION: d2i_X509_ALGOR 755 EXIST::FUNCTION: @@ -750,8 +750,8 @@ d2i_X509_ATTRIBUTE 756 EXIST::FUNCTION: d2i_X509_CINF 757 EXIST::FUNCTION: d2i_X509_CRL 758 EXIST::FUNCTION: d2i_X509_CRL_INFO 759 EXIST::FUNCTION: -d2i_X509_CRL_bio 760 EXIST::FUNCTION:BIO -d2i_X509_CRL_fp 761 EXIST::FUNCTION:FP_API +d2i_X509_CRL_bio 760 EXIST::FUNCTION: +d2i_X509_CRL_fp 761 EXIST::FUNCTION:STDIO d2i_X509_EXTENSION 762 EXIST::FUNCTION: d2i_X509_NAME 763 EXIST::FUNCTION: d2i_X509_NAME_ENTRY 764 EXIST::FUNCTION: @@ -759,13 +759,13 @@ d2i_X509_PKEY 765 EXIST::FUNCTION: d2i_X509_PUBKEY 766 EXIST::FUNCTION: d2i_X509_REQ 767 EXIST::FUNCTION: d2i_X509_REQ_INFO 768 EXIST::FUNCTION: -d2i_X509_REQ_bio 769 EXIST::FUNCTION:BIO -d2i_X509_REQ_fp 770 EXIST::FUNCTION:FP_API +d2i_X509_REQ_bio 769 EXIST::FUNCTION: +d2i_X509_REQ_fp 770 EXIST::FUNCTION:STDIO d2i_X509_REVOKED 771 EXIST::FUNCTION: d2i_X509_SIG 772 EXIST::FUNCTION: d2i_X509_VAL 773 EXIST::FUNCTION: -d2i_X509_bio 774 EXIST::FUNCTION:BIO -d2i_X509_fp 775 EXIST::FUNCTION:FP_API +d2i_X509_bio 774 EXIST::FUNCTION: +d2i_X509_fp 775 EXIST::FUNCTION:STDIO DES_cbc_cksum 777 EXIST::FUNCTION:DES DES_cbc_encrypt 778 EXIST::FUNCTION:DES DES_cblock_print_file 779 NOEXIST::FUNCTION: @@ -792,9 +792,9 @@ DES_options 799 EXIST::FUNCTION:DES DES_pcbc_encrypt 800 EXIST::FUNCTION:DES DES_quad_cksum 801 EXIST::FUNCTION:DES DES_random_key 802 EXIST::FUNCTION:DES -_ossl_old_des_random_seed 803 EXIST::FUNCTION:DES -_ossl_old_des_read_2passwords 804 EXIST::FUNCTION:DES -_ossl_old_des_read_password 805 EXIST::FUNCTION:DES +_ossl_old_des_random_seed 803 NOEXIST::FUNCTION: +_ossl_old_des_read_2passwords 804 NOEXIST::FUNCTION: +_ossl_old_des_read_password 805 NOEXIST::FUNCTION: _ossl_old_des_read_pw 806 EXIST::FUNCTION: _ossl_old_des_read_pw_string 807 EXIST::FUNCTION: DES_set_key 808 EXIST::FUNCTION:DES @@ -804,9 +804,9 @@ DES_string_to_key 811 EXIST::FUNCTION:DES DES_xcbc_encrypt 812 EXIST::FUNCTION:DES DES_xwhite_in2out 813 NOEXIST::FUNCTION: fcrypt_body 814 NOEXIST::FUNCTION: -i2a_ASN1_INTEGER 815 EXIST::FUNCTION:BIO -i2a_ASN1_OBJECT 816 EXIST::FUNCTION:BIO -i2a_ASN1_STRING 817 EXIST::FUNCTION:BIO +i2a_ASN1_INTEGER 815 EXIST::FUNCTION: +i2a_ASN1_OBJECT 816 EXIST::FUNCTION: +i2a_ASN1_STRING 817 EXIST::FUNCTION: i2d_ASN1_BIT_STRING 818 EXIST::FUNCTION: i2d_ASN1_BOOLEAN 819 EXIST::FUNCTION: i2d_ASN1_HEADER 820 NOEXIST::FUNCTION: @@ -821,8 +821,8 @@ i2d_ASN1_UTCTIME 828 EXIST::FUNCTION: i2d_ASN1_bytes 829 EXIST::FUNCTION: i2d_DHparams 830 EXIST::FUNCTION:DH i2d_DSAPrivateKey 831 EXIST::FUNCTION:DSA -i2d_DSAPrivateKey_bio 832 EXIST::FUNCTION:BIO,DSA -i2d_DSAPrivateKey_fp 833 EXIST::FUNCTION:DSA,FP_API +i2d_DSAPrivateKey_bio 832 EXIST::FUNCTION:DSA +i2d_DSAPrivateKey_fp 833 EXIST::FUNCTION:DSA,STDIO i2d_DSAPublicKey 834 EXIST::FUNCTION:DSA i2d_DSAparams 835 EXIST::FUNCTION:DSA i2d_NETSCAPE_SPKAC 836 EXIST::FUNCTION: @@ -839,12 +839,12 @@ i2d_PKCS7_SIGNED 846 EXIST::FUNCTION: i2d_PKCS7_SIGNER_INFO 847 EXIST::FUNCTION: i2d_PKCS7_SIGN_ENVELOPE 848 EXIST::FUNCTION: i2d_PKCS7_bio 849 EXIST::FUNCTION: -i2d_PKCS7_fp 850 EXIST::FUNCTION:FP_API +i2d_PKCS7_fp 850 EXIST::FUNCTION:STDIO i2d_PrivateKey 851 EXIST::FUNCTION: i2d_PublicKey 852 EXIST::FUNCTION: i2d_RSAPrivateKey 853 EXIST::FUNCTION:RSA -i2d_RSAPrivateKey_bio 854 EXIST::FUNCTION:BIO,RSA -i2d_RSAPrivateKey_fp 855 EXIST::FUNCTION:FP_API,RSA +i2d_RSAPrivateKey_bio 854 EXIST::FUNCTION:RSA +i2d_RSAPrivateKey_fp 855 EXIST::FUNCTION:RSA,STDIO i2d_RSAPublicKey 856 EXIST::FUNCTION:RSA i2d_X509 857 EXIST::FUNCTION: i2d_X509_ALGOR 858 EXIST::FUNCTION: @@ -852,8 +852,8 @@ i2d_X509_ATTRIBUTE 859 EXIST::FUNCTION: i2d_X509_CINF 860 EXIST::FUNCTION: i2d_X509_CRL 861 EXIST::FUNCTION: i2d_X509_CRL_INFO 862 EXIST::FUNCTION: -i2d_X509_CRL_bio 863 EXIST::FUNCTION:BIO -i2d_X509_CRL_fp 864 EXIST::FUNCTION:FP_API +i2d_X509_CRL_bio 863 EXIST::FUNCTION: +i2d_X509_CRL_fp 864 EXIST::FUNCTION:STDIO i2d_X509_EXTENSION 865 EXIST::FUNCTION: i2d_X509_NAME 866 EXIST::FUNCTION: i2d_X509_NAME_ENTRY 867 EXIST::FUNCTION: @@ -861,13 +861,13 @@ i2d_X509_PKEY 868 EXIST::FUNCTION: i2d_X509_PUBKEY 869 EXIST::FUNCTION: i2d_X509_REQ 870 EXIST::FUNCTION: i2d_X509_REQ_INFO 871 EXIST::FUNCTION: -i2d_X509_REQ_bio 872 EXIST::FUNCTION:BIO -i2d_X509_REQ_fp 873 EXIST::FUNCTION:FP_API +i2d_X509_REQ_bio 872 EXIST::FUNCTION: +i2d_X509_REQ_fp 873 EXIST::FUNCTION:STDIO i2d_X509_REVOKED 874 EXIST::FUNCTION: i2d_X509_SIG 875 EXIST::FUNCTION: i2d_X509_VAL 876 EXIST::FUNCTION: -i2d_X509_bio 877 EXIST::FUNCTION:BIO -i2d_X509_fp 878 EXIST::FUNCTION:FP_API +i2d_X509_bio 877 EXIST::FUNCTION: +i2d_X509_fp 878 EXIST::FUNCTION:STDIO idea_cbc_encrypt 879 EXIST::FUNCTION:IDEA idea_cfb64_encrypt 880 EXIST::FUNCTION:IDEA idea_ecb_encrypt 881 EXIST::FUNCTION:IDEA @@ -882,13 +882,13 @@ lh_doall_arg 889 EXIST::FUNCTION: lh_free 890 EXIST::FUNCTION: lh_insert 891 EXIST::FUNCTION: lh_new 892 EXIST::FUNCTION: -lh_node_stats 893 EXIST::FUNCTION:FP_API -lh_node_stats_bio 894 EXIST::FUNCTION:BIO -lh_node_usage_stats 895 EXIST::FUNCTION:FP_API -lh_node_usage_stats_bio 896 EXIST::FUNCTION:BIO +lh_node_stats 893 EXIST::FUNCTION:STDIO +lh_node_stats_bio 894 EXIST::FUNCTION: +lh_node_usage_stats 895 EXIST::FUNCTION:STDIO +lh_node_usage_stats_bio 896 EXIST::FUNCTION: lh_retrieve 897 EXIST::FUNCTION: -lh_stats 898 EXIST::FUNCTION:FP_API -lh_stats_bio 899 EXIST::FUNCTION:BIO +lh_stats 898 EXIST::FUNCTION:STDIO +lh_stats_bio 899 EXIST::FUNCTION: lh_strhash 900 EXIST::FUNCTION: sk_delete 901 EXIST::FUNCTION: sk_delete_ptr 902 EXIST::FUNCTION: @@ -929,12 +929,12 @@ EVP_delete_alias 941 NOEXIST::FUNCTION: EVP_mdc2 942 EXIST::FUNCTION:MDC2 PEM_read_bio_RSAPublicKey 943 EXIST::FUNCTION:RSA PEM_write_bio_RSAPublicKey 944 EXIST::FUNCTION:RSA -d2i_RSAPublicKey_bio 945 EXIST::FUNCTION:BIO,RSA -i2d_RSAPublicKey_bio 946 EXIST::FUNCTION:BIO,RSA -PEM_read_RSAPublicKey 947 EXIST:!WIN16:FUNCTION:RSA -PEM_write_RSAPublicKey 949 EXIST:!WIN16:FUNCTION:RSA -d2i_RSAPublicKey_fp 952 EXIST::FUNCTION:FP_API,RSA -i2d_RSAPublicKey_fp 954 EXIST::FUNCTION:FP_API,RSA +d2i_RSAPublicKey_bio 945 EXIST::FUNCTION:RSA +i2d_RSAPublicKey_bio 946 EXIST::FUNCTION:RSA +PEM_read_RSAPublicKey 947 EXIST::FUNCTION:RSA +PEM_write_RSAPublicKey 949 EXIST::FUNCTION:RSA +d2i_RSAPublicKey_fp 952 EXIST::FUNCTION:RSA,STDIO +i2d_RSAPublicKey_fp 954 EXIST::FUNCTION:RSA,STDIO BIO_copy_next_retry 955 EXIST::FUNCTION: RSA_flags 956 EXIST::FUNCTION:RSA X509_STORE_add_crl 957 EXIST::FUNCTION: @@ -988,8 +988,8 @@ ERR_load_CRYPTO_strings 1009 EXIST:!OS2,!VMS:FUNCTION: ERR_load_CRYPTOlib_strings 1009 EXIST:OS2,VMS:FUNCTION: EVP_PKEY_bits 1010 EXIST::FUNCTION: MD5_Transform 1011 EXIST::FUNCTION:MD5 -SHA1_Transform 1012 EXIST::FUNCTION:SHA,SHA1 -SHA_Transform 1013 EXIST::FUNCTION:SHA,SHA0 +SHA1_Transform 1012 EXIST::FUNCTION: +SHA_Transform 1013 NOEXIST::FUNCTION: X509_STORE_CTX_get_chain 1014 EXIST::FUNCTION: X509_STORE_CTX_get_current_cert 1015 EXIST::FUNCTION: X509_STORE_CTX_get_error 1016 EXIST::FUNCTION: @@ -1016,11 +1016,11 @@ RSA_padding_check_none 1038 EXIST::FUNCTION:RSA bn_add_words 1039 NOEXIST::FUNCTION: d2i_Netscape_RSA_2 1040 NOEXIST::FUNCTION: CRYPTO_get_ex_new_index 1041 EXIST::FUNCTION: -RIPEMD160_Init 1042 EXIST::FUNCTION:RIPEMD -RIPEMD160_Update 1043 EXIST::FUNCTION:RIPEMD -RIPEMD160_Final 1044 EXIST::FUNCTION:RIPEMD -RIPEMD160 1045 EXIST::FUNCTION:RIPEMD -RIPEMD160_Transform 1046 EXIST::FUNCTION:RIPEMD +RIPEMD160_Init 1042 EXIST::FUNCTION: +RIPEMD160_Update 1043 EXIST::FUNCTION: +RIPEMD160_Final 1044 EXIST::FUNCTION: +RIPEMD160 1045 EXIST::FUNCTION: +RIPEMD160_Transform 1046 EXIST::FUNCTION: RC5_32_set_key 1047 EXIST::FUNCTION:RC5 RC5_32_ecb_encrypt 1048 EXIST::FUNCTION:RC5 RC5_32_encrypt 1049 EXIST::FUNCTION:RC5 @@ -1127,21 +1127,21 @@ PKCS7_set_signed_attributes 1154 EXIST::FUNCTION: X509_ATTRIBUTE_create 1155 EXIST::FUNCTION: X509_ATTRIBUTE_dup 1156 EXIST::FUNCTION: ASN1_GENERALIZEDTIME_check 1157 EXIST::FUNCTION: -ASN1_GENERALIZEDTIME_print 1158 EXIST::FUNCTION:BIO +ASN1_GENERALIZEDTIME_print 1158 EXIST::FUNCTION: ASN1_GENERALIZEDTIME_set 1159 EXIST::FUNCTION: ASN1_GENERALIZEDTIME_set_string 1160 EXIST::FUNCTION: -ASN1_TIME_print 1161 EXIST::FUNCTION:BIO +ASN1_TIME_print 1161 EXIST::FUNCTION: BASIC_CONSTRAINTS_free 1162 EXIST::FUNCTION: BASIC_CONSTRAINTS_new 1163 EXIST::FUNCTION: ERR_load_X509V3_strings 1164 EXIST::FUNCTION: NETSCAPE_CERT_SEQUENCE_free 1165 EXIST::FUNCTION: NETSCAPE_CERT_SEQUENCE_new 1166 EXIST::FUNCTION: OBJ_txt2obj 1167 EXIST::FUNCTION: -PEM_read_NETSCAPE_CERT_SEQUENCE 1168 EXIST:!VMS,!WIN16:FUNCTION: +PEM_read_NETSCAPE_CERT_SEQUENCE 1168 EXIST:!VMS:FUNCTION: PEM_read_NS_CERT_SEQ 1168 EXIST:VMS:FUNCTION: PEM_read_bio_NETSCAPE_CERT_SEQUENCE 1169 EXIST:!VMS:FUNCTION: PEM_read_bio_NS_CERT_SEQ 1169 EXIST:VMS:FUNCTION: -PEM_write_NETSCAPE_CERT_SEQUENCE 1170 EXIST:!VMS,!WIN16:FUNCTION: +PEM_write_NETSCAPE_CERT_SEQUENCE 1170 EXIST:!VMS:FUNCTION: PEM_write_NS_CERT_SEQ 1170 EXIST:VMS:FUNCTION: PEM_write_bio_NETSCAPE_CERT_SEQUENCE 1171 EXIST:!VMS:FUNCTION: PEM_write_bio_NS_CERT_SEQ 1171 EXIST:VMS:FUNCTION: @@ -1182,8 +1182,8 @@ ASN1_ENUMERATED_set 1205 EXIST::FUNCTION: ASN1_ENUMERATED_get 1206 EXIST::FUNCTION: BN_to_ASN1_ENUMERATED 1207 EXIST::FUNCTION: ASN1_ENUMERATED_to_BN 1208 EXIST::FUNCTION: -i2a_ASN1_ENUMERATED 1209 EXIST::FUNCTION:BIO -a2i_ASN1_ENUMERATED 1210 EXIST::FUNCTION:BIO +i2a_ASN1_ENUMERATED 1209 EXIST::FUNCTION: +a2i_ASN1_ENUMERATED 1210 EXIST::FUNCTION: i2d_GENERAL_NAME 1211 EXIST::FUNCTION: d2i_GENERAL_NAME 1212 EXIST::FUNCTION: GENERAL_NAME_new 1213 EXIST::FUNCTION: @@ -1198,11 +1198,11 @@ s2i_ASN1_OCTET_STRING 1221 EXIST::FUNCTION: X509V3_EXT_check_conf 1222 NOEXIST::FUNCTION: hex_to_string 1223 EXIST::FUNCTION: string_to_hex 1224 EXIST::FUNCTION: -DES_ede3_cbcm_encrypt 1225 EXIST::FUNCTION:DES +DES_ede3_cbcm_encrypt 1225 NOEXIST::FUNCTION: RSA_padding_add_PKCS1_OAEP 1226 EXIST::FUNCTION:RSA RSA_padding_check_PKCS1_OAEP 1227 EXIST::FUNCTION:RSA -X509_CRL_print_fp 1228 EXIST::FUNCTION:FP_API -X509_CRL_print 1229 EXIST::FUNCTION:BIO +X509_CRL_print_fp 1228 EXIST::FUNCTION:STDIO +X509_CRL_print 1229 EXIST::FUNCTION: i2v_GENERAL_NAME 1230 EXIST::FUNCTION: v2i_GENERAL_NAME 1231 EXIST::FUNCTION: i2d_PKEY_USAGE_PERIOD 1232 EXIST::FUNCTION: @@ -1216,8 +1216,8 @@ name_cmp 1239 EXIST::FUNCTION: str_dup 1240 NOEXIST::FUNCTION: i2s_ASN1_ENUMERATED 1241 EXIST::FUNCTION: i2s_ASN1_ENUMERATED_TABLE 1242 EXIST::FUNCTION: -BIO_s_log 1243 EXIST:!OS2,!WIN16,!WIN32,!macintosh:FUNCTION: -BIO_f_reliable 1244 EXIST::FUNCTION:BIO +BIO_s_log 1243 EXIST:!OS2,!WIN32,!macintosh:FUNCTION: +BIO_f_reliable 1244 EXIST::FUNCTION: PKCS7_dataFinal 1245 EXIST::FUNCTION: PKCS7_dataDecode 1246 EXIST::FUNCTION: X509V3_EXT_CRL_add_conf 1247 EXIST::FUNCTION: @@ -1225,7 +1225,7 @@ BN_set_params 1248 EXIST::FUNCTION:DEPRECATED BN_get_params 1249 EXIST::FUNCTION:DEPRECATED BIO_get_ex_num 1250 NOEXIST::FUNCTION: BIO_set_ex_free_func 1251 NOEXIST::FUNCTION: -EVP_ripemd160 1252 EXIST::FUNCTION:RIPEMD +EVP_ripemd160 1252 EXIST::FUNCTION:RMD160 ASN1_TIME_set 1253 EXIST::FUNCTION: i2d_AUTHORITY_KEYID 1254 EXIST::FUNCTION: d2i_AUTHORITY_KEYID 1255 EXIST::FUNCTION: @@ -1426,26 +1426,26 @@ d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO 1748 NOEXIST::FUNCTION: d2i_ASN1_SET_OF_PKCS7_RECIP_INFO 1753 NOEXIST::FUNCTION: PKCS5_PBE_add 1775 EXIST::FUNCTION: PEM_write_bio_PKCS8 1776 EXIST::FUNCTION: -i2d_PKCS8_fp 1777 EXIST::FUNCTION:FP_API +i2d_PKCS8_fp 1777 EXIST::FUNCTION:STDIO PEM_read_bio_PKCS8_PRIV_KEY_INFO 1778 EXIST:!VMS:FUNCTION: PEM_read_bio_P8_PRIV_KEY_INFO 1778 EXIST:VMS:FUNCTION: -d2i_PKCS8_bio 1779 EXIST::FUNCTION:BIO -d2i_PKCS8_PRIV_KEY_INFO_fp 1780 EXIST::FUNCTION:FP_API +d2i_PKCS8_bio 1779 EXIST::FUNCTION: +d2i_PKCS8_PRIV_KEY_INFO_fp 1780 EXIST::FUNCTION:STDIO PEM_write_bio_PKCS8_PRIV_KEY_INFO 1781 EXIST:!VMS:FUNCTION: PEM_write_bio_P8_PRIV_KEY_INFO 1781 EXIST:VMS:FUNCTION: -PEM_read_PKCS8 1782 EXIST:!WIN16:FUNCTION: -d2i_PKCS8_PRIV_KEY_INFO_bio 1783 EXIST::FUNCTION:BIO -d2i_PKCS8_fp 1784 EXIST::FUNCTION:FP_API -PEM_write_PKCS8 1785 EXIST:!WIN16:FUNCTION: -PEM_read_PKCS8_PRIV_KEY_INFO 1786 EXIST:!VMS,!WIN16:FUNCTION: +PEM_read_PKCS8 1782 EXIST::FUNCTION: +d2i_PKCS8_PRIV_KEY_INFO_bio 1783 EXIST::FUNCTION: +d2i_PKCS8_fp 1784 EXIST::FUNCTION:STDIO +PEM_write_PKCS8 1785 EXIST::FUNCTION: +PEM_read_PKCS8_PRIV_KEY_INFO 1786 EXIST:!VMS:FUNCTION: PEM_read_P8_PRIV_KEY_INFO 1786 EXIST:VMS:FUNCTION: PEM_read_bio_PKCS8 1787 EXIST::FUNCTION: -PEM_write_PKCS8_PRIV_KEY_INFO 1788 EXIST:!VMS,!WIN16:FUNCTION: +PEM_write_PKCS8_PRIV_KEY_INFO 1788 EXIST:!VMS:FUNCTION: PEM_write_P8_PRIV_KEY_INFO 1788 EXIST:VMS:FUNCTION: PKCS5_PBE_keyivgen 1789 EXIST::FUNCTION: -i2d_PKCS8_bio 1790 EXIST::FUNCTION:BIO -i2d_PKCS8_PRIV_KEY_INFO_fp 1791 EXIST::FUNCTION:FP_API -i2d_PKCS8_PRIV_KEY_INFO_bio 1792 EXIST::FUNCTION:BIO +i2d_PKCS8_bio 1790 EXIST::FUNCTION: +i2d_PKCS8_PRIV_KEY_INFO_fp 1791 EXIST::FUNCTION:STDIO +i2d_PKCS8_PRIV_KEY_INFO_bio 1792 EXIST::FUNCTION: BIO_s_bio 1793 EXIST::FUNCTION: PKCS5_pbe2_set 1794 EXIST::FUNCTION: PKCS5_PBKDF2_HMAC_SHA1 1795 EXIST::FUNCTION: @@ -1459,7 +1459,7 @@ BIO_new_bio_pair 1802 EXIST::FUNCTION: BIO_ctrl_get_write_guarantee 1803 EXIST::FUNCTION: CRYPTO_num_locks 1804 EXIST::FUNCTION: CONF_load_bio 1805 EXIST::FUNCTION: -CONF_load_fp 1806 EXIST::FUNCTION:FP_API +CONF_load_fp 1806 EXIST::FUNCTION:STDIO i2d_ASN1_SET_OF_ASN1_OBJECT 1837 NOEXIST::FUNCTION: d2i_ASN1_SET_OF_ASN1_OBJECT 1844 NOEXIST::FUNCTION: PKCS7_signatureVerify 1845 EXIST::FUNCTION: @@ -1494,11 +1494,11 @@ DSA_set_ex_data 1893 EXIST::FUNCTION:DSA DH_set_default_method 1894 EXIST::FUNCTION:DH DSA_get_ex_data 1895 EXIST::FUNCTION:DSA X509V3_EXT_REQ_add_conf 1896 EXIST::FUNCTION: -NETSCAPE_SPKI_print 1897 EXIST::FUNCTION:EVP -NETSCAPE_SPKI_set_pubkey 1898 EXIST::FUNCTION:EVP -NETSCAPE_SPKI_b64_encode 1899 EXIST::FUNCTION:EVP -NETSCAPE_SPKI_get_pubkey 1900 EXIST::FUNCTION:EVP -NETSCAPE_SPKI_b64_decode 1901 EXIST::FUNCTION:EVP +NETSCAPE_SPKI_print 1897 EXIST::FUNCTION: +NETSCAPE_SPKI_set_pubkey 1898 EXIST::FUNCTION: +NETSCAPE_SPKI_b64_encode 1899 EXIST::FUNCTION: +NETSCAPE_SPKI_get_pubkey 1900 EXIST::FUNCTION: +NETSCAPE_SPKI_b64_decode 1901 EXIST::FUNCTION: UTF8_putc 1902 EXIST::FUNCTION: UTF8_getc 1903 EXIST::FUNCTION: RSA_null_method 1904 EXIST::FUNCTION:RSA @@ -1512,9 +1512,9 @@ X509_reject_set_bit_asc 1911 NOEXIST::FUNCTION: X509_NAME_add_entry_by_txt 1912 EXIST::FUNCTION: X509_NAME_add_entry_by_NID 1914 EXIST::FUNCTION: X509_PURPOSE_get0 1915 EXIST::FUNCTION: -PEM_read_X509_AUX 1917 EXIST:!WIN16:FUNCTION: +PEM_read_X509_AUX 1917 EXIST::FUNCTION: d2i_AUTHORITY_INFO_ACCESS 1918 EXIST::FUNCTION: -PEM_write_PUBKEY 1921 EXIST:!WIN16:FUNCTION: +PEM_write_PUBKEY 1921 EXIST::FUNCTION: ACCESS_DESCRIPTION_new 1925 EXIST::FUNCTION: X509_CERT_AUX_free 1926 EXIST::FUNCTION: d2i_ACCESS_DESCRIPTION 1927 EXIST::FUNCTION: @@ -1543,22 +1543,22 @@ ASN1_STRING_set_default_mask_asc 1960 EXIST:!VMS:FUNCTION: ASN1_STRING_set_def_mask_asc 1960 EXIST:VMS:FUNCTION: PEM_write_bio_RSA_PUBKEY 1961 EXIST::FUNCTION:RSA ASN1_INTEGER_cmp 1963 EXIST::FUNCTION: -d2i_RSA_PUBKEY_fp 1964 EXIST::FUNCTION:FP_API,RSA +d2i_RSA_PUBKEY_fp 1964 EXIST::FUNCTION:RSA,STDIO X509_trust_set_bit_asc 1967 NOEXIST::FUNCTION: PEM_write_bio_DSA_PUBKEY 1968 EXIST::FUNCTION:DSA X509_STORE_CTX_free 1969 EXIST::FUNCTION: EVP_PKEY_set1_DSA 1970 EXIST::FUNCTION:DSA -i2d_DSA_PUBKEY_fp 1971 EXIST::FUNCTION:DSA,FP_API +i2d_DSA_PUBKEY_fp 1971 EXIST::FUNCTION:DSA,STDIO X509_load_cert_crl_file 1972 EXIST::FUNCTION:STDIO ASN1_TIME_new 1973 EXIST::FUNCTION: i2d_RSA_PUBKEY 1974 EXIST::FUNCTION:RSA X509_STORE_CTX_purpose_inherit 1976 EXIST::FUNCTION: -PEM_read_RSA_PUBKEY 1977 EXIST:!WIN16:FUNCTION:RSA +PEM_read_RSA_PUBKEY 1977 EXIST::FUNCTION:RSA d2i_X509_AUX 1980 EXIST::FUNCTION: i2d_DSA_PUBKEY 1981 EXIST::FUNCTION:DSA -X509_CERT_AUX_print 1982 EXIST::FUNCTION:BIO -PEM_read_DSA_PUBKEY 1984 EXIST:!WIN16:FUNCTION:DSA -i2d_RSA_PUBKEY_bio 1985 EXIST::FUNCTION:BIO,RSA +X509_CERT_AUX_print 1982 EXIST::FUNCTION: +PEM_read_DSA_PUBKEY 1984 EXIST::FUNCTION:DSA +i2d_RSA_PUBKEY_bio 1985 EXIST::FUNCTION:RSA ASN1_BIT_STRING_num_asc 1986 EXIST::FUNCTION: i2d_PUBKEY 1987 EXIST::FUNCTION: ASN1_UTCTIME_free 1988 EXIST::FUNCTION: @@ -1575,8 +1575,8 @@ X509_TRUST_cleanup 2007 EXIST::FUNCTION: X509_NAME_add_entry_by_OBJ 2008 EXIST::FUNCTION: X509_CRL_get_ext_d2i 2009 EXIST::FUNCTION: X509_PURPOSE_get0_name 2011 EXIST::FUNCTION: -PEM_read_PUBKEY 2012 EXIST:!WIN16:FUNCTION: -i2d_DSA_PUBKEY_bio 2014 EXIST::FUNCTION:BIO,DSA +PEM_read_PUBKEY 2012 EXIST::FUNCTION: +i2d_DSA_PUBKEY_bio 2014 EXIST::FUNCTION:DSA i2d_OTHERNAME 2015 EXIST::FUNCTION: ASN1_OCTET_STRING_free 2016 EXIST::FUNCTION: ASN1_BIT_STRING_set_asc 2017 EXIST::FUNCTION: @@ -1595,9 +1595,9 @@ ASN1_STRING_set_default_mask 2032 EXIST::FUNCTION: X509_STORE_CTX_new 2033 EXIST::FUNCTION: EVP_PKEY_get1_RSA 2034 EXIST::FUNCTION:RSA DIRECTORYSTRING_free 2038 EXIST::FUNCTION: -PEM_write_X509_AUX 2039 EXIST:!WIN16:FUNCTION: +PEM_write_X509_AUX 2039 EXIST::FUNCTION: ASN1_OCTET_STRING_set 2040 EXIST::FUNCTION: -d2i_DSA_PUBKEY_fp 2041 EXIST::FUNCTION:DSA,FP_API +d2i_DSA_PUBKEY_fp 2041 EXIST::FUNCTION:DSA,STDIO d2i_RSA_PUBKEY 2044 EXIST::FUNCTION:RSA X509_TRUST_get0_name 2046 EXIST::FUNCTION: X509_TRUST_get0 2047 EXIST::FUNCTION: @@ -1606,7 +1606,7 @@ ASN1_IA5STRING_new 2049 EXIST::FUNCTION: d2i_DSA_PUBKEY 2050 EXIST::FUNCTION:DSA X509_check_purpose 2051 EXIST::FUNCTION: ASN1_ENUMERATED_new 2052 EXIST::FUNCTION: -d2i_RSA_PUBKEY_bio 2053 EXIST::FUNCTION:BIO,RSA +d2i_RSA_PUBKEY_bio 2053 EXIST::FUNCTION:RSA d2i_PUBKEY 2054 EXIST::FUNCTION: X509_TRUST_get_trust 2055 EXIST::FUNCTION: X509_TRUST_get_flags 2056 EXIST::FUNCTION: @@ -1634,11 +1634,11 @@ PEM_read_bio_DSA_PUBKEY 2088 EXIST::FUNCTION:DSA X509_PURPOSE_add 2090 EXIST::FUNCTION: ASN1_STRING_TABLE_get 2091 EXIST::FUNCTION: ASN1_UTF8STRING_free 2092 EXIST::FUNCTION: -d2i_DSA_PUBKEY_bio 2093 EXIST::FUNCTION:BIO,DSA -PEM_write_RSA_PUBKEY 2095 EXIST:!WIN16:FUNCTION:RSA +d2i_DSA_PUBKEY_bio 2093 EXIST::FUNCTION:DSA +PEM_write_RSA_PUBKEY 2095 EXIST::FUNCTION:RSA d2i_OTHERNAME 2096 EXIST::FUNCTION: X509_reject_set_bit 2098 NOEXIST::FUNCTION: -PEM_write_DSA_PUBKEY 2101 EXIST:!WIN16:FUNCTION:DSA +PEM_write_DSA_PUBKEY 2101 EXIST::FUNCTION:DSA X509_PURPOSE_get0_sname 2105 EXIST::FUNCTION: EVP_PKEY_set1_DH 2107 EXIST::FUNCTION:DH ASN1_OCTET_STRING_dup 2108 EXIST::FUNCTION: @@ -1646,7 +1646,7 @@ ASN1_BIT_STRING_set 2109 EXIST::FUNCTION: X509_TRUST_get_count 2110 EXIST::FUNCTION: ASN1_INTEGER_free 2111 EXIST::FUNCTION: OTHERNAME_free 2112 EXIST::FUNCTION: -i2d_RSA_PUBKEY_fp 2113 EXIST::FUNCTION:FP_API,RSA +i2d_RSA_PUBKEY_fp 2113 EXIST::FUNCTION:RSA,STDIO ASN1_INTEGER_dup 2114 EXIST::FUNCTION: d2i_X509_CERT_AUX 2115 EXIST::FUNCTION: PEM_write_bio_PUBKEY 2117 EXIST::FUNCTION: @@ -1658,7 +1658,7 @@ EVP_PKEY_get1_DH 2128 EXIST::FUNCTION:DH ASN1_OCTET_STRING_new 2130 EXIST::FUNCTION: ASN1_INTEGER_new 2131 EXIST::FUNCTION: i2d_X509_AUX 2132 EXIST::FUNCTION: -ASN1_BIT_STRING_name_print 2134 EXIST::FUNCTION:BIO +ASN1_BIT_STRING_name_print 2134 EXIST::FUNCTION: X509_cmp 2135 EXIST::FUNCTION: ASN1_STRING_length_set 2136 EXIST::FUNCTION: DIRECTORYSTRING_new 2137 EXIST::FUNCTION: @@ -1700,13 +1700,13 @@ i2d_ASN1_NULL 2173 EXIST::FUNCTION: i2d_PKCS8PrivateKey_nid_fp 2174 EXIST::FUNCTION: d2i_PKCS8PrivateKey_fp 2175 EXIST::FUNCTION: i2d_PKCS8PrivateKey_nid_bio 2176 EXIST::FUNCTION: -i2d_PKCS8PrivateKeyInfo_fp 2177 EXIST::FUNCTION:FP_API -i2d_PKCS8PrivateKeyInfo_bio 2178 EXIST::FUNCTION:BIO +i2d_PKCS8PrivateKeyInfo_fp 2177 EXIST::FUNCTION:STDIO +i2d_PKCS8PrivateKeyInfo_bio 2178 EXIST::FUNCTION: PEM_cb 2179 NOEXIST::FUNCTION: -i2d_PrivateKey_fp 2180 EXIST::FUNCTION:FP_API -d2i_PrivateKey_bio 2181 EXIST::FUNCTION:BIO -d2i_PrivateKey_fp 2182 EXIST::FUNCTION:FP_API -i2d_PrivateKey_bio 2183 EXIST::FUNCTION:BIO +i2d_PrivateKey_fp 2180 EXIST::FUNCTION:STDIO +d2i_PrivateKey_bio 2181 EXIST::FUNCTION: +d2i_PrivateKey_fp 2182 EXIST::FUNCTION:STDIO +i2d_PrivateKey_bio 2183 EXIST::FUNCTION: X509_reject_clear 2184 EXIST::FUNCTION: X509_TRUST_set_default 2185 EXIST::FUNCTION: d2i_AutoPrivateKey 2186 EXIST::FUNCTION: @@ -1744,7 +1744,7 @@ X509_REQ_add1_attr_by_txt 2217 EXIST::FUNCTION: X509_ATTRIBUTE_create_by_txt 2218 EXIST::FUNCTION: X509at_add1_attr_by_txt 2219 EXIST::FUNCTION: BN_pseudo_rand 2239 EXIST::FUNCTION: -BN_is_prime_fasttest 2240 EXIST::FUNCTION:DEPRECATED +BN_is_prime_fasttest 2240 NOEXIST::FUNCTION: BN_CTX_end 2241 EXIST::FUNCTION: BN_CTX_start 2242 EXIST::FUNCTION: BN_CTX_get 2243 EXIST::FUNCTION: @@ -1755,7 +1755,7 @@ AUTHORITY_INFO_ACCESS_new 2247 EXIST::FUNCTION: CRYPTO_get_mem_debug_options 2248 EXIST::FUNCTION: DES_crypt 2249 EXIST::FUNCTION:DES PEM_write_bio_X509_REQ_NEW 2250 EXIST::FUNCTION: -PEM_write_X509_REQ_NEW 2251 EXIST:!WIN16:FUNCTION: +PEM_write_X509_REQ_NEW 2251 EXIST::FUNCTION: BIO_callback_ctrl 2252 EXIST::FUNCTION: RAND_egd 2253 EXIST::FUNCTION: RAND_status 2254 EXIST::FUNCTION: @@ -1781,7 +1781,7 @@ DSO_METHOD_win32 2273 EXIST::FUNCTION: ERR_load_DSO_strings 2274 EXIST::FUNCTION: DSO_METHOD_dl 2275 EXIST::FUNCTION: NCONF_load 2276 EXIST::FUNCTION: -NCONF_load_fp 2278 EXIST::FUNCTION:FP_API +NCONF_load_fp 2278 EXIST::FUNCTION:STDIO NCONF_new 2279 EXIST::FUNCTION: NCONF_get_string 2280 EXIST::FUNCTION: NCONF_free 2281 EXIST::FUNCTION: @@ -1804,8 +1804,8 @@ BIO_vfree 2334 EXIST::FUNCTION: d2i_ASN1_SET_OF_ASN1_INTEGER 2339 NOEXIST::FUNCTION: d2i_ASN1_SET_OF_PKCS12_SAFEBAG 2341 NOEXIST::FUNCTION: ASN1_UTCTIME_get 2350 NOEXIST::FUNCTION: -X509_REQ_digest 2362 EXIST::FUNCTION:EVP -X509_CRL_digest 2391 EXIST::FUNCTION:EVP +X509_REQ_digest 2362 EXIST::FUNCTION: +X509_CRL_digest 2391 EXIST::FUNCTION: d2i_ASN1_SET_OF_PKCS7 2397 NOEXIST::FUNCTION: X509_ALGOR_cmp 2398 EXIST::FUNCTION: EVP_CIPHER_CTX_set_key_length 2399 EXIST::FUNCTION: @@ -1842,25 +1842,25 @@ RAND_poll 2423 EXIST::FUNCTION: c2i_ASN1_INTEGER 2424 EXIST::FUNCTION: i2c_ASN1_INTEGER 2425 EXIST::FUNCTION: BIO_dump_indent 2426 EXIST::FUNCTION: -ASN1_parse_dump 2427 EXIST::FUNCTION:BIO +ASN1_parse_dump 2427 EXIST::FUNCTION: c2i_ASN1_OBJECT 2428 EXIST::FUNCTION: -X509_NAME_print_ex_fp 2429 EXIST::FUNCTION:FP_API -ASN1_STRING_print_ex_fp 2430 EXIST::FUNCTION:FP_API -X509_NAME_print_ex 2431 EXIST::FUNCTION:BIO -ASN1_STRING_print_ex 2432 EXIST::FUNCTION:BIO +X509_NAME_print_ex_fp 2429 EXIST::FUNCTION:STDIO +ASN1_STRING_print_ex_fp 2430 EXIST::FUNCTION:STDIO +X509_NAME_print_ex 2431 EXIST::FUNCTION: +ASN1_STRING_print_ex 2432 EXIST::FUNCTION: MD4 2433 EXIST::FUNCTION:MD4 MD4_Transform 2434 EXIST::FUNCTION:MD4 MD4_Final 2435 EXIST::FUNCTION:MD4 MD4_Update 2436 EXIST::FUNCTION:MD4 MD4_Init 2437 EXIST::FUNCTION:MD4 EVP_md4 2438 EXIST::FUNCTION:MD4 -i2d_PUBKEY_bio 2439 EXIST::FUNCTION:BIO -i2d_PUBKEY_fp 2440 EXIST::FUNCTION:FP_API -d2i_PUBKEY_bio 2441 EXIST::FUNCTION:BIO +i2d_PUBKEY_bio 2439 EXIST::FUNCTION: +i2d_PUBKEY_fp 2440 EXIST::FUNCTION:STDIO +d2i_PUBKEY_bio 2441 EXIST::FUNCTION: ASN1_STRING_to_UTF8 2442 EXIST::FUNCTION: BIO_vprintf 2443 EXIST::FUNCTION: BIO_vsnprintf 2444 EXIST::FUNCTION: -d2i_PUBKEY_fp 2445 EXIST::FUNCTION:FP_API +d2i_PUBKEY_fp 2445 EXIST::FUNCTION:STDIO X509_cmp_time 2446 EXIST::FUNCTION: X509_STORE_CTX_set_time 2447 EXIST::FUNCTION: X509_STORE_CTX_get1_issuer 2448 EXIST::FUNCTION: @@ -1965,7 +1965,7 @@ X509V3_EXT_nconf 2540 EXIST::FUNCTION: ASN1_GENERALSTRING_free 2541 EXIST::FUNCTION: d2i_OCSP_CERTSTATUS 2542 EXIST::FUNCTION: X509_REVOKED_set_serialNumber 2543 EXIST::FUNCTION: -X509_print_ex 2544 EXIST::FUNCTION:BIO +X509_print_ex 2544 EXIST::FUNCTION: OCSP_ONEREQ_get1_ext_d2i 2545 EXIST::FUNCTION: ENGINE_register_all_RAND 2546 EXIST::FUNCTION:ENGINE ENGINE_load_dynamic 2547 EXIST::FUNCTION:ENGINE @@ -1974,7 +1974,7 @@ PBKDF2PARAM_it 2548 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI EXTENDED_KEY_USAGE_new 2549 EXIST::FUNCTION: EC_GROUP_clear_free 2550 EXIST::FUNCTION:EC OCSP_sendreq_bio 2551 EXIST::FUNCTION: -ASN1_item_digest 2552 EXIST::FUNCTION:EVP +ASN1_item_digest 2552 EXIST::FUNCTION: OCSP_BASICRESP_delete_ext 2553 EXIST::FUNCTION: OCSP_SIGNATURE_it 2554 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: OCSP_SIGNATURE_it 2554 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -1991,19 +1991,19 @@ i2d_OCSP_SERVICELOC 2562 EXIST::FUNCTION: ENGINE_get_digest_engine 2563 EXIST::FUNCTION:ENGINE EC_GROUP_set_curve_GFp 2564 EXIST::FUNCTION:EC OCSP_REQUEST_get_ext_by_OBJ 2565 EXIST::FUNCTION: -_ossl_old_des_random_key 2566 EXIST::FUNCTION:DES +_ossl_old_des_random_key 2566 NOEXIST::FUNCTION: ASN1_T61STRING_it 2567 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_T61STRING_it 2567 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: EC_GROUP_method_of 2568 EXIST::FUNCTION:EC i2d_KRB5_APREQ 2569 EXIST::FUNCTION: -_ossl_old_des_encrypt 2570 EXIST::FUNCTION:DES +_ossl_old_des_encrypt 2570 NOEXIST::FUNCTION: ASN1_PRINTABLE_new 2571 EXIST::FUNCTION: HMAC_Init_ex 2572 EXIST::FUNCTION:HMAC d2i_KRB5_AUTHENT 2573 EXIST::FUNCTION: OCSP_archive_cutoff_new 2574 EXIST::FUNCTION: EC_POINT_set_Jprojective_coordinates_GFp 2575 EXIST:!VMS:FUNCTION:EC EC_POINT_set_Jproj_coords_GFp 2575 EXIST:VMS:FUNCTION:EC -_ossl_old_des_is_weak_key 2576 EXIST::FUNCTION:DES +_ossl_old_des_is_weak_key 2576 NOEXIST::FUNCTION: OCSP_BASICRESP_get_ext_by_OBJ 2577 EXIST::FUNCTION: EC_POINT_oct2point 2578 EXIST::FUNCTION:EC OCSP_SINGLERESP_get_ext_count 2579 EXIST::FUNCTION: @@ -2044,7 +2044,7 @@ ENGINE_register_RAND 2609 EXIST::FUNCTION:ENGINE OCSP_SERVICELOC_new 2610 EXIST::FUNCTION: EC_POINT_set_affine_coordinates_GFp 2611 EXIST:!VMS:FUNCTION:EC EC_POINT_set_affine_coords_GFp 2611 EXIST:VMS:FUNCTION:EC -_ossl_old_des_options 2612 EXIST::FUNCTION:DES +_ossl_old_des_options 2612 NOEXIST::FUNCTION: SXNET_it 2613 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: SXNET_it 2613 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: UI_dup_input_boolean 2614 EXIST::FUNCTION: @@ -2096,7 +2096,7 @@ PKCS12_it 2651 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI OCSP_SINGLERESP_get_ext_by_critical 2652 EXIST:!VMS:FUNCTION: OCSP_SINGLERESP_get_ext_by_crit 2652 EXIST:VMS:FUNCTION: OCSP_CERTSTATUS_free 2653 EXIST::FUNCTION: -_ossl_old_des_crypt 2654 EXIST::FUNCTION:DES +_ossl_old_des_crypt 2654 NOEXIST::FUNCTION: ASN1_item_i2d 2655 EXIST::FUNCTION: EVP_DecryptFinal_ex 2656 EXIST::FUNCTION: ENGINE_load_openssl 2657 EXIST::FUNCTION:ENGINE @@ -2109,7 +2109,7 @@ X509_get0_pubkey_bitstr 2662 EXIST::FUNCTION: asn1_ex_i2c 2663 EXIST::FUNCTION: ENGINE_register_RSA 2664 EXIST::FUNCTION:ENGINE ENGINE_unregister_DSA 2665 EXIST::FUNCTION:ENGINE -_ossl_old_des_key_sched 2666 EXIST::FUNCTION:DES +_ossl_old_des_key_sched 2666 NOEXIST::FUNCTION: X509_EXTENSION_it 2667 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_EXTENSION_it 2667 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: i2d_KRB5_AUTHENT 2668 EXIST::FUNCTION: @@ -2118,7 +2118,7 @@ SXNETID_it 2669 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI d2i_OCSP_SINGLERESP 2670 EXIST::FUNCTION: EDIPARTYNAME_new 2671 EXIST::FUNCTION: PKCS12_certbag2x509 2672 EXIST::FUNCTION: -_ossl_old_des_ofb64_encrypt 2673 EXIST::FUNCTION:DES +_ossl_old_des_ofb64_encrypt 2673 NOEXIST::FUNCTION: d2i_EXTENDED_KEY_USAGE 2674 EXIST::FUNCTION: ERR_print_errors_cb 2675 EXIST::FUNCTION: ENGINE_set_ciphers 2676 EXIST::FUNCTION:ENGINE @@ -2126,7 +2126,7 @@ d2i_KRB5_APREQBODY 2677 EXIST::FUNCTION: UI_method_get_flusher 2678 EXIST::FUNCTION: X509_PUBKEY_it 2679 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_PUBKEY_it 2679 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -_ossl_old_des_enc_read 2680 EXIST::FUNCTION:DES +_ossl_old_des_enc_read 2680 NOEXIST::FUNCTION: PKCS7_ENCRYPT_it 2681 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKCS7_ENCRYPT_it 2681 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: i2d_OCSP_RESPONSE 2682 EXIST::FUNCTION: @@ -2154,8 +2154,8 @@ EC_GROUP_get_order 2701 EXIST::FUNCTION:EC d2i_OCSP_RESPID 2702 EXIST::FUNCTION: OCSP_request_verify 2703 EXIST::FUNCTION: NCONF_get_number_e 2704 EXIST::FUNCTION: -_ossl_old_des_decrypt3 2705 EXIST::FUNCTION:DES -X509_signature_print 2706 EXIST::FUNCTION:EVP +_ossl_old_des_decrypt3 2705 NOEXIST::FUNCTION: +X509_signature_print 2706 EXIST::FUNCTION: OCSP_SINGLERESP_free 2707 EXIST::FUNCTION: ENGINE_load_builtin_engines 2708 EXIST::FUNCTION:ENGINE i2d_OCSP_ONEREQ 2709 EXIST::FUNCTION: @@ -2178,13 +2178,13 @@ ASN1_IA5STRING_it 2722 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA ASN1_IA5STRING_it 2722 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: UI_get_input_flags 2723 EXIST::FUNCTION: EC_GROUP_set_generator 2724 EXIST::FUNCTION:EC -_ossl_old_des_string_to_2keys 2725 EXIST::FUNCTION:DES +_ossl_old_des_string_to_2keys 2725 NOEXIST::FUNCTION: OCSP_CERTID_free 2726 EXIST::FUNCTION: X509_CERT_AUX_it 2727 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_CERT_AUX_it 2727 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: CERTIFICATEPOLICIES_it 2728 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: CERTIFICATEPOLICIES_it 2728 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -_ossl_old_des_ede3_cbc_encrypt 2729 EXIST::FUNCTION:DES +_ossl_old_des_ede3_cbc_encrypt 2729 NOEXIST::FUNCTION: RAND_set_rand_engine 2730 EXIST::FUNCTION:ENGINE DSO_get_loaded_filename 2731 EXIST::FUNCTION: X509_ATTRIBUTE_it 2732 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2200,7 +2200,7 @@ i2d_OCSP_REQUEST 2738 EXIST::FUNCTION: PKCS12_x509crl2certbag 2739 EXIST::FUNCTION: OCSP_SERVICELOC_it 2740 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: OCSP_SERVICELOC_it 2740 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ASN1_item_sign 2741 EXIST::FUNCTION:EVP +ASN1_item_sign 2741 EXIST::FUNCTION: X509_CRL_set_issuer_name 2742 EXIST::FUNCTION: OBJ_NAME_do_all_sorted 2743 EXIST::FUNCTION: i2d_OCSP_BASICRESP 2744 EXIST::FUNCTION: @@ -2231,7 +2231,7 @@ ENGINE_register_DSA 2762 EXIST::FUNCTION:ENGINE X509V3_EXT_add_nconf_sk 2763 EXIST::FUNCTION: ENGINE_set_load_pubkey_function 2764 EXIST::FUNCTION:ENGINE PKCS8_decrypt 2765 EXIST::FUNCTION: -PEM_bytes_read_bio 2766 EXIST::FUNCTION:BIO +PEM_bytes_read_bio 2766 EXIST::FUNCTION: DIRECTORYSTRING_it 2767 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: DIRECTORYSTRING_it 2767 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: d2i_OCSP_CRLID 2768 EXIST::FUNCTION: @@ -2244,8 +2244,8 @@ X509_it 2773 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA X509_it 2773 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: BN_mod_add 2774 EXIST::FUNCTION: KRB5_AUTHDATA_free 2775 EXIST::FUNCTION: -_ossl_old_des_cbc_cksum 2776 EXIST::FUNCTION:DES -ASN1_item_verify 2777 EXIST::FUNCTION:EVP +_ossl_old_des_cbc_cksum 2776 NOEXIST::FUNCTION: +ASN1_item_verify 2777 EXIST::FUNCTION: CRYPTO_set_mem_ex_functions 2778 EXIST::FUNCTION: EC_POINT_get_Jprojective_coordinates_GFp 2779 EXIST:!VMS:FUNCTION:EC EC_POINT_get_Jproj_coords_GFp 2779 EXIST:VMS:FUNCTION:EC @@ -2257,13 +2257,13 @@ ASN1_TIME_check 2782 EXIST::FUNCTION: UI_get0_user_data 2783 EXIST::FUNCTION: HMAC_CTX_cleanup 2784 EXIST::FUNCTION:HMAC DSA_up_ref 2785 EXIST::FUNCTION:DSA -_ossl_old_des_ede3_cfb64_encrypt 2786 EXIST:!VMS:FUNCTION:DES -_ossl_odes_ede3_cfb64_encrypt 2786 EXIST:VMS:FUNCTION:DES +_ossl_odes_ede3_cfb64_encrypt 2786 NOEXIST::FUNCTION: +_ossl_old_des_ede3_cfb64_encrypt 2786 NOEXIST::FUNCTION: ASN1_BMPSTRING_it 2787 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_BMPSTRING_it 2787 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: ASN1_tag2bit 2788 EXIST::FUNCTION: UI_method_set_flusher 2789 EXIST::FUNCTION: -X509_ocspid_print 2790 EXIST::FUNCTION:BIO +X509_ocspid_print 2790 EXIST::FUNCTION: KRB5_ENCDATA_it 2791 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: KRB5_ENCDATA_it 2791 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: ENGINE_get_load_pubkey_function 2792 EXIST::FUNCTION:ENGINE @@ -2289,7 +2289,7 @@ AUTHORITY_INFO_ACCESS_it 2805 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI ASN1_FBOOLEAN_it 2806 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_FBOOLEAN_it 2806 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: UI_set_ex_data 2807 EXIST::FUNCTION: -_ossl_old_des_string_to_key 2808 EXIST::FUNCTION:DES +_ossl_old_des_string_to_key 2808 NOEXIST::FUNCTION: ENGINE_register_all_RSA 2809 EXIST::FUNCTION:ENGINE d2i_KRB5_PRINCNAME 2810 EXIST::FUNCTION: OCSP_RESPBYTES_it 2811 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2300,7 +2300,7 @@ ENGINE_unregister_digests 2813 EXIST::FUNCTION:ENGINE d2i_EDIPARTYNAME 2814 EXIST::FUNCTION: d2i_OCSP_SERVICELOC 2815 EXIST::FUNCTION: ENGINE_get_digests 2816 EXIST::FUNCTION:ENGINE -_ossl_old_des_set_odd_parity 2817 EXIST::FUNCTION:DES +_ossl_old_des_set_odd_parity 2817 NOEXIST::FUNCTION: OCSP_RESPDATA_free 2818 EXIST::FUNCTION: d2i_KRB5_TICKET 2819 EXIST::FUNCTION: OTHERNAME_it 2820 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2320,7 +2320,7 @@ EC_POINT_mul 2831 EXIST::FUNCTION:EC X509V3_EXT_add_nconf 2832 EXIST::FUNCTION: X509_TRUST_set 2833 EXIST::FUNCTION: X509_CRL_add1_ext_i2d 2834 EXIST::FUNCTION: -_ossl_old_des_fcrypt 2835 EXIST::FUNCTION:DES +_ossl_old_des_fcrypt 2835 NOEXIST::FUNCTION: DISPLAYTEXT_it 2836 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: DISPLAYTEXT_it 2836 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: X509_CRL_set_lastUpdate 2837 EXIST::FUNCTION: @@ -2342,11 +2342,11 @@ UI_get0_action_string 2850 EXIST::FUNCTION: OCSP_ONEREQ_get_ext 2851 EXIST::FUNCTION: EC_POINT_method_of 2852 EXIST::FUNCTION:EC i2d_KRB5_APREQBODY 2853 EXIST::FUNCTION: -_ossl_old_des_ecb3_encrypt 2854 EXIST::FUNCTION:DES +_ossl_old_des_ecb3_encrypt 2854 NOEXIST::FUNCTION: CRYPTO_get_mem_ex_functions 2855 EXIST::FUNCTION: ENGINE_get_ex_data 2856 EXIST::FUNCTION:ENGINE UI_destroy_method 2857 EXIST::FUNCTION: -ASN1_item_i2d_bio 2858 EXIST::FUNCTION:BIO +ASN1_item_i2d_bio 2858 EXIST::FUNCTION: OCSP_ONEREQ_get_ext_by_OBJ 2859 EXIST::FUNCTION: ASN1_primitive_new 2860 EXIST::FUNCTION: ASN1_PRINTABLE_it 2861 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2359,7 +2359,7 @@ ASN1_VISIBLESTRING_it 2865 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA ASN1_VISIBLESTRING_it 2865 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: OCSP_SINGLERESP_add1_ext_i2d 2866 EXIST::FUNCTION: d2i_OCSP_CERTID 2867 EXIST::FUNCTION: -ASN1_item_d2i_fp 2868 EXIST::FUNCTION:FP_API +ASN1_item_d2i_fp 2868 EXIST::FUNCTION:STDIO CRL_DIST_POINTS_it 2869 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: CRL_DIST_POINTS_it 2869 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: GENERAL_NAME_print 2870 EXIST::FUNCTION: @@ -2375,7 +2375,7 @@ ASN1_BIT_STRING_it 2878 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA ASN1_BIT_STRING_it 2878 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: X509_REQ_it 2879 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_REQ_it 2879 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -_ossl_old_des_cbc_encrypt 2880 EXIST::FUNCTION:DES +_ossl_old_des_cbc_encrypt 2880 NOEXIST::FUNCTION: ERR_unload_strings 2881 EXIST::FUNCTION: PKCS7_SIGN_ENVELOPE_it 2882 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKCS7_SIGN_ENVELOPE_it 2882 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2391,7 +2391,7 @@ asn1_enc_restore 2891 EXIST::FUNCTION: UI_free 2892 EXIST::FUNCTION: UI_new_method 2893 EXIST::FUNCTION: EVP_EncryptInit_ex 2894 EXIST::FUNCTION: -X509_pubkey_digest 2895 EXIST::FUNCTION:EVP +X509_pubkey_digest 2895 EXIST::FUNCTION: EC_POINT_invert 2896 EXIST::FUNCTION:EC OCSP_basic_sign 2897 EXIST::FUNCTION: i2d_OCSP_RESPID 2898 EXIST::FUNCTION: @@ -2469,7 +2469,7 @@ OCSP_id_get0_info 2960 EXIST::FUNCTION: BN_mod_sqrt 2961 EXIST::FUNCTION: EC_GROUP_copy 2962 EXIST::FUNCTION:EC KRB5_ENCDATA_free 2963 EXIST::FUNCTION: -_ossl_old_des_cfb_encrypt 2964 EXIST::FUNCTION:DES +_ossl_old_des_cfb_encrypt 2964 NOEXIST::FUNCTION: OCSP_SINGLERESP_get_ext_by_OBJ 2965 EXIST::FUNCTION: OCSP_cert_to_id 2966 EXIST::FUNCTION: OCSP_RESPID_new 2967 EXIST::FUNCTION: @@ -2497,7 +2497,7 @@ KRB5_APREQ_new 2984 EXIST::FUNCTION: EC_GROUP_get_curve_GFp 2985 EXIST::FUNCTION:EC KRB5_ENCKEY_new 2986 EXIST::FUNCTION: ASN1_template_d2i 2987 EXIST::FUNCTION: -_ossl_old_des_quad_cksum 2988 EXIST::FUNCTION:DES +_ossl_old_des_quad_cksum 2988 NOEXIST::FUNCTION: OCSP_single_get0_status 2989 EXIST::FUNCTION: BN_swap 2990 EXIST::FUNCTION: POLICYINFO_it 2991 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2509,8 +2509,8 @@ OCSP_RESPID_it 2994 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI EC_GROUP_new 2995 EXIST::FUNCTION:EC EVP_aes_256_cbc 2996 EXIST::FUNCTION:AES i2d_KRB5_PRINCNAME 2997 EXIST::FUNCTION: -_ossl_old_des_encrypt2 2998 EXIST::FUNCTION:DES -_ossl_old_des_encrypt3 2999 EXIST::FUNCTION:DES +_ossl_old_des_encrypt2 2998 NOEXIST::FUNCTION: +_ossl_old_des_encrypt3 2999 NOEXIST::FUNCTION: PKCS8_PRIV_KEY_INFO_it 3000 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKCS8_PRIV_KEY_INFO_it 3000 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: OCSP_REQINFO_it 3001 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2528,20 +2528,20 @@ ENGINE_get_cipher_engine 3008 EXIST::FUNCTION:ENGINE ENGINE_register_all_ciphers 3009 EXIST::FUNCTION:ENGINE EC_POINT_copy 3010 EXIST::FUNCTION:EC BN_kronecker 3011 EXIST::FUNCTION: -_ossl_old_des_ede3_ofb64_encrypt 3012 EXIST:!VMS:FUNCTION:DES -_ossl_odes_ede3_ofb64_encrypt 3012 EXIST:VMS:FUNCTION:DES +_ossl_odes_ede3_ofb64_encrypt 3012 NOEXIST::FUNCTION: +_ossl_old_des_ede3_ofb64_encrypt 3012 NOEXIST::FUNCTION: UI_method_get_reader 3013 EXIST::FUNCTION: OCSP_BASICRESP_get_ext_count 3014 EXIST::FUNCTION: ASN1_ENUMERATED_it 3015 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_ENUMERATED_it 3015 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: UI_set_result 3016 EXIST::FUNCTION: i2d_KRB5_TICKET 3017 EXIST::FUNCTION: -X509_print_ex_fp 3018 EXIST::FUNCTION:FP_API +X509_print_ex_fp 3018 EXIST::FUNCTION:STDIO EVP_CIPHER_CTX_set_padding 3019 EXIST::FUNCTION: d2i_OCSP_RESPONSE 3020 EXIST::FUNCTION: ASN1_UTCTIME_it 3021 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_UTCTIME_it 3021 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -_ossl_old_des_enc_write 3022 EXIST::FUNCTION:DES +_ossl_old_des_enc_write 3022 NOEXIST::FUNCTION: OCSP_RESPONSE_new 3023 EXIST::FUNCTION: AES_set_encrypt_key 3024 EXIST::FUNCTION:AES OCSP_resp_count 3025 EXIST::FUNCTION: @@ -2559,7 +2559,7 @@ OCSP_REQUEST_new 3034 EXIST::FUNCTION: ASN1_ANY_it 3035 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_ANY_it 3035 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: CRYPTO_ex_data_new_class 3036 EXIST::FUNCTION: -_ossl_old_des_ncbc_encrypt 3037 EXIST::FUNCTION:DES +_ossl_old_des_ncbc_encrypt 3037 NOEXIST::FUNCTION: i2d_KRB5_TKTBODY 3038 EXIST::FUNCTION: EC_POINT_clear_free 3039 EXIST::FUNCTION:EC AES_decrypt 3040 EXIST::FUNCTION:AES @@ -2578,7 +2578,7 @@ i2d_EXTENDED_KEY_USAGE 3052 EXIST::FUNCTION: i2d_OCSP_SIGNATURE 3053 EXIST::FUNCTION: asn1_enc_save 3054 EXIST::FUNCTION: ENGINE_load_nuron 3055 EXIST::FUNCTION:ENGINE,STATIC_ENGINE -_ossl_old_des_pcbc_encrypt 3056 EXIST::FUNCTION:DES +_ossl_old_des_pcbc_encrypt 3056 NOEXIST::FUNCTION: PKCS12_MAC_DATA_it 3057 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKCS12_MAC_DATA_it 3057 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: OCSP_accept_responses_new 3058 EXIST::FUNCTION: @@ -2590,12 +2590,12 @@ KRB5_APREQBODY_it 3061 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI i2d_OCSP_SINGLERESP 3062 EXIST::FUNCTION: ASN1_item_ex_new 3063 EXIST::FUNCTION: UI_add_verify_string 3064 EXIST::FUNCTION: -_ossl_old_des_set_key 3065 EXIST::FUNCTION:DES +_ossl_old_des_set_key 3065 NOEXIST::FUNCTION: KRB5_PRINCNAME_it 3066 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: KRB5_PRINCNAME_it 3066 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: EVP_DecryptInit_ex 3067 EXIST::FUNCTION: i2d_OCSP_CERTID 3068 EXIST::FUNCTION: -ASN1_item_d2i_bio 3069 EXIST::FUNCTION:BIO +ASN1_item_d2i_bio 3069 EXIST::FUNCTION: EC_POINT_dbl 3070 EXIST::FUNCTION:EC asn1_get_choice_selector 3071 EXIST::FUNCTION: i2d_KRB5_CHECKSUM 3072 EXIST::FUNCTION: @@ -2614,9 +2614,9 @@ OCSP_BASICRESP_get_ext_by_NID 3083 EXIST::FUNCTION: DIST_POINT_NAME_it 3084 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: DIST_POINT_NAME_it 3084 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: X509V3_extensions_print 3085 EXIST::FUNCTION: -_ossl_old_des_cfb64_encrypt 3086 EXIST::FUNCTION:DES +_ossl_old_des_cfb64_encrypt 3086 NOEXIST::FUNCTION: X509_REVOKED_add1_ext_i2d 3087 EXIST::FUNCTION: -_ossl_old_des_ofb_encrypt 3088 EXIST::FUNCTION:DES +_ossl_old_des_ofb_encrypt 3088 NOEXIST::FUNCTION: KRB5_TKTBODY_new 3089 EXIST::FUNCTION: ASN1_OCTET_STRING_it 3090 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_OCTET_STRING_it 3090 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2624,7 +2624,7 @@ ERR_load_UI_strings 3091 EXIST::FUNCTION: i2d_KRB5_ENCKEY 3092 EXIST::FUNCTION: ASN1_template_new 3093 EXIST::FUNCTION: OCSP_SIGNATURE_free 3094 EXIST::FUNCTION: -ASN1_item_i2d_fp 3095 EXIST::FUNCTION:FP_API +ASN1_item_i2d_fp 3095 EXIST::FUNCTION:STDIO KRB5_PRINCNAME_free 3096 EXIST::FUNCTION: PKCS7_RECIP_INFO_it 3097 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKCS7_RECIP_INFO_it 3097 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2705,13 +2705,13 @@ EVP_aes_192_cbc 3155 EXIST::FUNCTION:AES KRB5_TICKET_free 3156 EXIST::FUNCTION: UI_new 3157 EXIST::FUNCTION: OCSP_response_create 3158 EXIST::FUNCTION: -_ossl_old_des_xcbc_encrypt 3159 EXIST::FUNCTION:DES +_ossl_old_des_xcbc_encrypt 3159 NOEXIST::FUNCTION: PKCS7_it 3160 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKCS7_it 3160 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: OCSP_REQUEST_get_ext_by_critical 3161 EXIST:!VMS:FUNCTION: OCSP_REQUEST_get_ext_by_crit 3161 EXIST:VMS:FUNCTION: ENGINE_set_flags 3162 EXIST::FUNCTION:ENGINE -_ossl_old_des_ecb_encrypt 3163 EXIST::FUNCTION:DES +_ossl_old_des_ecb_encrypt 3163 NOEXIST::FUNCTION: OCSP_response_get1_basic 3164 EXIST::FUNCTION: EVP_Digest 3165 EXIST::FUNCTION: OCSP_ONEREQ_delete_ext 3166 EXIST::FUNCTION: @@ -2774,7 +2774,7 @@ AES_ofb128_encrypt 3215 EXIST::FUNCTION:AES AES_ctr128_encrypt 3216 NOEXIST::FUNCTION: AES_cfb128_encrypt 3217 EXIST::FUNCTION:AES ENGINE_load_4758cca 3218 EXIST::FUNCTION:ENGINE,STATIC_ENGINE -_ossl_096_des_random_seed 3219 EXIST::FUNCTION:DES +_ossl_096_des_random_seed 3219 NOEXIST::FUNCTION: EVP_aes_256_ofb 3220 EXIST::FUNCTION:AES EVP_aes_192_ofb 3221 EXIST::FUNCTION:AES EVP_aes_128_cfb128 3222 EXIST::FUNCTION:AES @@ -2793,7 +2793,7 @@ ASN1_UNIVERSALSTRING_it 3234 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA ASN1_UNIVERSALSTRING_it 3234 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: d2i_ASN1_UNIVERSALSTRING 3235 EXIST::FUNCTION: EVP_des_ede3_ecb 3236 EXIST::FUNCTION:DES -X509_REQ_print_ex 3237 EXIST::FUNCTION:BIO +X509_REQ_print_ex 3237 EXIST::FUNCTION: ENGINE_up_ref 3238 EXIST::FUNCTION:ENGINE BUF_MEM_grow_clean 3239 EXIST::FUNCTION: CRYPTO_realloc_clean 3240 EXIST::FUNCTION: @@ -2803,7 +2803,7 @@ BUF_strlcpy 3243 EXIST::FUNCTION: OpenSSLDie 3244 EXIST::FUNCTION: OPENSSL_cleanse 3245 EXIST::FUNCTION: ENGINE_setup_bsd_cryptodev 3246 EXIST:__FreeBSD__:FUNCTION:ENGINE -ERR_release_err_state_table 3247 EXIST::FUNCTION:LHASH +ERR_release_err_state_table 3247 EXIST::FUNCTION: EVP_aes_128_cfb8 3248 EXIST::FUNCTION:AES FIPS_corrupt_rsa 3249 NOEXIST::FUNCTION: FIPS_selftest_des 3250 NOEXIST::FUNCTION: @@ -2870,10 +2870,10 @@ PROXY_POLICY_free 3308 EXIST::FUNCTION: PROXY_POLICY_new 3309 EXIST::FUNCTION: BN_MONT_CTX_set_locked 3310 EXIST::FUNCTION: FIPS_selftest_rng 3311 NOEXIST::FUNCTION: -EVP_sha384 3312 EXIST:!VMSVAX:FUNCTION:SHA,SHA512 -EVP_sha512 3313 EXIST:!VMSVAX:FUNCTION:SHA,SHA512 -EVP_sha224 3314 EXIST::FUNCTION:SHA,SHA256 -EVP_sha256 3315 EXIST::FUNCTION:SHA,SHA256 +EVP_sha384 3312 EXIST:!VMSVAX:FUNCTION: +EVP_sha512 3313 EXIST:!VMSVAX:FUNCTION: +EVP_sha224 3314 EXIST::FUNCTION: +EVP_sha256 3315 EXIST::FUNCTION: FIPS_selftest_hmac 3316 NOEXIST::FUNCTION: FIPS_corrupt_rng 3317 NOEXIST::FUNCTION: BN_mod_exp_mont_consttime 3318 EXIST::FUNCTION: @@ -2899,7 +2899,7 @@ STORE_method_set_list_start_function 3336 NOEXIST::FUNCTION: BN_BLINDING_invert_ex 3337 EXIST::FUNCTION: NAME_CONSTRAINTS_free 3338 EXIST::FUNCTION: STORE_ATTR_INFO_set_number 3339 NOEXIST::FUNCTION: -BN_BLINDING_get_thread_id 3340 EXIST::FUNCTION:DEPRECATED +BN_BLINDING_get_thread_id 3340 NOEXIST::FUNCTION: X509_STORE_CTX_set0_param 3341 EXIST::FUNCTION: POLICY_MAPPING_it 3342 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: POLICY_MAPPING_it 3342 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2918,7 +2918,7 @@ EC_KEY_new_by_curve_name 3353 EXIST::FUNCTION:EC STORE_meth_get_update_store_fn 3354 NOEXIST::FUNCTION: STORE_method_get_update_store_function 3354 NOEXIST::FUNCTION: ENGINE_register_ECDH 3355 EXIST::FUNCTION:ENGINE -SHA512_Update 3356 EXIST:!VMSVAX:FUNCTION:SHA,SHA512 +SHA512_Update 3356 EXIST:!VMSVAX:FUNCTION: i2d_ECPrivateKey 3357 EXIST::FUNCTION:EC BN_get0_nist_prime_192 3358 EXIST::FUNCTION: STORE_modify_certificate 3359 NOEXIST::FUNCTION: @@ -2933,7 +2933,7 @@ BN_GF2m_mod_mul_arr 3366 EXIST::FUNCTION:EC2M STORE_list_public_key_endp 3367 NOEXIST::FUNCTION: o2i_ECPublicKey 3368 EXIST::FUNCTION:EC EC_KEY_copy 3369 EXIST::FUNCTION:EC -BIO_dump_fp 3370 EXIST::FUNCTION:FP_API +BIO_dump_fp 3370 EXIST::FUNCTION:STDIO X509_policy_node_get0_parent 3371 EXIST::FUNCTION: EC_GROUP_check_discriminant 3372 EXIST::FUNCTION:EC i2o_ECPublicKey 3373 EXIST::FUNCTION:EC @@ -2999,7 +2999,7 @@ STORE_meth_set_list_end_fn 3427 NOEXIST::FUNCTION: STORE_method_set_list_end_function 3427 NOEXIST::FUNCTION: pqueue_print 3428 EXIST::FUNCTION: EC_GROUP_have_precompute_mult 3429 EXIST::FUNCTION:EC -EC_KEY_print_fp 3430 EXIST::FUNCTION:EC,FP_API +EC_KEY_print_fp 3430 EXIST::FUNCTION:EC,STDIO BN_GF2m_mod_arr 3431 EXIST::FUNCTION:EC2M PEM_write_bio_X509_CERT_PAIR 3432 EXIST::FUNCTION: EVP_PKEY_cmp 3433 EXIST::FUNCTION: @@ -3022,8 +3022,8 @@ X509_pcy_node_get0_qualifiers 3448 EXIST:VMS:FUNCTION: STORE_list_crl_end 3449 NOEXIST::FUNCTION: EVP_PKEY_set1_EC_KEY 3450 EXIST::FUNCTION:EC BN_GF2m_mod_sqrt_arr 3451 EXIST::FUNCTION:EC2M -i2d_ECPrivateKey_bio 3452 EXIST::FUNCTION:BIO,EC -ECPKParameters_print_fp 3453 EXIST::FUNCTION:EC,FP_API +i2d_ECPrivateKey_bio 3452 EXIST::FUNCTION:EC +ECPKParameters_print_fp 3453 EXIST::FUNCTION:EC,STDIO pqueue_find 3454 EXIST::FUNCTION: ECDSA_SIG_free 3455 EXIST::FUNCTION:ECDSA PEM_write_bio_ECPKParameters 3456 EXIST::FUNCTION:EC @@ -3050,13 +3050,13 @@ STORE_meth_set_generate_fn 3476 NOEXIST::FUNCTION: STORE_method_set_generate_function 3476 NOEXIST::FUNCTION: ENGINE_set_ECDH 3477 EXIST::FUNCTION:ENGINE NAME_CONSTRAINTS_new 3478 EXIST::FUNCTION: -SHA256_Init 3479 EXIST::FUNCTION:SHA,SHA256 +SHA256_Init 3479 EXIST::FUNCTION: EC_KEY_get0_public_key 3480 EXIST::FUNCTION:EC PEM_write_bio_EC_PUBKEY 3481 EXIST::FUNCTION:EC STORE_ATTR_INFO_set_cstr 3482 NOEXIST::FUNCTION: STORE_list_crl_next 3483 NOEXIST::FUNCTION: STORE_ATTR_INFO_in_range 3484 NOEXIST::FUNCTION: -ECParameters_print 3485 EXIST::FUNCTION:BIO,EC +ECParameters_print 3485 EXIST::FUNCTION:EC STORE_meth_set_delete_fn 3486 NOEXIST::FUNCTION: STORE_method_set_delete_function 3486 NOEXIST::FUNCTION: STORE_list_certificate_next 3487 NOEXIST::FUNCTION: @@ -3081,11 +3081,11 @@ BN_is_prime_ex 3503 EXIST::FUNCTION: STORE_revoke_public_key 3504 NOEXIST::FUNCTION: X509_STORE_CTX_get0_param 3505 EXIST::FUNCTION: STORE_delete_arbitrary 3506 NOEXIST::FUNCTION: -PEM_read_X509_CERT_PAIR 3507 EXIST:!WIN16:FUNCTION: +PEM_read_X509_CERT_PAIR 3507 EXIST::FUNCTION: X509_STORE_set_depth 3508 EXIST::FUNCTION: ECDSA_get_ex_data 3509 EXIST::FUNCTION:ECDSA -SHA224 3510 EXIST::FUNCTION:SHA,SHA256 -BIO_dump_indent_fp 3511 EXIST::FUNCTION:FP_API +SHA224 3510 EXIST::FUNCTION: +BIO_dump_indent_fp 3511 EXIST::FUNCTION:STDIO EC_KEY_set_group 3512 EXIST::FUNCTION:EC BUF_strndup 3513 EXIST::FUNCTION: STORE_list_certificate_start 3514 NOEXIST::FUNCTION: @@ -3129,21 +3129,21 @@ POLICY_CONSTRAINTS_new 3547 EXIST::FUNCTION: BN_GF2m_mod_sqrt 3548 EXIST::FUNCTION:EC2M ECDH_set_default_method 3549 EXIST::FUNCTION:ECDH EC_KEY_generate_key 3550 EXIST::FUNCTION:EC -SHA384_Update 3551 EXIST:!VMSVAX:FUNCTION:SHA,SHA512 +SHA384_Update 3551 EXIST:!VMSVAX:FUNCTION: BN_GF2m_arr2poly 3552 EXIST::FUNCTION:EC2M STORE_method_get_get_function 3553 NOEXIST::FUNCTION: STORE_meth_set_cleanup_fn 3554 NOEXIST::FUNCTION: STORE_method_set_cleanup_function 3554 NOEXIST::FUNCTION: EC_GROUP_check 3555 EXIST::FUNCTION:EC -d2i_ECPrivateKey_bio 3556 EXIST::FUNCTION:BIO,EC +d2i_ECPrivateKey_bio 3556 EXIST::FUNCTION:EC EC_KEY_insert_key_method_data 3557 EXIST::FUNCTION:EC STORE_meth_get_lock_store_fn 3558 NOEXIST::FUNCTION: STORE_method_get_lock_store_function 3558 NOEXIST::FUNCTION: X509_VERIFY_PARAM_get_depth 3559 EXIST::FUNCTION: -SHA224_Final 3560 EXIST::FUNCTION:SHA,SHA256 +SHA224_Final 3560 EXIST::FUNCTION: STORE_meth_set_update_store_fn 3561 NOEXIST::FUNCTION: STORE_method_set_update_store_function 3561 NOEXIST::FUNCTION: -SHA224_Update 3562 EXIST::FUNCTION:SHA,SHA256 +SHA224_Update 3562 EXIST::FUNCTION: d2i_ECPrivateKey 3563 EXIST::FUNCTION:EC ASN1_item_ndef_i2d 3564 EXIST::FUNCTION: STORE_delete_private_key 3565 NOEXIST::FUNCTION: @@ -3162,12 +3162,12 @@ STORE_store_public_key 3577 NOEXIST::FUNCTION: X509_CERT_PAIR_free 3578 EXIST::FUNCTION: STORE_revoke_private_key 3579 NOEXIST::FUNCTION: BN_nist_mod_224 3580 EXIST::FUNCTION: -SHA512_Final 3581 EXIST:!VMSVAX:FUNCTION:SHA,SHA512 +SHA512_Final 3581 EXIST:!VMSVAX:FUNCTION: STORE_ATTR_INFO_modify_dn 3582 NOEXIST::FUNCTION: STORE_meth_get_initialise_fn 3583 NOEXIST::FUNCTION: STORE_method_get_initialise_function 3583 NOEXIST::FUNCTION: STORE_delete_number 3584 NOEXIST::FUNCTION: -i2d_EC_PUBKEY_bio 3585 EXIST::FUNCTION:BIO,EC +i2d_EC_PUBKEY_bio 3585 EXIST::FUNCTION:EC BIO_dgram_non_fatal_error 3586 EXIST::FUNCTION: EC_GROUP_get_asn1_flag 3587 EXIST::FUNCTION:EC STORE_ATTR_INFO_in_ex 3588 NOEXIST::FUNCTION: @@ -3192,9 +3192,9 @@ STORE_method_set_unlock_store_function 3603 NOEXIST::FUNCTION: BN_GF2m_mod_div_arr 3604 EXIST::FUNCTION:EC2M ENGINE_set_ECDSA 3605 EXIST::FUNCTION:ENGINE STORE_create_method 3606 NOEXIST::FUNCTION: -ECPKParameters_print 3607 EXIST::FUNCTION:BIO,EC +ECPKParameters_print 3607 EXIST::FUNCTION:EC EC_KEY_get0_private_key 3608 EXIST::FUNCTION:EC -PEM_write_EC_PUBKEY 3609 EXIST:!WIN16:FUNCTION:EC +PEM_write_EC_PUBKEY 3609 EXIST::FUNCTION:EC X509_VERIFY_PARAM_set1 3610 EXIST::FUNCTION: ECDH_set_method 3611 EXIST::FUNCTION:ECDH v2i_GENERAL_NAME_ex 3612 EXIST::FUNCTION: @@ -3204,7 +3204,7 @@ BN_nist_mod_521 3615 EXIST::FUNCTION: X509_policy_tree_get0_level 3616 EXIST::FUNCTION: EC_GROUP_set_point_conversion_form 3617 EXIST:!VMS:FUNCTION:EC EC_GROUP_set_point_conv_form 3617 EXIST:VMS:FUNCTION:EC -PEM_read_EC_PUBKEY 3618 EXIST:!WIN16:FUNCTION:EC +PEM_read_EC_PUBKEY 3618 EXIST::FUNCTION:EC i2d_ECDSA_SIG 3619 EXIST::FUNCTION:ECDSA ECDSA_OpenSSL 3620 EXIST::FUNCTION:ECDSA STORE_delete_crl 3621 NOEXIST::FUNCTION: @@ -3219,9 +3219,9 @@ STORE_revoke_certificate 3628 NOEXIST::FUNCTION: BN_get0_nist_prime_256 3629 EXIST::FUNCTION: STORE_meth_get_delete_fn 3630 NOEXIST::FUNCTION: STORE_method_get_delete_function 3630 NOEXIST::FUNCTION: -SHA224_Init 3631 EXIST::FUNCTION:SHA,SHA256 -PEM_read_ECPrivateKey 3632 EXIST:!WIN16:FUNCTION:EC -SHA512_Init 3633 EXIST:!VMSVAX:FUNCTION:SHA,SHA512 +SHA224_Init 3631 EXIST::FUNCTION: +PEM_read_ECPrivateKey 3632 EXIST::FUNCTION:EC +SHA512_Init 3633 EXIST:!VMSVAX:FUNCTION: STORE_parse_attrs_endp 3634 NOEXIST::FUNCTION: BN_set_negative 3635 EXIST::FUNCTION: ERR_load_ECDSA_strings 3636 EXIST::FUNCTION:ECDSA @@ -3231,7 +3231,7 @@ i2v_ASN1_BIT_STRING 3639 EXIST::FUNCTION: STORE_OBJECT_free 3640 NOEXIST::FUNCTION: BN_nist_mod_384 3641 EXIST::FUNCTION: i2d_X509_CERT_PAIR 3642 EXIST::FUNCTION: -PEM_write_ECPKParameters 3643 EXIST:!WIN16:FUNCTION:EC +PEM_write_ECPKParameters 3643 EXIST::FUNCTION:EC ECDH_compute_key 3644 EXIST::FUNCTION:ECDH STORE_ATTR_INFO_get0_sha1str 3645 NOEXIST::FUNCTION: ENGINE_register_all_ECDH 3646 EXIST::FUNCTION:ENGINE @@ -3243,8 +3243,8 @@ STORE_get_ex_new_index 3650 NOEXIST::FUNCTION: EVP_PKEY_get_attr_by_OBJ 3651 EXIST::FUNCTION: X509_VERIFY_PARAM_add0_policy 3652 EXIST::FUNCTION: BN_GF2m_mod_solve_quad 3653 EXIST::FUNCTION:EC2M -SHA256 3654 EXIST::FUNCTION:SHA,SHA256 -i2d_ECPrivateKey_fp 3655 EXIST::FUNCTION:EC,FP_API +SHA256 3654 EXIST::FUNCTION: +i2d_ECPrivateKey_fp 3655 EXIST::FUNCTION:EC,STDIO X509_policy_tree_get0_user_policies 3656 EXIST:!VMS:FUNCTION: X509_pcy_tree_get0_usr_policies 3656 EXIST:VMS:FUNCTION: OPENSSL_DIR_read 3657 EXIST::FUNCTION: @@ -3255,32 +3255,32 @@ EC_POINT_get_affine_coords_GF2m 3660 EXIST:VMS:FUNCTION:EC,EC2M EC_GROUP_dup 3661 EXIST::FUNCTION:EC ENGINE_get_default_ECDSA 3662 EXIST::FUNCTION:ENGINE EC_KEY_new 3663 EXIST::FUNCTION:EC -SHA256_Transform 3664 EXIST::FUNCTION:SHA,SHA256 +SHA256_Transform 3664 EXIST::FUNCTION: EC_KEY_set_enc_flags 3665 EXIST::FUNCTION:EC ECDSA_verify 3666 EXIST::FUNCTION:ECDSA EC_POINT_point2hex 3667 EXIST::FUNCTION:EC ENGINE_get_STORE 3668 EXIST::FUNCTION:ENGINE -SHA512 3669 EXIST:!VMSVAX:FUNCTION:SHA,SHA512 +SHA512 3669 EXIST:!VMSVAX:FUNCTION: STORE_get_certificate 3670 NOEXIST::FUNCTION: ECDSA_do_sign_ex 3671 EXIST::FUNCTION:ECDSA ECDSA_do_verify 3672 EXIST::FUNCTION:ECDSA -d2i_ECPrivateKey_fp 3673 EXIST::FUNCTION:EC,FP_API +d2i_ECPrivateKey_fp 3673 EXIST::FUNCTION:EC,STDIO STORE_delete_certificate 3674 NOEXIST::FUNCTION: -SHA512_Transform 3675 EXIST:!VMSVAX:FUNCTION:SHA,SHA512 +SHA512_Transform 3675 EXIST:!VMSVAX:FUNCTION: X509_STORE_set1_param 3676 EXIST::FUNCTION: STORE_method_get_ctrl_function 3677 NOEXIST::FUNCTION: STORE_free 3678 NOEXIST::FUNCTION: -PEM_write_ECPrivateKey 3679 EXIST:!WIN16:FUNCTION:EC +PEM_write_ECPrivateKey 3679 EXIST::FUNCTION:EC STORE_meth_get_unlock_store_fn 3680 NOEXIST::FUNCTION: STORE_method_get_unlock_store_function 3680 NOEXIST::FUNCTION: STORE_get_ex_data 3681 NOEXIST::FUNCTION: EC_KEY_set_public_key 3682 EXIST::FUNCTION:EC -PEM_read_ECPKParameters 3683 EXIST:!WIN16:FUNCTION:EC +PEM_read_ECPKParameters 3683 EXIST::FUNCTION:EC X509_CERT_PAIR_new 3684 EXIST::FUNCTION: ENGINE_register_STORE 3685 EXIST::FUNCTION:ENGINE RSA_generate_key_ex 3686 EXIST::FUNCTION:RSA DSA_generate_parameters_ex 3687 EXIST::FUNCTION:DSA -ECParameters_print_fp 3688 EXIST::FUNCTION:EC,FP_API +ECParameters_print_fp 3688 EXIST::FUNCTION:EC,STDIO X509V3_NAME_from_section 3689 EXIST::FUNCTION: EVP_PKEY_add1_attr 3690 EXIST::FUNCTION: STORE_modify_crl 3691 NOEXIST::FUNCTION: @@ -3290,23 +3290,23 @@ POLICY_MAPPINGS_it 3693 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI GENERAL_SUBTREE_it 3694 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: GENERAL_SUBTREE_it 3694 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: EC_GROUP_get_curve_name 3695 EXIST::FUNCTION:EC -PEM_write_X509_CERT_PAIR 3696 EXIST:!WIN16:FUNCTION: +PEM_write_X509_CERT_PAIR 3696 EXIST::FUNCTION: BIO_dump_indent_cb 3697 EXIST::FUNCTION: d2i_X509_CERT_PAIR 3698 EXIST::FUNCTION: STORE_list_private_key_endp 3699 NOEXIST::FUNCTION: asn1_const_Finish 3700 EXIST::FUNCTION: -i2d_EC_PUBKEY_fp 3701 EXIST::FUNCTION:EC,FP_API +i2d_EC_PUBKEY_fp 3701 EXIST::FUNCTION:EC,STDIO BN_nist_mod_256 3702 EXIST::FUNCTION: X509_VERIFY_PARAM_add0_table 3703 EXIST::FUNCTION: pqueue_free 3704 EXIST::FUNCTION: BN_BLINDING_create_param 3705 EXIST::FUNCTION: ECDSA_size 3706 EXIST::FUNCTION:ECDSA -d2i_EC_PUBKEY_bio 3707 EXIST::FUNCTION:BIO,EC +d2i_EC_PUBKEY_bio 3707 EXIST::FUNCTION:EC BN_get0_nist_prime_521 3708 EXIST::FUNCTION: STORE_ATTR_INFO_modify_sha1str 3709 NOEXIST::FUNCTION: BN_generate_prime_ex 3710 EXIST::FUNCTION: EC_GROUP_new_by_curve_name 3711 EXIST::FUNCTION:EC -SHA256_Final 3712 EXIST::FUNCTION:SHA,SHA256 +SHA256_Final 3712 EXIST::FUNCTION: DH_generate_parameters_ex 3713 EXIST::FUNCTION:DH PEM_read_bio_ECPrivateKey 3714 EXIST::FUNCTION:EC STORE_meth_get_cleanup_fn 3715 NOEXIST::FUNCTION: @@ -3319,7 +3319,7 @@ X509_policy_check 3720 EXIST::FUNCTION: EVP_PKEY_get_attr_by_NID 3721 EXIST::FUNCTION: STORE_set_ex_data 3722 NOEXIST::FUNCTION: ENGINE_get_ECDSA 3723 EXIST::FUNCTION:ENGINE -EVP_ecdsa 3724 EXIST::FUNCTION:SHA +EVP_ecdsa 3724 EXIST::FUNCTION: BN_BLINDING_get_flags 3725 EXIST::FUNCTION: PKCS12_add_cert 3726 EXIST::FUNCTION: STORE_OBJECT_new 3727 NOEXIST::FUNCTION: @@ -3332,22 +3332,22 @@ d2i_ECParameters 3733 EXIST::FUNCTION:EC STORE_list_certificate_end 3734 NOEXIST::FUNCTION: STORE_get_crl 3735 NOEXIST::FUNCTION: X509_POLICY_NODE_print 3736 EXIST::FUNCTION: -SHA384_Init 3737 EXIST:!VMSVAX:FUNCTION:SHA,SHA512 +SHA384_Init 3737 EXIST:!VMSVAX:FUNCTION: EC_GF2m_simple_method 3738 EXIST::FUNCTION:EC,EC2M ECDSA_set_ex_data 3739 EXIST::FUNCTION:ECDSA -SHA384_Final 3740 EXIST:!VMSVAX:FUNCTION:SHA,SHA512 +SHA384_Final 3740 EXIST:!VMSVAX:FUNCTION: PKCS7_set_digest 3741 EXIST::FUNCTION: -EC_KEY_print 3742 EXIST::FUNCTION:BIO,EC +EC_KEY_print 3742 EXIST::FUNCTION:EC STORE_meth_set_lock_store_fn 3743 NOEXIST::FUNCTION: STORE_method_set_lock_store_function 3743 NOEXIST::FUNCTION: ECDSA_get_ex_new_index 3744 EXIST::FUNCTION:ECDSA -SHA384 3745 EXIST:!VMSVAX:FUNCTION:SHA,SHA512 +SHA384 3745 EXIST:!VMSVAX:FUNCTION: POLICY_MAPPING_new 3746 EXIST::FUNCTION: STORE_list_certificate_endp 3747 NOEXIST::FUNCTION: X509_STORE_CTX_get0_policy_tree 3748 EXIST::FUNCTION: EC_GROUP_set_asn1_flag 3749 EXIST::FUNCTION:EC EC_KEY_check_key 3750 EXIST::FUNCTION:EC -d2i_EC_PUBKEY_fp 3751 EXIST::FUNCTION:EC,FP_API +d2i_EC_PUBKEY_fp 3751 EXIST::FUNCTION:EC,STDIO PKCS7_set0_type_other 3752 EXIST::FUNCTION: PEM_read_bio_X509_CERT_PAIR 3753 EXIST::FUNCTION: pqueue_next 3754 EXIST::FUNCTION: @@ -3362,12 +3362,12 @@ PKCS12_add_key 3761 EXIST::FUNCTION: DSO_merge 3762 EXIST::FUNCTION: EC_POINT_hex2point 3763 EXIST::FUNCTION:EC BIO_dump_cb 3764 EXIST::FUNCTION: -SHA256_Update 3765 EXIST::FUNCTION:SHA,SHA256 +SHA256_Update 3765 EXIST::FUNCTION: pqueue_insert 3766 EXIST::FUNCTION: pitem_free 3767 EXIST::FUNCTION: BN_GF2m_mod_inv_arr 3768 EXIST::FUNCTION:EC2M ENGINE_unregister_ECDSA 3769 EXIST::FUNCTION:ENGINE -BN_BLINDING_set_thread_id 3770 EXIST::FUNCTION:DEPRECATED +BN_BLINDING_set_thread_id 3770 NOEXIST::FUNCTION: get_rfc3526_prime_8192 3771 EXIST::FUNCTION: X509_VERIFY_PARAM_clear_flags 3772 EXIST::FUNCTION: get_rfc2409_prime_1024 3773 EXIST::FUNCTION: @@ -3411,106 +3411,106 @@ EVP_camellia_256_cfb8 3810 EXIST::FUNCTION:CAMELLIA EVP_camellia_256_ecb 3811 EXIST::FUNCTION:CAMELLIA EVP_camellia_256_ofb 3812 EXIST::FUNCTION:CAMELLIA a2i_ipadd 3813 EXIST::FUNCTION: -ASIdentifiers_free 3814 EXIST::FUNCTION:RFC3779 -i2d_ASIdOrRange 3815 EXIST::FUNCTION:RFC3779 +ASIdentifiers_free 3814 EXIST::FUNCTION: +i2d_ASIdOrRange 3815 EXIST::FUNCTION: EVP_CIPHER_block_size 3816 EXIST::FUNCTION: -v3_asid_is_canonical 3817 EXIST::FUNCTION:RFC3779 -IPAddressChoice_free 3818 EXIST::FUNCTION:RFC3779 +v3_asid_is_canonical 3817 EXIST::FUNCTION: +IPAddressChoice_free 3818 EXIST::FUNCTION: EVP_CIPHER_CTX_set_app_data 3819 EXIST::FUNCTION: BIO_set_callback_arg 3820 EXIST::FUNCTION: -v3_addr_add_prefix 3821 EXIST::FUNCTION:RFC3779 -IPAddressOrRange_it 3822 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779 -IPAddressOrRange_it 3822 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779 +v3_addr_add_prefix 3821 EXIST::FUNCTION: +IPAddressOrRange_it 3822 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +IPAddressOrRange_it 3822 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: BIO_set_flags 3823 EXIST::FUNCTION: -ASIdentifiers_it 3824 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779 -ASIdentifiers_it 3824 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779 -v3_addr_get_range 3825 EXIST::FUNCTION:RFC3779 +ASIdentifiers_it 3824 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +ASIdentifiers_it 3824 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +v3_addr_get_range 3825 EXIST::FUNCTION: BIO_method_type 3826 EXIST::FUNCTION: -v3_addr_inherits 3827 EXIST::FUNCTION:RFC3779 -IPAddressChoice_it 3828 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779 -IPAddressChoice_it 3828 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779 +v3_addr_inherits 3827 EXIST::FUNCTION: +IPAddressChoice_it 3828 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +IPAddressChoice_it 3828 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: AES_ige_encrypt 3829 EXIST::FUNCTION:AES -v3_addr_add_range 3830 EXIST::FUNCTION:RFC3779 +v3_addr_add_range 3830 EXIST::FUNCTION: EVP_CIPHER_CTX_nid 3831 EXIST::FUNCTION: -d2i_ASRange 3832 EXIST::FUNCTION:RFC3779 -v3_addr_add_inherit 3833 EXIST::FUNCTION:RFC3779 -v3_asid_add_id_or_range 3834 EXIST::FUNCTION:RFC3779 -v3_addr_validate_resource_set 3835 EXIST::FUNCTION:RFC3779 +d2i_ASRange 3832 EXIST::FUNCTION: +v3_addr_add_inherit 3833 EXIST::FUNCTION: +v3_asid_add_id_or_range 3834 EXIST::FUNCTION: +v3_addr_validate_resource_set 3835 EXIST::FUNCTION: EVP_CIPHER_iv_length 3836 EXIST::FUNCTION: EVP_MD_type 3837 EXIST::FUNCTION: -v3_asid_canonize 3838 EXIST::FUNCTION:RFC3779 -IPAddressRange_free 3839 EXIST::FUNCTION:RFC3779 -v3_asid_add_inherit 3840 EXIST::FUNCTION:RFC3779 +v3_asid_canonize 3838 EXIST::FUNCTION: +IPAddressRange_free 3839 EXIST::FUNCTION: +v3_asid_add_inherit 3840 EXIST::FUNCTION: EVP_CIPHER_CTX_key_length 3841 EXIST::FUNCTION: -IPAddressRange_new 3842 EXIST::FUNCTION:RFC3779 -ASIdOrRange_new 3843 EXIST::FUNCTION:RFC3779 +IPAddressRange_new 3842 EXIST::FUNCTION: +ASIdOrRange_new 3843 EXIST::FUNCTION: EVP_MD_size 3844 EXIST::FUNCTION: EVP_MD_CTX_test_flags 3845 EXIST::FUNCTION: BIO_clear_flags 3846 EXIST::FUNCTION: -i2d_ASRange 3847 EXIST::FUNCTION:RFC3779 -IPAddressRange_it 3848 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779 -IPAddressRange_it 3848 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779 -IPAddressChoice_new 3849 EXIST::FUNCTION:RFC3779 -ASIdentifierChoice_new 3850 EXIST::FUNCTION:RFC3779 -ASRange_free 3851 EXIST::FUNCTION:RFC3779 +i2d_ASRange 3847 EXIST::FUNCTION: +IPAddressRange_it 3848 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +IPAddressRange_it 3848 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +IPAddressChoice_new 3849 EXIST::FUNCTION: +ASIdentifierChoice_new 3850 EXIST::FUNCTION: +ASRange_free 3851 EXIST::FUNCTION: EVP_MD_pkey_type 3852 EXIST::FUNCTION: EVP_MD_CTX_clear_flags 3853 EXIST::FUNCTION: -IPAddressFamily_free 3854 EXIST::FUNCTION:RFC3779 -i2d_IPAddressFamily 3855 EXIST::FUNCTION:RFC3779 -IPAddressOrRange_new 3856 EXIST::FUNCTION:RFC3779 +IPAddressFamily_free 3854 EXIST::FUNCTION: +i2d_IPAddressFamily 3855 EXIST::FUNCTION: +IPAddressOrRange_new 3856 EXIST::FUNCTION: EVP_CIPHER_flags 3857 EXIST::FUNCTION: -v3_asid_validate_resource_set 3858 EXIST::FUNCTION:RFC3779 -d2i_IPAddressRange 3859 EXIST::FUNCTION:RFC3779 +v3_asid_validate_resource_set 3858 EXIST::FUNCTION: +d2i_IPAddressRange 3859 EXIST::FUNCTION: AES_bi_ige_encrypt 3860 EXIST::FUNCTION:AES BIO_get_callback 3861 EXIST::FUNCTION: -IPAddressOrRange_free 3862 EXIST::FUNCTION:RFC3779 -v3_addr_subset 3863 EXIST::FUNCTION:RFC3779 -d2i_IPAddressFamily 3864 EXIST::FUNCTION:RFC3779 -v3_asid_subset 3865 EXIST::FUNCTION:RFC3779 +IPAddressOrRange_free 3862 EXIST::FUNCTION: +v3_addr_subset 3863 EXIST::FUNCTION: +d2i_IPAddressFamily 3864 EXIST::FUNCTION: +v3_asid_subset 3865 EXIST::FUNCTION: BIO_test_flags 3866 EXIST::FUNCTION: -i2d_ASIdentifierChoice 3867 EXIST::FUNCTION:RFC3779 -ASRange_it 3868 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779 -ASRange_it 3868 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779 -d2i_ASIdentifiers 3869 EXIST::FUNCTION:RFC3779 -ASRange_new 3870 EXIST::FUNCTION:RFC3779 -d2i_IPAddressChoice 3871 EXIST::FUNCTION:RFC3779 -v3_addr_get_afi 3872 EXIST::FUNCTION:RFC3779 +i2d_ASIdentifierChoice 3867 EXIST::FUNCTION: +ASRange_it 3868 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +ASRange_it 3868 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +d2i_ASIdentifiers 3869 EXIST::FUNCTION: +ASRange_new 3870 EXIST::FUNCTION: +d2i_IPAddressChoice 3871 EXIST::FUNCTION: +v3_addr_get_afi 3872 EXIST::FUNCTION: EVP_CIPHER_key_length 3873 EXIST::FUNCTION: EVP_Cipher 3874 EXIST::FUNCTION: -i2d_IPAddressOrRange 3875 EXIST::FUNCTION:RFC3779 -ASIdOrRange_it 3876 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779 -ASIdOrRange_it 3876 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779 +i2d_IPAddressOrRange 3875 EXIST::FUNCTION: +ASIdOrRange_it 3876 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +ASIdOrRange_it 3876 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: EVP_CIPHER_nid 3877 EXIST::FUNCTION: -i2d_IPAddressChoice 3878 EXIST::FUNCTION:RFC3779 +i2d_IPAddressChoice 3878 EXIST::FUNCTION: EVP_CIPHER_CTX_block_size 3879 EXIST::FUNCTION: -ASIdentifiers_new 3880 EXIST::FUNCTION:RFC3779 -v3_addr_validate_path 3881 EXIST::FUNCTION:RFC3779 -IPAddressFamily_new 3882 EXIST::FUNCTION:RFC3779 +ASIdentifiers_new 3880 EXIST::FUNCTION: +v3_addr_validate_path 3881 EXIST::FUNCTION: +IPAddressFamily_new 3882 EXIST::FUNCTION: EVP_MD_CTX_set_flags 3883 EXIST::FUNCTION: -v3_addr_is_canonical 3884 EXIST::FUNCTION:RFC3779 -i2d_IPAddressRange 3885 EXIST::FUNCTION:RFC3779 -IPAddressFamily_it 3886 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779 -IPAddressFamily_it 3886 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779 -v3_asid_inherits 3887 EXIST::FUNCTION:RFC3779 +v3_addr_is_canonical 3884 EXIST::FUNCTION: +i2d_IPAddressRange 3885 EXIST::FUNCTION: +IPAddressFamily_it 3886 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +IPAddressFamily_it 3886 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +v3_asid_inherits 3887 EXIST::FUNCTION: EVP_CIPHER_CTX_cipher 3888 EXIST::FUNCTION: EVP_CIPHER_CTX_get_app_data 3889 EXIST::FUNCTION: EVP_MD_block_size 3890 EXIST::FUNCTION: EVP_CIPHER_CTX_flags 3891 EXIST::FUNCTION: -v3_asid_validate_path 3892 EXIST::FUNCTION:RFC3779 -d2i_IPAddressOrRange 3893 EXIST::FUNCTION:RFC3779 -v3_addr_canonize 3894 EXIST::FUNCTION:RFC3779 -ASIdentifierChoice_it 3895 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779 -ASIdentifierChoice_it 3895 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779 +v3_asid_validate_path 3892 EXIST::FUNCTION: +d2i_IPAddressOrRange 3893 EXIST::FUNCTION: +v3_addr_canonize 3894 EXIST::FUNCTION: +ASIdentifierChoice_it 3895 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +ASIdentifierChoice_it 3895 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: EVP_MD_CTX_md 3896 EXIST::FUNCTION: -d2i_ASIdentifierChoice 3897 EXIST::FUNCTION:RFC3779 +d2i_ASIdentifierChoice 3897 EXIST::FUNCTION: BIO_method_name 3898 EXIST::FUNCTION: EVP_CIPHER_CTX_iv_length 3899 EXIST::FUNCTION: -ASIdOrRange_free 3900 EXIST::FUNCTION:RFC3779 -ASIdentifierChoice_free 3901 EXIST::FUNCTION:RFC3779 +ASIdOrRange_free 3900 EXIST::FUNCTION: +ASIdentifierChoice_free 3901 EXIST::FUNCTION: BIO_get_callback_arg 3902 EXIST::FUNCTION: BIO_set_callback 3903 EXIST::FUNCTION: -d2i_ASIdOrRange 3904 EXIST::FUNCTION:RFC3779 -i2d_ASIdentifiers 3905 EXIST::FUNCTION:RFC3779 +d2i_ASIdOrRange 3904 EXIST::FUNCTION: +i2d_ASIdentifiers 3905 EXIST::FUNCTION: CRYPTO_memcmp 3906 EXIST::FUNCTION: BN_consttime_swap 3907 EXIST::FUNCTION: SEED_decrypt 3908 EXIST::FUNCTION:SEED @@ -3546,7 +3546,7 @@ BIO_f_zlib 3935 EXIST:ZLIB:FUNCTION: COMP_zlib_cleanup 3936 EXIST::FUNCTION: d2i_X509_ALGORS 3937 EXIST::FUNCTION: CMS_ReceiptRequest_free 3938 EXIST::FUNCTION:CMS -PEM_write_CMS 3939 EXIST:!WIN16:FUNCTION:CMS +PEM_write_CMS 3939 EXIST::FUNCTION:CMS CMS_add0_CertificateChoices 3940 EXIST::FUNCTION:CMS CMS_unsigned_add1_attr_by_OBJ 3941 EXIST::FUNCTION:CMS ERR_load_CMS_strings 3942 EXIST::FUNCTION:CMS @@ -3592,7 +3592,7 @@ int_smime_write_ASN1 3979 NOEXIST::FUNCTION: CMS_unsigned_delete_attr 3980 EXIST::FUNCTION:CMS CMS_unsigned_get_attr_count 3981 EXIST::FUNCTION:CMS CMS_add_smimecap 3982 EXIST::FUNCTION:CMS -PEM_read_CMS 3983 EXIST:!WIN16:FUNCTION:CMS +PEM_read_CMS 3983 EXIST::FUNCTION:CMS CMS_signed_get_attr_by_OBJ 3984 EXIST::FUNCTION:CMS d2i_CMS_ContentInfo 3985 EXIST::FUNCTION:CMS CMS_add_standard_smimecap 3986 EXIST::FUNCTION:CMS @@ -3913,7 +3913,7 @@ TS_VERIFY_CTX_cleanup 4291 EXIST::FUNCTION: TS_STATUS_INFO_free 4292 EXIST::FUNCTION: TS_RESP_verify_token 4293 EXIST::FUNCTION: OBJ_bsearch_ex_ 4294 EXIST::FUNCTION: -ASN1_bn_print 4295 EXIST::FUNCTION:BIO +ASN1_bn_print 4295 EXIST::FUNCTION: EVP_PKEY_asn1_get_count 4296 EXIST::FUNCTION: ENGINE_register_pkey_asn1_meths 4297 EXIST::FUNCTION:ENGINE ASN1_PCTX_set_nm_flags 4298 EXIST::FUNCTION: @@ -4266,7 +4266,7 @@ EVP_rc4_hmac_md5 4633 EXIST::FUNCTION:MD5,RC4 CRYPTO_nistcts128_decrypt_block 4634 EXIST::FUNCTION: CRYPTO_gcm128_setiv 4635 EXIST::FUNCTION: CRYPTO_nistcts128_encrypt 4636 EXIST::FUNCTION: -EVP_aes_128_cbc_hmac_sha1 4637 EXIST::FUNCTION:AES,SHA,SHA1 +EVP_aes_128_cbc_hmac_sha1 4637 EXIST::FUNCTION:AES CRYPTO_gcm128_tag 4638 EXIST::FUNCTION: CRYPTO_ccm128_encrypt_ccm64 4639 EXIST::FUNCTION: ENGINE_load_rdrand 4640 EXIST::FUNCTION:ENGINE @@ -4285,23 +4285,23 @@ ENGINE_load_rsax 4652 NOEXIST::FUNCTION: CRYPTO_gcm128_decrypt_ctr32 4653 EXIST::FUNCTION: CRYPTO_gcm128_encrypt_ctr32 4654 EXIST::FUNCTION: CRYPTO_gcm128_finish 4655 EXIST::FUNCTION: -EVP_aes_256_cbc_hmac_sha1 4656 EXIST::FUNCTION:AES,SHA,SHA1 +EVP_aes_256_cbc_hmac_sha1 4656 EXIST::FUNCTION:AES PKCS5_pbkdf2_set 4657 EXIST::FUNCTION: CMS_add0_recipient_password 4658 EXIST::FUNCTION:CMS CMS_decrypt_set1_password 4659 EXIST::FUNCTION:CMS CMS_RecipientInfo_set0_password 4660 EXIST::FUNCTION:CMS RAND_set_fips_drbg_type 4661 NOEXIST::FUNCTION: -X509_REQ_sign_ctx 4662 EXIST::FUNCTION:EVP +X509_REQ_sign_ctx 4662 EXIST::FUNCTION: RSA_PSS_PARAMS_new 4663 EXIST::FUNCTION:RSA -X509_CRL_sign_ctx 4664 EXIST::FUNCTION:EVP -X509_signature_dump 4665 EXIST::FUNCTION:EVP +X509_CRL_sign_ctx 4664 EXIST::FUNCTION: +X509_signature_dump 4665 EXIST::FUNCTION: d2i_RSA_PSS_PARAMS 4666 EXIST::FUNCTION:RSA RSA_PSS_PARAMS_it 4667 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA RSA_PSS_PARAMS_it 4667 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA RSA_PSS_PARAMS_free 4668 EXIST::FUNCTION:RSA -X509_sign_ctx 4669 EXIST::FUNCTION:EVP +X509_sign_ctx 4669 EXIST::FUNCTION: i2d_RSA_PSS_PARAMS 4670 EXIST::FUNCTION:RSA -ASN1_item_sign_ctx 4671 EXIST::FUNCTION:EVP +ASN1_item_sign_ctx 4671 EXIST::FUNCTION: EC_GFp_nistp521_method 4672 EXIST:!WIN32:FUNCTION:EC,EC_NISTP_64_GCC_128 EC_GFp_nistp256_method 4673 EXIST:!WIN32:FUNCTION:EC,EC_NISTP_64_GCC_128 OPENSSL_stderr 4674 EXIST::FUNCTION: @@ -4316,7 +4316,7 @@ BIO_dgram_sctp_notification_cb 4682 EXIST::FUNCTION:SCTP i2d_DHxparams 4683 EXIST::FUNCTION:DH EC_curve_nist2nid 4684 EXIST::FUNCTION:EC DH_get_1024_160 4685 EXIST::FUNCTION:DH -PEM_write_DHxparams 4686 EXIST:!WIN16:FUNCTION:DH +PEM_write_DHxparams 4686 EXIST::FUNCTION:DH d2i_DHxparams 4687 EXIST::FUNCTION:DH EC_curve_nid2nist 4688 EXIST::FUNCTION:EC DH_get_2048_256 4689 EXIST::FUNCTION:DH @@ -4337,7 +4337,7 @@ X509_VERIFY_PARAM_set1_ip 4703 EXIST::FUNCTION: X509_check_ip 4704 EXIST::FUNCTION: X509_STORE_set_lookup_crls_cb 4705 EXIST::FUNCTION: X509_CRL_diff 4706 EXIST::FUNCTION: -X509_CRL_http_nbio 4707 EXIST::FUNCTION:EVP +X509_CRL_http_nbio 4707 EXIST::FUNCTION: OCSP_REQ_CTX_i2d 4708 EXIST::FUNCTION: OCSP_REQ_CTX_get0_mem_bio 4709 EXIST::FUNCTION: X509_STORE_CTX_get0_store 4710 EXIST::FUNCTION: @@ -4345,7 +4345,7 @@ X509_REVOKED_dup 4711 EXIST::FUNCTION: CMS_RecipientInfo_encrypt 4712 EXIST::FUNCTION:CMS OCSP_REQ_CTX_http 4713 EXIST::FUNCTION: OCSP_REQ_CTX_nbio 4714 EXIST::FUNCTION: -X509_http_nbio 4715 EXIST::FUNCTION:EVP +X509_http_nbio 4715 EXIST::FUNCTION: OCSP_set_max_response_length 4716 EXIST::FUNCTION: OCSP_REQ_CTX_new 4717 EXIST::FUNCTION: OCSP_REQ_CTX_nbio_d2i 4718 EXIST::FUNCTION: @@ -4358,45 +4358,46 @@ CMS_RecipientInfo_kari_decrypt 4724 EXIST::FUNCTION:CMS CMS_SignerInfo_get0_pkey_ctx 4725 EXIST::FUNCTION:CMS ECDSA_METHOD_set_flags 4726 EXIST::FUNCTION:ECDSA ECDSA_METHOD_set_sign_setup 4727 EXIST::FUNCTION:ECDSA -CMS_RecipInfo_kari_orig_id_cmp 4728 NOEXIST::FUNCTION: -CMS_RecipientInfo_kari_orig_id_cmp 4728 EXIST::FUNCTION:CMS +CMS_RecipientInfo_kari_orig_id_cmp 4728 EXIST:!VMS:FUNCTION:CMS +CMS_RecipInfo_kari_orig_id_cmp 4728 EXIST:VMS:FUNCTION:CMS CMS_RecipientInfo_kari_get0_alg 4729 EXIST::FUNCTION:CMS EVP_aes_192_wrap 4730 EXIST::FUNCTION:AES -EVP_aes_128_cbc_hmac_sha256 4731 EXIST::FUNCTION:AES,SHA256 +EVP_aes_128_cbc_hmac_sha256 4731 EXIST::FUNCTION:AES DH_compute_key_padded 4732 EXIST::FUNCTION:DH ECDSA_METHOD_set_sign 4733 EXIST::FUNCTION:ECDSA -CMS_RecipEncryptedKey_cert_cmp 4734 NOEXIST::FUNCTION: -CMS_RecipientEncryptedKey_cert_cmp 4734 EXIST::FUNCTION:CMS +CMS_RecipientEncryptedKey_cert_cmp 4734 EXIST:!VMS:FUNCTION:CMS +CMS_RecipEncryptedKey_cert_cmp 4734 EXIST:VMS:FUNCTION:CMS DH_KDF_X9_42 4735 EXIST::FUNCTION:DH RSA_OAEP_PARAMS_free 4736 EXIST::FUNCTION:RSA EVP_des_ede3_wrap 4737 EXIST::FUNCTION:DES RSA_OAEP_PARAMS_it 4738 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA RSA_OAEP_PARAMS_it 4738 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA ASN1_TIME_diff 4739 EXIST::FUNCTION: -EVP_aes_256_cbc_hmac_sha256 4740 EXIST::FUNCTION:AES,SHA256 +EVP_aes_256_cbc_hmac_sha256 4740 EXIST::FUNCTION:AES CMS_SignerInfo_get0_signature 4741 EXIST::FUNCTION:CMS -CMS_RecipInfo_kari_get0_reks 4742 NOEXIST::FUNCTION: -CMS_RecipientInfo_kari_get0_reks 4742 EXIST::FUNCTION:CMS +CMS_RecipientInfo_kari_get0_reks 4742 EXIST:!VMS:FUNCTION:CMS +CMS_RecipInfo_kari_get0_reks 4742 EXIST:VMS:FUNCTION:CMS EVP_aes_128_wrap 4743 EXIST::FUNCTION:AES CMS_SignerInfo_get0_md_ctx 4744 EXIST::FUNCTION:CMS OPENSSL_gmtime_diff 4745 EXIST::FUNCTION: -CMS_RecipInfo_kari_set0_pkey 4746 NOEXIST::FUNCTION: -CMS_RecipientInfo_kari_set0_pkey 4746 EXIST::FUNCTION:CMS +CMS_RecipientInfo_kari_set0_pkey 4746 EXIST:!VMS:FUNCTION:CMS +CMS_RecipInfo_kari_set0_pkey 4746 EXIST:VMS:FUNCTION:CMS i2d_RSA_OAEP_PARAMS 4747 EXIST::FUNCTION:RSA d2i_RSA_OAEP_PARAMS 4748 EXIST::FUNCTION:RSA ECDH_KDF_X9_62 4749 EXIST::FUNCTION:ECDH CMS_RecipientInfo_kari_get0_ctx 4750 EXIST::FUNCTION:CMS ECDSA_METHOD_new 4751 EXIST::FUNCTION:ECDSA CMS_RecipientInfo_get0_pkey_ctx 4752 EXIST::FUNCTION:CMS -CMS_RecipEncryptedKey_get0_id 4753 NOEXIST::FUNCTION: -CMS_RecipientEncryptedKey_get0_id 4753 EXIST::FUNCTION:CMS +CMS_RecipientEncryptedKey_get0_id 4753 EXIST:!VMS:FUNCTION:CMS +CMS_RecipEncryptedKey_get0_id 4753 EXIST:VMS:FUNCTION:CMS RSA_pad_check_PKCS1_OAEP_mgf1 4754 NOEXIST::FUNCTION: -RSA_padding_check_PKCS1_OAEP_mgf1 4754 EXIST::FUNCTION:RSA +RSA_padding_check_PKCS1_OAEP_mgf1 4754 EXIST:!VMS:FUNCTION:RSA +RSA_padding_chk_PKCS1_OAEP_mgf1 4754 EXIST:VMS:FUNCTION:RSA ECDSA_METHOD_set_verify 4755 EXIST::FUNCTION:ECDSA CMS_SharedInfo_encode 4756 EXIST::FUNCTION:CMS RSA_padding_add_PKCS1_OAEP_mgf1 4757 EXIST::FUNCTION:RSA -CMS_RecipInfo_kari_get0_orig_id 4758 NOEXIST::FUNCTION: -CMS_RecipientInfo_kari_get0_orig_id 4758 EXIST::FUNCTION:CMS +CMS_RecipientInfo_kari_get0_orig_id 4758 EXIST:!VMS:FUNCTION:CMS +CMS_RecipInfo_kari_get0_orig_id 4758 EXIST:VMS:FUNCTION:CMS ECDSA_METHOD_free 4759 EXIST::FUNCTION:ECDSA X509_VERIFY_PARAM_get_count 4760 EXIST::FUNCTION: X509_VERIFY_PARAM_get0_name 4761 EXIST::FUNCTION: diff --git a/util/mkdef.pl b/util/mkdef.pl index be7dd42..ed10da2 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -83,7 +83,7 @@ my @known_platforms = ( "__FreeBSD__", "PERL5", my @known_ossl_platforms = ( "VMS", "WIN32", "WINNT", "OS2" ); my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1", - "SHA256", "SHA512", "RIPEMD", + "SHA256", "SHA512", "RMD160", "MDC2", "WHIRLPOOL", "RSA", "DSA", "DH", "EC", "ECDH", "ECDSA", "EC2M", "HMAC", "AES", "CAMELLIA", "SEED", "GOST", # EC_NISTP_64_GCC_128 @@ -972,7 +972,7 @@ sub do_defs $a .= ",RC2" if($s =~ /EVP_rc2/); $a .= ",RC4" if($s =~ /EVP_rc4/); $a .= ",RC5" if($s =~ /EVP_rc5/); - $a .= ",RIPEMD" if($s =~ /EVP_ripemd/); + $a .= ",RMD160" if($s =~ /EVP_ripemd/); $a .= ",RSA" if($s =~ /EVP_(Open|Seal)(Final|Init)/); $a .= ",RSA" if($s =~ /PEM_Seal(Final|Init|Update)/); $a .= ",RSA" if($s =~ /RSAPrivateKey/); @@ -1179,7 +1179,7 @@ sub is_valid if ($keyword eq "MD4" && $no_md4) { return 0; } if ($keyword eq "MD5" && $no_md5) { return 0; } if ($keyword eq "SHA" && $no_sha) { return 0; } - if ($keyword eq "RIPEMD" && $no_ripemd) { return 0; } + if ($keyword eq "RMD160" && $no_ripemd) { return 0; } if ($keyword eq "MDC2" && $no_mdc2) { return 0; } if ($keyword eq "WHIRLPOOL" && $no_whirlpool) { return 0; } if ($keyword eq "RSA" && $no_rsa) { return 0; } diff --git a/util/ssleay.num b/util/ssleay.num index 53dbe6d..916318a 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -27,8 +27,8 @@ SSL_CTX_use_certificate_ASN1 29 EXIST::FUNCTION: SSL_CTX_use_certificate_file 30 EXIST::FUNCTION:STDIO SSL_SESSION_free 31 EXIST::FUNCTION: SSL_SESSION_new 32 EXIST::FUNCTION: -SSL_SESSION_print 33 EXIST::FUNCTION:BIO -SSL_SESSION_print_fp 34 EXIST::FUNCTION:FP_API +SSL_SESSION_print 33 EXIST::FUNCTION: +SSL_SESSION_print_fp 34 EXIST::FUNCTION:STDIO SSL_accept 35 EXIST::FUNCTION: SSL_add_client_CA 36 EXIST::FUNCTION: SSL_alert_desc_string 37 EXIST::FUNCTION: @@ -52,14 +52,14 @@ SSL_get_error 58 EXIST::FUNCTION: SSL_get_fd 59 EXIST::FUNCTION: SSL_get_peer_cert_chain 60 EXIST::FUNCTION: SSL_get_peer_certificate 61 EXIST::FUNCTION: -SSL_get_rbio 63 EXIST::FUNCTION:BIO +SSL_get_rbio 63 EXIST::FUNCTION: SSL_get_read_ahead 64 EXIST::FUNCTION: SSL_get_shared_ciphers 65 EXIST::FUNCTION: SSL_get_ssl_method 66 EXIST::FUNCTION: SSL_get_verify_callback 69 EXIST::FUNCTION: SSL_get_verify_mode 70 EXIST::FUNCTION: SSL_get_version 71 EXIST::FUNCTION: -SSL_get_wbio 72 EXIST::FUNCTION:BIO +SSL_get_wbio 72 EXIST::FUNCTION: SSL_load_client_CA_file 73 EXIST::FUNCTION:STDIO SSL_load_error_strings 74 EXIST::FUNCTION: SSL_new 75 EXIST::FUNCTION: @@ -70,7 +70,7 @@ SSL_renegotiate 79 EXIST::FUNCTION: SSL_rstate_string 80 EXIST::FUNCTION: SSL_rstate_string_long 81 EXIST::FUNCTION: SSL_set_accept_state 82 EXIST::FUNCTION: -SSL_set_bio 83 EXIST::FUNCTION:BIO +SSL_set_bio 83 EXIST::FUNCTION: SSL_set_cipher_list 84 EXIST::FUNCTION: SSL_set_client_CA_list 85 EXIST::FUNCTION: SSL_set_connect_state 86 EXIST::FUNCTION: @@ -106,17 +106,17 @@ SSLv3_method 117 EXIST::FUNCTION:SSL3_METHOD SSLv3_server_method 118 EXIST::FUNCTION:SSL3_METHOD d2i_SSL_SESSION 119 EXIST::FUNCTION: i2d_SSL_SESSION 120 EXIST::FUNCTION: -BIO_f_ssl 121 EXIST::FUNCTION:BIO -BIO_new_ssl 122 EXIST::FUNCTION:BIO +BIO_f_ssl 121 EXIST::FUNCTION: +BIO_new_ssl 122 EXIST::FUNCTION: BIO_proxy_ssl_copy_session_id 123 NOEXIST::FUNCTION: -BIO_ssl_copy_session_id 124 EXIST::FUNCTION:BIO +BIO_ssl_copy_session_id 124 EXIST::FUNCTION: SSL_do_handshake 125 EXIST::FUNCTION: SSL_get_privatekey 126 EXIST::FUNCTION: SSL_get_current_cipher 127 EXIST::FUNCTION: SSL_CIPHER_get_bits 128 EXIST::FUNCTION: SSL_CIPHER_get_version 129 EXIST::FUNCTION: SSL_CIPHER_get_name 130 EXIST::FUNCTION: -BIO_ssl_shutdown 131 EXIST::FUNCTION:BIO +BIO_ssl_shutdown 131 EXIST::FUNCTION: SSL_SESSION_cmp 132 NOEXIST::FUNCTION: SSL_SESSION_hash 133 NOEXIST::FUNCTION: SSL_SESSION_get_time 134 EXIST::FUNCTION: @@ -152,8 +152,8 @@ SSL_get_ex_new_index 169 EXIST::FUNCTION: TLSv1_method 170 EXIST::FUNCTION: TLSv1_server_method 171 EXIST::FUNCTION: TLSv1_client_method 172 EXIST::FUNCTION: -BIO_new_buffer_ssl_connect 173 EXIST::FUNCTION:BIO -BIO_new_ssl_connect 174 EXIST::FUNCTION:BIO +BIO_new_buffer_ssl_connect 173 EXIST::FUNCTION: +BIO_new_ssl_connect 174 EXIST::FUNCTION: SSL_get_ex_data_X509_STORE_CTX_idx 175 EXIST:!VMS:FUNCTION: SSL_get_ex_d_X509_STORE_CTX_idx 175 EXIST:VMS:FUNCTION: SSL_CTX_set_tmp_dh_callback 176 EXIST::FUNCTION:DH @@ -250,11 +250,11 @@ SSL_get_psk_identity_hint 297 EXIST::FUNCTION:PSK SSL_set_psk_server_callback 298 EXIST::FUNCTION:PSK SSL_use_psk_identity_hint 299 EXIST::FUNCTION:PSK SSL_set_psk_client_callback 300 EXIST::FUNCTION:PSK -PEM_read_SSL_SESSION 301 EXIST:!WIN16:FUNCTION: +PEM_read_SSL_SESSION 301 EXIST::FUNCTION: PEM_read_bio_SSL_SESSION 302 EXIST::FUNCTION: SSL_CTX_set_psk_server_callback 303 EXIST::FUNCTION:PSK SSL_get_psk_identity 304 EXIST::FUNCTION:PSK -PEM_write_SSL_SESSION 305 EXIST:!WIN16:FUNCTION: +PEM_write_SSL_SESSION 305 EXIST::FUNCTION: SSL_set_session_ticket_ext 306 EXIST::FUNCTION: SSL_set_session_secret_cb 307 EXIST::FUNCTION: SSL_set_session_ticket_ext_cb 308 EXIST::FUNCTION: @@ -333,7 +333,8 @@ SSL_CTX_set_srv_supp_data 371 NOEXIST::FUNCTION: SSL_CONF_cmd_argv 372 EXIST::FUNCTION: DTLSv1_2_server_method 373 EXIST::FUNCTION: SSL_COMP_set0_compress_methods 374 NOEXIST::FUNCTION: -SSL_COMP_set0_compression_methods 374 EXIST::FUNCTION:COMP +SSL_COMP_set0_compression_methods 374 EXIST:!VMS:FUNCTION:COMP +SSL_COMP_set0_compr_methods 374 EXIST:VMS:FUNCTION:COMP SSL_CTX_set_cert_cb 375 EXIST::FUNCTION: SSL_CTX_add_client_custom_ext 376 EXIST::FUNCTION:TLSEXT SSL_is_server 377 EXIST::FUNCTION: @@ -366,10 +367,11 @@ DTLSv1_2_method 404 EXIST::FUNCTION: DTLS_server_method 405 EXIST::FUNCTION: SSL_CTX_use_serverinfo_file 406 EXIST::FUNCTION:STDIO,TLSEXT SSL_COMP_free_compress_methods 407 NOEXIST::FUNCTION: -SSL_COMP_free_compression_methods 407 EXIST::FUNCTION:COMP +SSL_COMP_free_compression_methods 407 EXIST:!VMS:FUNCTION:COMP +SSL_COMP_free_compr_methods 407 EXIST:VMS:FUNCTION:COMP SSL_extension_supported 409 EXIST::FUNCTION:TLSEXT SSL_CTX_get_security_callback 410 EXIST::FUNCTION: -SSL_SESSION_print_keylog 411 EXIST::FUNCTION:BIO +SSL_SESSION_print_keylog 411 EXIST::FUNCTION: SSL_CTX_set_not_resumable_session_callback 412 EXIST:!VMS:FUNCTION: SSL_CTX_set_not_resumbl_sess_cb 412 EXIST:VMS:FUNCTION: SSL_get0_security_ex_data 413 EXIST::FUNCTION: From rsalz at openssl.org Thu Feb 5 14:45:02 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 5 Feb 2015 15:45:02 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150205144503.1A3B71E035F@butler.localdomain> The branch master has been updated via 7e35f06ea908e47f87b723b5e951ffc55463eb8b (commit) from 1f7103b6ebd1579e4ead17405f89d44330386949 (commit) - Log ----------------------------------------------------------------- commit 7e35f06ea908e47f87b723b5e951ffc55463eb8b Author: Rich Salz Date: Thu Feb 5 09:44:30 2015 -0500 Fixed bad formatting in crypto/des/spr.h Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: crypto/des/spr.h | 327 +++++++++++++++++++++++++----------------------------- 1 file changed, 151 insertions(+), 176 deletions(-) diff --git a/crypto/des/spr.h b/crypto/des/spr.h index 4d94639..e85d310 100644 --- a/crypto/des/spr.h +++ b/crypto/des/spr.h @@ -58,180 +58,155 @@ OPENSSL_GLOBAL const DES_LONG DES_SPtrans[8][64] = { { -/* nibble 0 */ - 0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L, - 0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L, - 0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L, - 0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L, - 0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L, - 0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L, - 0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L, - 0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L, - 0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L, - 0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L, - 0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L, - 0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L, - 0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L, - 0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L, - 0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L, - 0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L, - }, { -/* nibble 1 */ - 0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L, - 0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L, - 0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L, - 0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L, - 0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L, - 0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L, - 0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L, - 0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L, - 0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L, - 0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L, - 0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L, - 0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L, - 0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L, - 0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L, - 0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L, - 0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L, - }, { -/* nibble 2 */ - 0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L, - 0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L, - 0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L, - 0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L, - 0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L, - 0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L, - 0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L, - 0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L, - 0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L, - 0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L, - 0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L, - 0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L, - 0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L, - 0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L, - 0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L, - 0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L, - }, { -/* nibble 3 */ - 0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L, - 0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L, - 0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L, - 0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L, - 0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L, - 0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L, - 0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L, - 0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L, - 0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L, - 0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L, - 0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L, - 0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L, - 0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L, - 0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L, - 0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L, - 0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L, - }, { -/* nibble 4 */ - 0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L, - 0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L, - 0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L, - 0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L, - 0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L, - 0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L, - 0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L, - 0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L, - 0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L, - 0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L, - 0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L, - 0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L, - 0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L, - 0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L, - 0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L, - 0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L, - }, { -/* nibble 5 */ - 0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L, - 0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L, - 0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L, - 0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L, - 0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L, - 0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L, - 0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L, - 0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L, - 0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L, - 0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L, - 0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L, - 0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L, - 0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L, - 0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L, - 0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L, - 0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L, - }, { -/* nibble 6 */ - 0x00004000L, 0x00000200L, 0x01000200L, - 0x01000004L, - 0x01004204L, 0x00004004L, 0x00004200L, - 0x00000000L, - 0x01000000L, 0x01000204L, 0x00000204L, - 0x01004000L, - 0x00000004L, 0x01004200L, 0x01004000L, - 0x00000204L, - 0x01000204L, 0x00004000L, 0x00004004L, - 0x01004204L, - 0x00000000L, 0x01000200L, 0x01000004L, - 0x00004200L, - 0x01004004L, 0x00004204L, 0x01004200L, - 0x00000004L, - 0x00004204L, 0x01004004L, 0x00000200L, - 0x01000000L, - 0x00004204L, 0x01004000L, 0x01004004L, - 0x00000204L, - 0x00004000L, 0x00000200L, 0x01000000L, - 0x01004004L, - 0x01000204L, 0x00004204L, 0x00004200L, - 0x00000000L, - 0x00000200L, 0x01000004L, 0x00000004L, - 0x01000200L, - 0x00000000L, 0x01000204L, 0x01000200L, - 0x00004200L, - 0x00000204L, 0x00004000L, 0x01004204L, - 0x01000000L, - 0x01004200L, 0x00000004L, 0x00004004L, - 0x01004204L, - 0x01000004L, 0x01004200L, 0x01004000L, - 0x00004004L, - }, { -/* nibble 7 */ - 0x20800080L, 0x20820000L, 0x00020080L, - 0x00000000L, - 0x20020000L, 0x00800080L, 0x20800000L, - 0x20820080L, - 0x00000080L, 0x20000000L, 0x00820000L, - 0x00020080L, - 0x00820080L, 0x20020080L, 0x20000080L, - 0x20800000L, - 0x00020000L, 0x00820080L, 0x00800080L, - 0x20020000L, - 0x20820080L, 0x20000080L, 0x00000000L, - 0x00820000L, - 0x20000000L, 0x00800000L, 0x20020080L, - 0x20800080L, - 0x00800000L, 0x00020000L, 0x20820000L, - 0x00000080L, - 0x00800000L, 0x00020000L, 0x20000080L, - 0x20820080L, - 0x00020080L, 0x20000000L, 0x00000000L, - 0x00820000L, - 0x20800080L, 0x20020080L, 0x20020000L, - 0x00800080L, - 0x20820000L, 0x00000080L, 0x00800080L, - 0x20020000L, - 0x20820080L, 0x00800000L, 0x20800000L, - 0x20000080L, - 0x00820000L, 0x00020080L, 0x20020080L, - 0x20800000L, - 0x00000080L, 0x20820000L, 0x00820080L, - 0x00000000L, - 0x20000000L, 0x20800080L, 0x00020000L, - 0x00820080L, - } + /* nibble 0 */ + 0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L, + 0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L, + 0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L, + 0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L, + 0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L, + 0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L, + 0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L, + 0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L, + 0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L, + 0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L, + 0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L, + 0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L, + 0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L, + 0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L, + 0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L, + 0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L, + }, + { + /* nibble 1 */ + 0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L, + 0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L, + 0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L, + 0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L, + 0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L, + 0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L, + 0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L, + 0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L, + 0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L, + 0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L, + 0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L, + 0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L, + 0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L, + 0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L, + 0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L, + 0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L, + }, + { + /* nibble 2 */ + 0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L, + 0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L, + 0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L, + 0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L, + 0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L, + 0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L, + 0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L, + 0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L, + 0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L, + 0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L, + 0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L, + 0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L, + 0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L, + 0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L, + 0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L, + 0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L, + }, + { + /* nibble 3 */ + 0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L, + 0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L, + 0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L, + 0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L, + 0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L, + 0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L, + 0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L, + 0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L, + 0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L, + 0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L, + 0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L, + 0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L, + 0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L, + 0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L, + 0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L, + 0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L, + }, + { + /* nibble 4 */ + 0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L, + 0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L, + 0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L, + 0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L, + 0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L, + 0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L, + 0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L, + 0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L, + 0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L, + 0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L, + 0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L, + 0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L, + 0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L, + 0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L, + 0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L, + 0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L, + }, + { + /* nibble 5 */ + 0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L, + 0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L, + 0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L, + 0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L, + 0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L, + 0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L, + 0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L, + 0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L, + 0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L, + 0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L, + 0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L, + 0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L, + 0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L, + 0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L, + 0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L, + 0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L, + }, + { + /* nibble 6 */ + 0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L, + 0x01004204L, 0x00004004L, 0x00004200L, 0x00000000L, + 0x01000000L, 0x01000204L, 0x00000204L, 0x01004000L, + 0x00000004L, 0x01004200L, 0x01004000L, 0x00000204L, + 0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L, + 0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L, + 0x01004004L, 0x00004204L, 0x01004200L, 0x00000004L, + 0x00004204L, 0x01004004L, 0x00000200L, 0x01000000L, + 0x00004204L, 0x01004000L, 0x01004004L, 0x00000204L, + 0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L, + 0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L, + 0x00000200L, 0x01000004L, 0x00000004L, 0x01000200L, + 0x00000000L, 0x01000204L, 0x01000200L, 0x00004200L, + 0x00000204L, 0x00004000L, 0x01004204L, 0x01000000L, + 0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L, + 0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L, + }, + { + /* nibble 7 */ + 0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L, + 0x20020000L, 0x00800080L, 0x20800000L, 0x20820080L, + 0x00000080L, 0x20000000L, 0x00820000L, 0x00020080L, + 0x00820080L, 0x20020080L, 0x20000080L, 0x20800000L, + 0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L, + 0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L, + 0x20000000L, 0x00800000L, 0x20020080L, 0x20800080L, + 0x00800000L, 0x00020000L, 0x20820000L, 0x00000080L, + 0x00800000L, 0x00020000L, 0x20000080L, 0x20820080L, + 0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L, + 0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L, + 0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L, + 0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L, + 0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L, + 0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L, + 0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L, + } }; From rsalz at openssl.org Thu Feb 5 14:45:33 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 5 Feb 2015 15:45:33 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150205144535.11EC01E035F@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via 16064539aded747bf1632d3fa5f35a5c8ee57348 (commit) from 75c77a71fa50b5dc0678800caf6a521cdfc8f1dc (commit) - Log ----------------------------------------------------------------- commit 16064539aded747bf1632d3fa5f35a5c8ee57348 Author: Rich Salz Date: Thu Feb 5 09:44:30 2015 -0500 Fixed bad formatting in crypto/des/spr.h Reviewed-by: Andy Polyakov (cherry picked from commit 7e35f06ea908e47f87b723b5e951ffc55463eb8b) ----------------------------------------------------------------------- Summary of changes: crypto/des/spr.h | 327 +++++++++++++++++++++++++----------------------------- 1 file changed, 151 insertions(+), 176 deletions(-) diff --git a/crypto/des/spr.h b/crypto/des/spr.h index 4d94639..e85d310 100644 --- a/crypto/des/spr.h +++ b/crypto/des/spr.h @@ -58,180 +58,155 @@ OPENSSL_GLOBAL const DES_LONG DES_SPtrans[8][64] = { { -/* nibble 0 */ - 0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L, - 0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L, - 0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L, - 0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L, - 0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L, - 0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L, - 0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L, - 0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L, - 0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L, - 0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L, - 0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L, - 0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L, - 0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L, - 0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L, - 0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L, - 0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L, - }, { -/* nibble 1 */ - 0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L, - 0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L, - 0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L, - 0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L, - 0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L, - 0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L, - 0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L, - 0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L, - 0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L, - 0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L, - 0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L, - 0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L, - 0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L, - 0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L, - 0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L, - 0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L, - }, { -/* nibble 2 */ - 0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L, - 0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L, - 0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L, - 0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L, - 0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L, - 0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L, - 0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L, - 0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L, - 0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L, - 0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L, - 0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L, - 0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L, - 0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L, - 0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L, - 0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L, - 0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L, - }, { -/* nibble 3 */ - 0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L, - 0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L, - 0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L, - 0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L, - 0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L, - 0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L, - 0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L, - 0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L, - 0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L, - 0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L, - 0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L, - 0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L, - 0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L, - 0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L, - 0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L, - 0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L, - }, { -/* nibble 4 */ - 0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L, - 0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L, - 0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L, - 0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L, - 0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L, - 0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L, - 0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L, - 0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L, - 0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L, - 0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L, - 0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L, - 0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L, - 0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L, - 0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L, - 0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L, - 0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L, - }, { -/* nibble 5 */ - 0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L, - 0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L, - 0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L, - 0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L, - 0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L, - 0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L, - 0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L, - 0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L, - 0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L, - 0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L, - 0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L, - 0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L, - 0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L, - 0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L, - 0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L, - 0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L, - }, { -/* nibble 6 */ - 0x00004000L, 0x00000200L, 0x01000200L, - 0x01000004L, - 0x01004204L, 0x00004004L, 0x00004200L, - 0x00000000L, - 0x01000000L, 0x01000204L, 0x00000204L, - 0x01004000L, - 0x00000004L, 0x01004200L, 0x01004000L, - 0x00000204L, - 0x01000204L, 0x00004000L, 0x00004004L, - 0x01004204L, - 0x00000000L, 0x01000200L, 0x01000004L, - 0x00004200L, - 0x01004004L, 0x00004204L, 0x01004200L, - 0x00000004L, - 0x00004204L, 0x01004004L, 0x00000200L, - 0x01000000L, - 0x00004204L, 0x01004000L, 0x01004004L, - 0x00000204L, - 0x00004000L, 0x00000200L, 0x01000000L, - 0x01004004L, - 0x01000204L, 0x00004204L, 0x00004200L, - 0x00000000L, - 0x00000200L, 0x01000004L, 0x00000004L, - 0x01000200L, - 0x00000000L, 0x01000204L, 0x01000200L, - 0x00004200L, - 0x00000204L, 0x00004000L, 0x01004204L, - 0x01000000L, - 0x01004200L, 0x00000004L, 0x00004004L, - 0x01004204L, - 0x01000004L, 0x01004200L, 0x01004000L, - 0x00004004L, - }, { -/* nibble 7 */ - 0x20800080L, 0x20820000L, 0x00020080L, - 0x00000000L, - 0x20020000L, 0x00800080L, 0x20800000L, - 0x20820080L, - 0x00000080L, 0x20000000L, 0x00820000L, - 0x00020080L, - 0x00820080L, 0x20020080L, 0x20000080L, - 0x20800000L, - 0x00020000L, 0x00820080L, 0x00800080L, - 0x20020000L, - 0x20820080L, 0x20000080L, 0x00000000L, - 0x00820000L, - 0x20000000L, 0x00800000L, 0x20020080L, - 0x20800080L, - 0x00800000L, 0x00020000L, 0x20820000L, - 0x00000080L, - 0x00800000L, 0x00020000L, 0x20000080L, - 0x20820080L, - 0x00020080L, 0x20000000L, 0x00000000L, - 0x00820000L, - 0x20800080L, 0x20020080L, 0x20020000L, - 0x00800080L, - 0x20820000L, 0x00000080L, 0x00800080L, - 0x20020000L, - 0x20820080L, 0x00800000L, 0x20800000L, - 0x20000080L, - 0x00820000L, 0x00020080L, 0x20020080L, - 0x20800000L, - 0x00000080L, 0x20820000L, 0x00820080L, - 0x00000000L, - 0x20000000L, 0x20800080L, 0x00020000L, - 0x00820080L, - } + /* nibble 0 */ + 0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L, + 0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L, + 0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L, + 0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L, + 0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L, + 0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L, + 0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L, + 0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L, + 0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L, + 0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L, + 0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L, + 0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L, + 0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L, + 0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L, + 0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L, + 0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L, + }, + { + /* nibble 1 */ + 0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L, + 0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L, + 0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L, + 0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L, + 0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L, + 0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L, + 0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L, + 0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L, + 0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L, + 0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L, + 0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L, + 0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L, + 0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L, + 0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L, + 0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L, + 0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L, + }, + { + /* nibble 2 */ + 0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L, + 0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L, + 0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L, + 0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L, + 0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L, + 0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L, + 0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L, + 0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L, + 0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L, + 0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L, + 0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L, + 0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L, + 0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L, + 0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L, + 0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L, + 0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L, + }, + { + /* nibble 3 */ + 0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L, + 0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L, + 0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L, + 0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L, + 0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L, + 0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L, + 0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L, + 0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L, + 0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L, + 0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L, + 0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L, + 0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L, + 0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L, + 0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L, + 0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L, + 0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L, + }, + { + /* nibble 4 */ + 0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L, + 0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L, + 0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L, + 0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L, + 0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L, + 0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L, + 0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L, + 0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L, + 0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L, + 0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L, + 0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L, + 0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L, + 0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L, + 0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L, + 0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L, + 0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L, + }, + { + /* nibble 5 */ + 0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L, + 0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L, + 0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L, + 0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L, + 0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L, + 0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L, + 0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L, + 0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L, + 0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L, + 0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L, + 0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L, + 0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L, + 0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L, + 0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L, + 0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L, + 0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L, + }, + { + /* nibble 6 */ + 0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L, + 0x01004204L, 0x00004004L, 0x00004200L, 0x00000000L, + 0x01000000L, 0x01000204L, 0x00000204L, 0x01004000L, + 0x00000004L, 0x01004200L, 0x01004000L, 0x00000204L, + 0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L, + 0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L, + 0x01004004L, 0x00004204L, 0x01004200L, 0x00000004L, + 0x00004204L, 0x01004004L, 0x00000200L, 0x01000000L, + 0x00004204L, 0x01004000L, 0x01004004L, 0x00000204L, + 0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L, + 0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L, + 0x00000200L, 0x01000004L, 0x00000004L, 0x01000200L, + 0x00000000L, 0x01000204L, 0x01000200L, 0x00004200L, + 0x00000204L, 0x00004000L, 0x01004204L, 0x01000000L, + 0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L, + 0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L, + }, + { + /* nibble 7 */ + 0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L, + 0x20020000L, 0x00800080L, 0x20800000L, 0x20820080L, + 0x00000080L, 0x20000000L, 0x00820000L, 0x00020080L, + 0x00820080L, 0x20020080L, 0x20000080L, 0x20800000L, + 0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L, + 0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L, + 0x20000000L, 0x00800000L, 0x20020080L, 0x20800080L, + 0x00800000L, 0x00020000L, 0x20820000L, 0x00000080L, + 0x00800000L, 0x00020000L, 0x20000080L, 0x20820080L, + 0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L, + 0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L, + 0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L, + 0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L, + 0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L, + 0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L, + 0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L, + } }; From rsalz at openssl.org Thu Feb 5 14:46:00 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 5 Feb 2015 15:46:00 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <20150205144601.03A491E035F@butler.localdomain> The branch OpenSSL_1_0_1-stable has been updated via 468e04bf1f0ff149e47b17c1de72c1d644e4bbd2 (commit) from ac7d33deec9a61ff4bdf3b6c89725b588a8917e7 (commit) - Log ----------------------------------------------------------------- commit 468e04bf1f0ff149e47b17c1de72c1d644e4bbd2 Author: Rich Salz Date: Thu Feb 5 09:44:30 2015 -0500 Fixed bad formatting in crypto/des/spr.h Reviewed-by: Andy Polyakov (cherry picked from commit 7e35f06ea908e47f87b723b5e951ffc55463eb8b) ----------------------------------------------------------------------- Summary of changes: crypto/des/spr.h | 327 +++++++++++++++++++++++++----------------------------- 1 file changed, 151 insertions(+), 176 deletions(-) diff --git a/crypto/des/spr.h b/crypto/des/spr.h index 4d94639..e85d310 100644 --- a/crypto/des/spr.h +++ b/crypto/des/spr.h @@ -58,180 +58,155 @@ OPENSSL_GLOBAL const DES_LONG DES_SPtrans[8][64] = { { -/* nibble 0 */ - 0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L, - 0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L, - 0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L, - 0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L, - 0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L, - 0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L, - 0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L, - 0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L, - 0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L, - 0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L, - 0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L, - 0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L, - 0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L, - 0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L, - 0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L, - 0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L, - }, { -/* nibble 1 */ - 0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L, - 0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L, - 0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L, - 0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L, - 0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L, - 0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L, - 0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L, - 0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L, - 0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L, - 0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L, - 0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L, - 0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L, - 0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L, - 0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L, - 0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L, - 0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L, - }, { -/* nibble 2 */ - 0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L, - 0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L, - 0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L, - 0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L, - 0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L, - 0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L, - 0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L, - 0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L, - 0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L, - 0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L, - 0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L, - 0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L, - 0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L, - 0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L, - 0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L, - 0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L, - }, { -/* nibble 3 */ - 0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L, - 0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L, - 0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L, - 0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L, - 0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L, - 0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L, - 0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L, - 0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L, - 0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L, - 0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L, - 0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L, - 0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L, - 0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L, - 0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L, - 0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L, - 0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L, - }, { -/* nibble 4 */ - 0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L, - 0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L, - 0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L, - 0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L, - 0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L, - 0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L, - 0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L, - 0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L, - 0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L, - 0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L, - 0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L, - 0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L, - 0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L, - 0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L, - 0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L, - 0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L, - }, { -/* nibble 5 */ - 0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L, - 0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L, - 0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L, - 0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L, - 0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L, - 0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L, - 0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L, - 0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L, - 0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L, - 0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L, - 0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L, - 0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L, - 0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L, - 0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L, - 0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L, - 0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L, - }, { -/* nibble 6 */ - 0x00004000L, 0x00000200L, 0x01000200L, - 0x01000004L, - 0x01004204L, 0x00004004L, 0x00004200L, - 0x00000000L, - 0x01000000L, 0x01000204L, 0x00000204L, - 0x01004000L, - 0x00000004L, 0x01004200L, 0x01004000L, - 0x00000204L, - 0x01000204L, 0x00004000L, 0x00004004L, - 0x01004204L, - 0x00000000L, 0x01000200L, 0x01000004L, - 0x00004200L, - 0x01004004L, 0x00004204L, 0x01004200L, - 0x00000004L, - 0x00004204L, 0x01004004L, 0x00000200L, - 0x01000000L, - 0x00004204L, 0x01004000L, 0x01004004L, - 0x00000204L, - 0x00004000L, 0x00000200L, 0x01000000L, - 0x01004004L, - 0x01000204L, 0x00004204L, 0x00004200L, - 0x00000000L, - 0x00000200L, 0x01000004L, 0x00000004L, - 0x01000200L, - 0x00000000L, 0x01000204L, 0x01000200L, - 0x00004200L, - 0x00000204L, 0x00004000L, 0x01004204L, - 0x01000000L, - 0x01004200L, 0x00000004L, 0x00004004L, - 0x01004204L, - 0x01000004L, 0x01004200L, 0x01004000L, - 0x00004004L, - }, { -/* nibble 7 */ - 0x20800080L, 0x20820000L, 0x00020080L, - 0x00000000L, - 0x20020000L, 0x00800080L, 0x20800000L, - 0x20820080L, - 0x00000080L, 0x20000000L, 0x00820000L, - 0x00020080L, - 0x00820080L, 0x20020080L, 0x20000080L, - 0x20800000L, - 0x00020000L, 0x00820080L, 0x00800080L, - 0x20020000L, - 0x20820080L, 0x20000080L, 0x00000000L, - 0x00820000L, - 0x20000000L, 0x00800000L, 0x20020080L, - 0x20800080L, - 0x00800000L, 0x00020000L, 0x20820000L, - 0x00000080L, - 0x00800000L, 0x00020000L, 0x20000080L, - 0x20820080L, - 0x00020080L, 0x20000000L, 0x00000000L, - 0x00820000L, - 0x20800080L, 0x20020080L, 0x20020000L, - 0x00800080L, - 0x20820000L, 0x00000080L, 0x00800080L, - 0x20020000L, - 0x20820080L, 0x00800000L, 0x20800000L, - 0x20000080L, - 0x00820000L, 0x00020080L, 0x20020080L, - 0x20800000L, - 0x00000080L, 0x20820000L, 0x00820080L, - 0x00000000L, - 0x20000000L, 0x20800080L, 0x00020000L, - 0x00820080L, - } + /* nibble 0 */ + 0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L, + 0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L, + 0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L, + 0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L, + 0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L, + 0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L, + 0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L, + 0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L, + 0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L, + 0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L, + 0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L, + 0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L, + 0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L, + 0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L, + 0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L, + 0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L, + }, + { + /* nibble 1 */ + 0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L, + 0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L, + 0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L, + 0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L, + 0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L, + 0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L, + 0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L, + 0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L, + 0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L, + 0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L, + 0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L, + 0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L, + 0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L, + 0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L, + 0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L, + 0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L, + }, + { + /* nibble 2 */ + 0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L, + 0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L, + 0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L, + 0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L, + 0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L, + 0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L, + 0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L, + 0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L, + 0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L, + 0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L, + 0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L, + 0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L, + 0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L, + 0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L, + 0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L, + 0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L, + }, + { + /* nibble 3 */ + 0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L, + 0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L, + 0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L, + 0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L, + 0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L, + 0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L, + 0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L, + 0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L, + 0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L, + 0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L, + 0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L, + 0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L, + 0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L, + 0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L, + 0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L, + 0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L, + }, + { + /* nibble 4 */ + 0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L, + 0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L, + 0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L, + 0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L, + 0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L, + 0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L, + 0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L, + 0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L, + 0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L, + 0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L, + 0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L, + 0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L, + 0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L, + 0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L, + 0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L, + 0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L, + }, + { + /* nibble 5 */ + 0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L, + 0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L, + 0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L, + 0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L, + 0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L, + 0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L, + 0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L, + 0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L, + 0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L, + 0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L, + 0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L, + 0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L, + 0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L, + 0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L, + 0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L, + 0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L, + }, + { + /* nibble 6 */ + 0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L, + 0x01004204L, 0x00004004L, 0x00004200L, 0x00000000L, + 0x01000000L, 0x01000204L, 0x00000204L, 0x01004000L, + 0x00000004L, 0x01004200L, 0x01004000L, 0x00000204L, + 0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L, + 0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L, + 0x01004004L, 0x00004204L, 0x01004200L, 0x00000004L, + 0x00004204L, 0x01004004L, 0x00000200L, 0x01000000L, + 0x00004204L, 0x01004000L, 0x01004004L, 0x00000204L, + 0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L, + 0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L, + 0x00000200L, 0x01000004L, 0x00000004L, 0x01000200L, + 0x00000000L, 0x01000204L, 0x01000200L, 0x00004200L, + 0x00000204L, 0x00004000L, 0x01004204L, 0x01000000L, + 0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L, + 0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L, + }, + { + /* nibble 7 */ + 0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L, + 0x20020000L, 0x00800080L, 0x20800000L, 0x20820080L, + 0x00000080L, 0x20000000L, 0x00820000L, 0x00020080L, + 0x00820080L, 0x20020080L, 0x20000080L, 0x20800000L, + 0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L, + 0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L, + 0x20000000L, 0x00800000L, 0x20020080L, 0x20800080L, + 0x00800000L, 0x00020000L, 0x20820000L, 0x00000080L, + 0x00800000L, 0x00020000L, 0x20000080L, 0x20820080L, + 0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L, + 0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L, + 0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L, + 0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L, + 0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L, + 0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L, + 0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L, + } }; From rsalz at openssl.org Thu Feb 5 14:46:18 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 5 Feb 2015 15:46:18 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <20150205144618.BF2FF1E035F@butler.localdomain> The branch OpenSSL_1_0_0-stable has been updated via 189de5450626a1d71c77c046b5fd719cceef7759 (commit) from beac071b13b56e05873f7b08bff9cb4706de3d98 (commit) - Log ----------------------------------------------------------------- commit 189de5450626a1d71c77c046b5fd719cceef7759 Author: Rich Salz Date: Thu Feb 5 09:44:30 2015 -0500 Fixed bad formatting in crypto/des/spr.h Reviewed-by: Andy Polyakov (cherry picked from commit 7e35f06ea908e47f87b723b5e951ffc55463eb8b) ----------------------------------------------------------------------- Summary of changes: crypto/des/spr.h | 327 +++++++++++++++++++++++++----------------------------- 1 file changed, 151 insertions(+), 176 deletions(-) diff --git a/crypto/des/spr.h b/crypto/des/spr.h index 4d94639..e85d310 100644 --- a/crypto/des/spr.h +++ b/crypto/des/spr.h @@ -58,180 +58,155 @@ OPENSSL_GLOBAL const DES_LONG DES_SPtrans[8][64] = { { -/* nibble 0 */ - 0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L, - 0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L, - 0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L, - 0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L, - 0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L, - 0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L, - 0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L, - 0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L, - 0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L, - 0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L, - 0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L, - 0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L, - 0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L, - 0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L, - 0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L, - 0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L, - }, { -/* nibble 1 */ - 0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L, - 0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L, - 0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L, - 0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L, - 0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L, - 0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L, - 0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L, - 0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L, - 0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L, - 0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L, - 0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L, - 0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L, - 0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L, - 0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L, - 0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L, - 0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L, - }, { -/* nibble 2 */ - 0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L, - 0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L, - 0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L, - 0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L, - 0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L, - 0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L, - 0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L, - 0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L, - 0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L, - 0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L, - 0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L, - 0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L, - 0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L, - 0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L, - 0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L, - 0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L, - }, { -/* nibble 3 */ - 0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L, - 0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L, - 0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L, - 0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L, - 0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L, - 0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L, - 0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L, - 0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L, - 0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L, - 0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L, - 0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L, - 0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L, - 0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L, - 0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L, - 0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L, - 0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L, - }, { -/* nibble 4 */ - 0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L, - 0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L, - 0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L, - 0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L, - 0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L, - 0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L, - 0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L, - 0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L, - 0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L, - 0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L, - 0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L, - 0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L, - 0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L, - 0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L, - 0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L, - 0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L, - }, { -/* nibble 5 */ - 0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L, - 0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L, - 0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L, - 0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L, - 0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L, - 0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L, - 0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L, - 0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L, - 0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L, - 0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L, - 0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L, - 0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L, - 0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L, - 0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L, - 0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L, - 0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L, - }, { -/* nibble 6 */ - 0x00004000L, 0x00000200L, 0x01000200L, - 0x01000004L, - 0x01004204L, 0x00004004L, 0x00004200L, - 0x00000000L, - 0x01000000L, 0x01000204L, 0x00000204L, - 0x01004000L, - 0x00000004L, 0x01004200L, 0x01004000L, - 0x00000204L, - 0x01000204L, 0x00004000L, 0x00004004L, - 0x01004204L, - 0x00000000L, 0x01000200L, 0x01000004L, - 0x00004200L, - 0x01004004L, 0x00004204L, 0x01004200L, - 0x00000004L, - 0x00004204L, 0x01004004L, 0x00000200L, - 0x01000000L, - 0x00004204L, 0x01004000L, 0x01004004L, - 0x00000204L, - 0x00004000L, 0x00000200L, 0x01000000L, - 0x01004004L, - 0x01000204L, 0x00004204L, 0x00004200L, - 0x00000000L, - 0x00000200L, 0x01000004L, 0x00000004L, - 0x01000200L, - 0x00000000L, 0x01000204L, 0x01000200L, - 0x00004200L, - 0x00000204L, 0x00004000L, 0x01004204L, - 0x01000000L, - 0x01004200L, 0x00000004L, 0x00004004L, - 0x01004204L, - 0x01000004L, 0x01004200L, 0x01004000L, - 0x00004004L, - }, { -/* nibble 7 */ - 0x20800080L, 0x20820000L, 0x00020080L, - 0x00000000L, - 0x20020000L, 0x00800080L, 0x20800000L, - 0x20820080L, - 0x00000080L, 0x20000000L, 0x00820000L, - 0x00020080L, - 0x00820080L, 0x20020080L, 0x20000080L, - 0x20800000L, - 0x00020000L, 0x00820080L, 0x00800080L, - 0x20020000L, - 0x20820080L, 0x20000080L, 0x00000000L, - 0x00820000L, - 0x20000000L, 0x00800000L, 0x20020080L, - 0x20800080L, - 0x00800000L, 0x00020000L, 0x20820000L, - 0x00000080L, - 0x00800000L, 0x00020000L, 0x20000080L, - 0x20820080L, - 0x00020080L, 0x20000000L, 0x00000000L, - 0x00820000L, - 0x20800080L, 0x20020080L, 0x20020000L, - 0x00800080L, - 0x20820000L, 0x00000080L, 0x00800080L, - 0x20020000L, - 0x20820080L, 0x00800000L, 0x20800000L, - 0x20000080L, - 0x00820000L, 0x00020080L, 0x20020080L, - 0x20800000L, - 0x00000080L, 0x20820000L, 0x00820080L, - 0x00000000L, - 0x20000000L, 0x20800080L, 0x00020000L, - 0x00820080L, - } + /* nibble 0 */ + 0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L, + 0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L, + 0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L, + 0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L, + 0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L, + 0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L, + 0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L, + 0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L, + 0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L, + 0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L, + 0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L, + 0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L, + 0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L, + 0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L, + 0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L, + 0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L, + }, + { + /* nibble 1 */ + 0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L, + 0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L, + 0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L, + 0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L, + 0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L, + 0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L, + 0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L, + 0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L, + 0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L, + 0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L, + 0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L, + 0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L, + 0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L, + 0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L, + 0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L, + 0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L, + }, + { + /* nibble 2 */ + 0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L, + 0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L, + 0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L, + 0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L, + 0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L, + 0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L, + 0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L, + 0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L, + 0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L, + 0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L, + 0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L, + 0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L, + 0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L, + 0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L, + 0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L, + 0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L, + }, + { + /* nibble 3 */ + 0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L, + 0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L, + 0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L, + 0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L, + 0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L, + 0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L, + 0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L, + 0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L, + 0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L, + 0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L, + 0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L, + 0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L, + 0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L, + 0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L, + 0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L, + 0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L, + }, + { + /* nibble 4 */ + 0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L, + 0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L, + 0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L, + 0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L, + 0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L, + 0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L, + 0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L, + 0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L, + 0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L, + 0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L, + 0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L, + 0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L, + 0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L, + 0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L, + 0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L, + 0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L, + }, + { + /* nibble 5 */ + 0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L, + 0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L, + 0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L, + 0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L, + 0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L, + 0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L, + 0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L, + 0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L, + 0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L, + 0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L, + 0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L, + 0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L, + 0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L, + 0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L, + 0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L, + 0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L, + }, + { + /* nibble 6 */ + 0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L, + 0x01004204L, 0x00004004L, 0x00004200L, 0x00000000L, + 0x01000000L, 0x01000204L, 0x00000204L, 0x01004000L, + 0x00000004L, 0x01004200L, 0x01004000L, 0x00000204L, + 0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L, + 0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L, + 0x01004004L, 0x00004204L, 0x01004200L, 0x00000004L, + 0x00004204L, 0x01004004L, 0x00000200L, 0x01000000L, + 0x00004204L, 0x01004000L, 0x01004004L, 0x00000204L, + 0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L, + 0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L, + 0x00000200L, 0x01000004L, 0x00000004L, 0x01000200L, + 0x00000000L, 0x01000204L, 0x01000200L, 0x00004200L, + 0x00000204L, 0x00004000L, 0x01004204L, 0x01000000L, + 0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L, + 0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L, + }, + { + /* nibble 7 */ + 0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L, + 0x20020000L, 0x00800080L, 0x20800000L, 0x20820080L, + 0x00000080L, 0x20000000L, 0x00820000L, 0x00020080L, + 0x00820080L, 0x20020080L, 0x20000080L, 0x20800000L, + 0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L, + 0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L, + 0x20000000L, 0x00800000L, 0x20020080L, 0x20800080L, + 0x00800000L, 0x00020000L, 0x20820000L, 0x00000080L, + 0x00800000L, 0x00020000L, 0x20000080L, 0x20820080L, + 0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L, + 0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L, + 0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L, + 0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L, + 0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L, + 0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L, + 0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L, + } }; From rsalz at openssl.org Thu Feb 5 14:46:34 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 5 Feb 2015 15:46:34 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <20150205144634.93F9C1E035F@butler.localdomain> The branch OpenSSL_0_9_8-stable has been updated via 49fa6b6c2d4682e45e847f5e539bfde3966e40a3 (commit) from d64a227f1f433cd754baee4065127d28723237ff (commit) - Log ----------------------------------------------------------------- commit 49fa6b6c2d4682e45e847f5e539bfde3966e40a3 Author: Rich Salz Date: Thu Feb 5 09:44:30 2015 -0500 Fixed bad formatting in crypto/des/spr.h Reviewed-by: Andy Polyakov (cherry picked from commit 7e35f06ea908e47f87b723b5e951ffc55463eb8b) ----------------------------------------------------------------------- Summary of changes: crypto/des/spr.h | 327 +++++++++++++++++++++++++----------------------------- 1 file changed, 151 insertions(+), 176 deletions(-) diff --git a/crypto/des/spr.h b/crypto/des/spr.h index 4d94639..e85d310 100644 --- a/crypto/des/spr.h +++ b/crypto/des/spr.h @@ -58,180 +58,155 @@ OPENSSL_GLOBAL const DES_LONG DES_SPtrans[8][64] = { { -/* nibble 0 */ - 0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L, - 0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L, - 0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L, - 0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L, - 0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L, - 0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L, - 0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L, - 0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L, - 0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L, - 0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L, - 0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L, - 0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L, - 0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L, - 0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L, - 0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L, - 0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L, - }, { -/* nibble 1 */ - 0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L, - 0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L, - 0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L, - 0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L, - 0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L, - 0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L, - 0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L, - 0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L, - 0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L, - 0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L, - 0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L, - 0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L, - 0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L, - 0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L, - 0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L, - 0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L, - }, { -/* nibble 2 */ - 0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L, - 0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L, - 0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L, - 0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L, - 0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L, - 0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L, - 0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L, - 0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L, - 0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L, - 0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L, - 0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L, - 0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L, - 0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L, - 0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L, - 0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L, - 0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L, - }, { -/* nibble 3 */ - 0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L, - 0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L, - 0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L, - 0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L, - 0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L, - 0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L, - 0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L, - 0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L, - 0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L, - 0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L, - 0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L, - 0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L, - 0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L, - 0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L, - 0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L, - 0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L, - }, { -/* nibble 4 */ - 0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L, - 0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L, - 0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L, - 0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L, - 0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L, - 0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L, - 0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L, - 0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L, - 0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L, - 0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L, - 0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L, - 0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L, - 0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L, - 0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L, - 0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L, - 0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L, - }, { -/* nibble 5 */ - 0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L, - 0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L, - 0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L, - 0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L, - 0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L, - 0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L, - 0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L, - 0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L, - 0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L, - 0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L, - 0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L, - 0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L, - 0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L, - 0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L, - 0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L, - 0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L, - }, { -/* nibble 6 */ - 0x00004000L, 0x00000200L, 0x01000200L, - 0x01000004L, - 0x01004204L, 0x00004004L, 0x00004200L, - 0x00000000L, - 0x01000000L, 0x01000204L, 0x00000204L, - 0x01004000L, - 0x00000004L, 0x01004200L, 0x01004000L, - 0x00000204L, - 0x01000204L, 0x00004000L, 0x00004004L, - 0x01004204L, - 0x00000000L, 0x01000200L, 0x01000004L, - 0x00004200L, - 0x01004004L, 0x00004204L, 0x01004200L, - 0x00000004L, - 0x00004204L, 0x01004004L, 0x00000200L, - 0x01000000L, - 0x00004204L, 0x01004000L, 0x01004004L, - 0x00000204L, - 0x00004000L, 0x00000200L, 0x01000000L, - 0x01004004L, - 0x01000204L, 0x00004204L, 0x00004200L, - 0x00000000L, - 0x00000200L, 0x01000004L, 0x00000004L, - 0x01000200L, - 0x00000000L, 0x01000204L, 0x01000200L, - 0x00004200L, - 0x00000204L, 0x00004000L, 0x01004204L, - 0x01000000L, - 0x01004200L, 0x00000004L, 0x00004004L, - 0x01004204L, - 0x01000004L, 0x01004200L, 0x01004000L, - 0x00004004L, - }, { -/* nibble 7 */ - 0x20800080L, 0x20820000L, 0x00020080L, - 0x00000000L, - 0x20020000L, 0x00800080L, 0x20800000L, - 0x20820080L, - 0x00000080L, 0x20000000L, 0x00820000L, - 0x00020080L, - 0x00820080L, 0x20020080L, 0x20000080L, - 0x20800000L, - 0x00020000L, 0x00820080L, 0x00800080L, - 0x20020000L, - 0x20820080L, 0x20000080L, 0x00000000L, - 0x00820000L, - 0x20000000L, 0x00800000L, 0x20020080L, - 0x20800080L, - 0x00800000L, 0x00020000L, 0x20820000L, - 0x00000080L, - 0x00800000L, 0x00020000L, 0x20000080L, - 0x20820080L, - 0x00020080L, 0x20000000L, 0x00000000L, - 0x00820000L, - 0x20800080L, 0x20020080L, 0x20020000L, - 0x00800080L, - 0x20820000L, 0x00000080L, 0x00800080L, - 0x20020000L, - 0x20820080L, 0x00800000L, 0x20800000L, - 0x20000080L, - 0x00820000L, 0x00020080L, 0x20020080L, - 0x20800000L, - 0x00000080L, 0x20820000L, 0x00820080L, - 0x00000000L, - 0x20000000L, 0x20800080L, 0x00020000L, - 0x00820080L, - } + /* nibble 0 */ + 0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L, + 0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L, + 0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L, + 0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L, + 0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L, + 0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L, + 0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L, + 0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L, + 0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L, + 0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L, + 0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L, + 0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L, + 0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L, + 0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L, + 0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L, + 0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L, + }, + { + /* nibble 1 */ + 0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L, + 0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L, + 0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L, + 0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L, + 0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L, + 0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L, + 0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L, + 0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L, + 0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L, + 0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L, + 0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L, + 0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L, + 0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L, + 0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L, + 0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L, + 0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L, + }, + { + /* nibble 2 */ + 0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L, + 0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L, + 0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L, + 0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L, + 0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L, + 0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L, + 0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L, + 0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L, + 0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L, + 0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L, + 0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L, + 0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L, + 0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L, + 0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L, + 0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L, + 0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L, + }, + { + /* nibble 3 */ + 0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L, + 0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L, + 0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L, + 0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L, + 0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L, + 0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L, + 0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L, + 0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L, + 0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L, + 0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L, + 0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L, + 0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L, + 0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L, + 0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L, + 0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L, + 0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L, + }, + { + /* nibble 4 */ + 0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L, + 0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L, + 0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L, + 0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L, + 0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L, + 0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L, + 0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L, + 0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L, + 0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L, + 0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L, + 0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L, + 0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L, + 0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L, + 0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L, + 0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L, + 0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L, + }, + { + /* nibble 5 */ + 0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L, + 0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L, + 0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L, + 0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L, + 0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L, + 0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L, + 0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L, + 0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L, + 0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L, + 0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L, + 0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L, + 0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L, + 0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L, + 0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L, + 0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L, + 0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L, + }, + { + /* nibble 6 */ + 0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L, + 0x01004204L, 0x00004004L, 0x00004200L, 0x00000000L, + 0x01000000L, 0x01000204L, 0x00000204L, 0x01004000L, + 0x00000004L, 0x01004200L, 0x01004000L, 0x00000204L, + 0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L, + 0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L, + 0x01004004L, 0x00004204L, 0x01004200L, 0x00000004L, + 0x00004204L, 0x01004004L, 0x00000200L, 0x01000000L, + 0x00004204L, 0x01004000L, 0x01004004L, 0x00000204L, + 0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L, + 0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L, + 0x00000200L, 0x01000004L, 0x00000004L, 0x01000200L, + 0x00000000L, 0x01000204L, 0x01000200L, 0x00004200L, + 0x00000204L, 0x00004000L, 0x01004204L, 0x01000000L, + 0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L, + 0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L, + }, + { + /* nibble 7 */ + 0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L, + 0x20020000L, 0x00800080L, 0x20800000L, 0x20820080L, + 0x00000080L, 0x20000000L, 0x00820000L, 0x00020080L, + 0x00820080L, 0x20020080L, 0x20000080L, 0x20800000L, + 0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L, + 0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L, + 0x20000000L, 0x00800000L, 0x20020080L, 0x20800080L, + 0x00800000L, 0x00020000L, 0x20820000L, 0x00000080L, + 0x00800000L, 0x00020000L, 0x20000080L, 0x20820080L, + 0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L, + 0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L, + 0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L, + 0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L, + 0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L, + 0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L, + 0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L, + } }; From rsalz at openssl.org Thu Feb 5 16:47:37 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 5 Feb 2015 17:47:37 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150205164739.2D7B51E035F@butler.localdomain> The branch master has been updated via 8dd94afb18b27edd987b471914a616f9800a5e58 (commit) from 7e35f06ea908e47f87b723b5e951ffc55463eb8b (commit) - Log ----------------------------------------------------------------- commit 8dd94afb18b27edd987b471914a616f9800a5e58 Author: Rich Salz Date: Thu Feb 5 11:47:02 2015 -0500 Live code cleanup; #if 1 removal A few minor cleanups to remove pre-processor "#if 1" stuff. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: ssl/s3_lib.c | 4 ---- ssl/s3_pkt.c | 4 ---- ssl/ssl_cert.c | 4 ---- ssl/ssl_lib.c | 2 -- 4 files changed, 14 deletions(-) diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 7a07a24..320d4a5 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -4518,9 +4518,7 @@ int ssl3_shutdown(SSL *s) if (!(s->shutdown & SSL_SENT_SHUTDOWN)) { s->shutdown |= SSL_SENT_SHUTDOWN; -#if 1 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY); -#endif /* * our shutdown alert has been sent now, and if it still needs to be * written, s->s3->alert_dispatch will be true @@ -4529,7 +4527,6 @@ int ssl3_shutdown(SSL *s) return (-1); /* return WANT_WRITE */ } else if (s->s3->alert_dispatch) { /* resend it if not sent */ -#if 1 ret = s->method->ssl_dispatch_alert(s); if (ret == -1) { /* @@ -4539,7 +4536,6 @@ int ssl3_shutdown(SSL *s) */ return (ret); } -#endif } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { /* * If we are waiting for a close from our peer, we are closed diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index a8fd16c..5b8fe5c 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -906,11 +906,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, if ((sess == NULL) || (s->enc_write_ctx == NULL) || (EVP_MD_CTX_md(s->write_hash) == NULL)) { -#if 1 clear = s->enc_write_ctx ? 0 : 1; /* must be AEAD cipher */ -#else - clear = 1; -#endif mac_size = 0; } else { mac_size = EVP_MD_CTX_size(s->write_hash); diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 1178d43..d81e06b 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -739,11 +739,7 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback); if (s->ctx->app_verify_callback != NULL) -#if 1 /* new with OpenSSL 0.9.7 */ i = s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg); -#else - i = s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */ -#endif else { i = X509_verify_cert(&ctx); # if 0 diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index bcb6be1..4289fb9 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -245,7 +245,6 @@ int SSL_clear(SSL *s) s->first_packet = 0; -#if 1 /* * Check to see if we were changed into a different method, if so, revert * back if we are not doing session-id reuse. @@ -257,7 +256,6 @@ int SSL_clear(SSL *s) if (!s->method->ssl_new(s)) return (0); } else -#endif s->method->ssl_clear(s); return (1); } From rsalz at openssl.org Thu Feb 5 20:08:15 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 5 Feb 2015 21:08:15 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150205200815.DF58D1E035F@butler.localdomain> The branch master has been updated via fe6d2a339b1ef3650de1b12e26189e532cb7d8bc (commit) from 8dd94afb18b27edd987b471914a616f9800a5e58 (commit) - Log ----------------------------------------------------------------- commit fe6d2a339b1ef3650de1b12e26189e532cb7d8bc Author: Rich Salz Date: Thu Feb 5 15:07:40 2015 -0500 Use memset in bn_mont Use memset() not inline code. Compilers are smarter now. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_mont.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index 175145e..45deed7 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -196,12 +196,7 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) rp = r->d; /* clear the top words of T */ -# if 1 - for (i = r->top; i < max; i++) /* memset? XXX */ - rp[i] = 0; -# else memset(&(rp[r->top]), 0, (max - r->top) * sizeof(BN_ULONG)); -# endif r->top = max; n0 = mont->n0[0]; From matt at openssl.org Fri Feb 6 10:17:49 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 6 Feb 2015 11:17:49 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <20150206101749.7CAA11E035F@butler.localdomain> The branch OpenSSL_0_9_8-stable has been updated via d7efe7ea18ffec1bcf0d93f563c175ea5094b654 (commit) from 49fa6b6c2d4682e45e847f5e539bfde3966e40a3 (commit) - Log ----------------------------------------------------------------- commit d7efe7ea18ffec1bcf0d93f563c175ea5094b654 Author: Matt Caswell Date: Thu Feb 5 10:19:55 2015 +0000 Fix error handling in ssltest Reviewed-by: Richard Levitte (cherry picked from commit ae632974f905c59176fa5f312826f8f692890b67) ----------------------------------------------------------------------- Summary of changes: ssl/ssltest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 987e3cc..2f5a134 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -1346,7 +1346,7 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) if (!do_client && !do_server) { fprintf(stdout, "ERROR IN STARTUP\n"); ERR_print_errors(bio_err); - break; + goto err; } if (do_client && !(done & C_DONE)) { if (c_write) { From matt at openssl.org Fri Feb 6 10:18:00 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 6 Feb 2015 11:18:00 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <20150206101800.9D6EE1E035F@butler.localdomain> The branch OpenSSL_1_0_0-stable has been updated via e5d2a44fb7f31ed88553e364a421cc89c8629c84 (commit) from 189de5450626a1d71c77c046b5fd719cceef7759 (commit) - Log ----------------------------------------------------------------- commit e5d2a44fb7f31ed88553e364a421cc89c8629c84 Author: Matt Caswell Date: Thu Feb 5 10:19:55 2015 +0000 Fix error handling in ssltest Reviewed-by: Richard Levitte (cherry picked from commit ae632974f905c59176fa5f312826f8f692890b67) ----------------------------------------------------------------------- Summary of changes: ssl/ssltest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/ssltest.c b/ssl/ssltest.c index db11f50..12d68e3 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -1438,7 +1438,7 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) if (!do_client && !do_server) { fprintf(stdout, "ERROR IN STARTUP\n"); ERR_print_errors(bio_err); - break; + goto err; } if (do_client && !(done & C_DONE)) { if (c_write) { From matt at openssl.org Fri Feb 6 10:18:21 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 6 Feb 2015 11:18:21 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <20150206101821.ED6501E035F@butler.localdomain> The branch OpenSSL_1_0_1-stable has been updated via f8e662e71cd18e8b077c5450f955cfc34b178457 (commit) from 468e04bf1f0ff149e47b17c1de72c1d644e4bbd2 (commit) - Log ----------------------------------------------------------------- commit f8e662e71cd18e8b077c5450f955cfc34b178457 Author: Matt Caswell Date: Thu Feb 5 10:19:55 2015 +0000 Fix error handling in ssltest Reviewed-by: Richard Levitte (cherry picked from commit ae632974f905c59176fa5f312826f8f692890b67) ----------------------------------------------------------------------- Summary of changes: ssl/ssltest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 9fa226c..8efbff7 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -1589,7 +1589,7 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) if (!do_client && !do_server) { fprintf(stdout, "ERROR IN STARTUP\n"); ERR_print_errors(bio_err); - break; + goto err; } if (do_client && !(done & C_DONE)) { if (c_write) { From matt at openssl.org Fri Feb 6 10:18:33 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 6 Feb 2015 11:18:33 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150206101833.1DE111E035F@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via 04222b630efc936386ce0afb8a678dcc9f16e276 (commit) from 16064539aded747bf1632d3fa5f35a5c8ee57348 (commit) - Log ----------------------------------------------------------------- commit 04222b630efc936386ce0afb8a678dcc9f16e276 Author: Matt Caswell Date: Thu Feb 5 10:19:55 2015 +0000 Fix error handling in ssltest Reviewed-by: Richard Levitte (cherry picked from commit ae632974f905c59176fa5f312826f8f692890b67) ----------------------------------------------------------------------- Summary of changes: ssl/ssltest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 0113b65..9f5d586 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -2073,7 +2073,7 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) if (!do_client && !do_server) { fprintf(stdout, "ERROR IN STARTUP\n"); ERR_print_errors(bio_err); - break; + goto err; } if (do_client && !(done & C_DONE)) { if (c_write) { From matt at openssl.org Fri Feb 6 10:18:43 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 6 Feb 2015 11:18:43 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150206101843.993331E035F@butler.localdomain> The branch master has been updated via ae632974f905c59176fa5f312826f8f692890b67 (commit) from fe6d2a339b1ef3650de1b12e26189e532cb7d8bc (commit) - Log ----------------------------------------------------------------- commit ae632974f905c59176fa5f312826f8f692890b67 Author: Matt Caswell Date: Thu Feb 5 10:19:55 2015 +0000 Fix error handling in ssltest Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: ssl/ssltest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 3eb13e2..fb51ddd 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -2242,7 +2242,7 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) if (!do_client && !do_server) { fprintf(stdout, "ERROR IN STARTUP\n"); ERR_print_errors(bio_err); - break; + goto err; } if (do_client && !(done & C_DONE)) { if (c_write) { From matt at openssl.org Fri Feb 6 11:38:08 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 6 Feb 2015 12:38:08 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150206113808.EF2091E035F@butler.localdomain> The branch master has been updated via 3c33c6f6b10864355553961e638514a6d1bb00f6 (commit) from ae632974f905c59176fa5f312826f8f692890b67 (commit) - Log ----------------------------------------------------------------- commit 3c33c6f6b10864355553961e638514a6d1bb00f6 Author: Matt Caswell Date: Thu Feb 5 15:57:54 2015 +0000 Remove support for SSL_OP_NETSCAPE_CA_DN_BUG. This is an ancient bug workaround for Netscape clients. The documentation talks about versions 3.x and 4.x beta. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: doc/ssl/SSL_CTX_set_options.pod | 5 ----- ssl/s3_clnt.c | 18 +++--------------- ssl/s3_srvr.c | 18 ++++-------------- ssl/ssl.h | 3 ++- 4 files changed, 9 insertions(+), 35 deletions(-) diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod index 593435c..dc3d4f1 100644 --- a/doc/ssl/SSL_CTX_set_options.pod +++ b/doc/ssl/SSL_CTX_set_options.pod @@ -169,11 +169,6 @@ will send its list of preferences to the client and the client chooses. ... -=item SSL_OP_NETSCAPE_CA_DN_BUG - -If we accept a netscape connection, demand a client cert, have a -non-self-signed CA which does not have its CA in netscape, and the -browser has a cert, it will crash/hang. Works for 3.x and 4.xbeta =item SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 5e2b543..4d7d05b 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -2109,8 +2109,6 @@ int ssl3_get_certificate_request(SSL *s) for (nc = 0; nc < llen;) { n2s(p, l); if ((l + nc + 2) > llen) { - if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) - goto cont; /* netscape bugs */ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_CA_DN_TOO_LONG); goto err; @@ -2119,14 +2117,9 @@ int ssl3_get_certificate_request(SSL *s) q = p; if ((xn = d2i_X509_NAME(NULL, &q, l)) == NULL) { - /* If netscape tolerance is on, ignore errors */ - if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG) - goto cont; - else { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_ASN1_LIB); - goto err; - } + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); + SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_ASN1_LIB); + goto err; } if (q != (p + l)) { @@ -2144,11 +2137,6 @@ int ssl3_get_certificate_request(SSL *s) nc += l + 2; } - if (0) { - cont: - ERR_clear_error(); - } - /* we should setup a certificate to return.... */ s->s3->tmp.cert_req = 1; s->s3->tmp.ctype_num = ctype_num; diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index f31b76a..8819fed 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2056,20 +2056,10 @@ int ssl3_send_certificate_request(SSL *s) goto err; } p = ssl_handshake_start(s) + n; - if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) { - s2n(j, p); - i2d_X509_NAME(name, &p); - n += 2 + j; - nl += 2 + j; - } else { - d = p; - i2d_X509_NAME(name, &p); - j -= 2; - s2n(j, d); - j += 2; - n += j; - nl += j; - } + s2n(j, p); + i2d_X509_NAME(name, &p); + n += 2 + j; + nl += 2 + j; } } /* else no CA names */ diff --git a/ssl/ssl.h b/ssl/ssl.h index a3b8a81..8eed2ca 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -478,7 +478,8 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, # define SSL_OP_PKCS1_CHECK_1 0x0 # define SSL_OP_PKCS1_CHECK_2 0x0 -# define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L +/* Removed as of OpenSSL 1.1.0 */ +# define SSL_OP_NETSCAPE_CA_DN_BUG 0x0 # define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L /* * Make server add server-hello extension from early version of cryptopro From steve at openssl.org Fri Feb 6 13:12:00 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Fri, 6 Feb 2015 14:12:00 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150206131200.EAF6C1E035F@butler.localdomain> The branch master has been updated via a283d2a80adfaa88573bcd9acd3d8d7ab55c1af4 (commit) from 3c33c6f6b10864355553961e638514a6d1bb00f6 (commit) - Log ----------------------------------------------------------------- commit a283d2a80adfaa88573bcd9acd3d8d7ab55c1af4 Author: Dr. Stephen Henson Date: Fri Feb 6 12:16:58 2015 +0000 Remove OPENSSL_NO_HMAC Disabling HMAC doesn't work. If it did it would end up disabling a lot of OpenSSL functionality (it is required for all versions of TLS for example). Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: apps/speed.c | 6 +----- crypto/evp/evp_pbe.c | 5 +---- crypto/evp/p5_crpt2.c | 2 -- crypto/hmac/hmac.h | 4 ---- crypto/hmac/hmactest.c | 8 -------- crypto/pkcs12/p12_mutl.c | 2 -- util/libeay.num | 18 +++++++++--------- util/mk1mf.pl | 1 - util/mkdef.pl | 4 +--- 9 files changed, 12 insertions(+), 38 deletions(-) diff --git a/apps/speed.c b/apps/speed.c index 8dc9de9..6ba7a2e 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -133,9 +133,7 @@ #ifndef OPENSSL_NO_MD5 # include #endif -#ifndef OPENSSL_NO_HMAC # include -#endif #include # include #ifndef OPENSSL_NO_RMD160 @@ -1079,9 +1077,7 @@ int MAIN(int argc, char **argv) #endif #ifndef OPENSSL_NO_MD5 BIO_printf(bio_err, "md5 "); -# ifndef OPENSSL_NO_HMAC BIO_printf(bio_err, "hmac "); -# endif #endif BIO_printf(bio_err, "sha1 "); BIO_printf(bio_err, "sha256 "); @@ -1590,7 +1586,7 @@ int MAIN(int argc, char **argv) } #endif -#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_HMAC) +#if !defined(OPENSSL_NO_MD5) if (doit[D_HMAC]) { HMAC_CTX hctx; diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c index e3fa95d..3534652 100644 --- a/crypto/evp/evp_pbe.c +++ b/crypto/evp/evp_pbe.c @@ -87,9 +87,7 @@ static const EVP_PBE_CTL builtin_pbe[] = { {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndRC2_CBC, NID_rc2_64_cbc, NID_sha1, PKCS5_PBE_keyivgen}, -#ifndef OPENSSL_NO_HMAC {EVP_PBE_TYPE_OUTER, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen}, -#endif {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC4, NID_rc4, NID_sha1, PKCS12_PBE_keyivgen}, @@ -104,9 +102,8 @@ static const EVP_PBE_CTL builtin_pbe[] = { {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC2_CBC, NID_rc2_40_cbc, NID_sha1, PKCS12_PBE_keyivgen}, -#ifndef OPENSSL_NO_HMAC {EVP_PBE_TYPE_OUTER, NID_pbes2, -1, -1, PKCS5_v2_PBE_keyivgen}, -#endif + {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndRC2_CBC, NID_rc2_64_cbc, NID_md2, PKCS5_PBE_keyivgen}, {EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndRC2_CBC, diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index b9c4dcb..6c458e9 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -59,7 +59,6 @@ #include #include #include "cryptlib.h" -#if !defined(OPENSSL_NO_HMAC) # include # include # include @@ -331,4 +330,3 @@ static void h__dump(const unsigned char *p, int len) fprintf(stderr, "\n"); } # endif -#endif diff --git a/crypto/hmac/hmac.h b/crypto/hmac/hmac.h index 2712e01..2404e53 100644 --- a/crypto/hmac/hmac.h +++ b/crypto/hmac/hmac.h @@ -60,10 +60,6 @@ # include -# ifdef OPENSSL_NO_HMAC -# error HMAC is disabled. -# endif - # include # define HMAC_MAX_MD_CBLOCK 128/* largest known is SHA512 */ diff --git a/crypto/hmac/hmactest.c b/crypto/hmac/hmactest.c index 492f5c5..de8d1c9 100644 --- a/crypto/hmac/hmactest.c +++ b/crypto/hmac/hmactest.c @@ -62,13 +62,6 @@ #include "../e_os.h" -#ifdef OPENSSL_NO_HMAC -int main(int argc, char *argv[]) -{ - printf("No HMAC support\n"); - return (0); -} -#else # include # ifndef OPENSSL_NO_MD5 # include @@ -163,4 +156,3 @@ static char *pt(unsigned char *md) return (buf); } # endif -#endif diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index 256b210..4138a4d 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -57,7 +57,6 @@ * */ -#ifndef OPENSSL_NO_HMAC # include # include "cryptlib.h" # include @@ -191,4 +190,3 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, return 1; } -#endif diff --git a/util/libeay.num b/util/libeay.num index 9920db1..e77c94e 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -942,10 +942,10 @@ X509_load_crl_file 958 EXIST::FUNCTION:STDIO EVP_rc2_40_cbc 959 EXIST::FUNCTION:RC2 EVP_rc4_40 960 EXIST::FUNCTION:RC4 EVP_CIPHER_CTX_init 961 EXIST::FUNCTION: -HMAC 962 EXIST::FUNCTION:HMAC -HMAC_Init 963 EXIST::FUNCTION:HMAC -HMAC_Update 964 EXIST::FUNCTION:HMAC -HMAC_Final 965 EXIST::FUNCTION:HMAC +HMAC 962 EXIST::FUNCTION: +HMAC_Init 963 EXIST::FUNCTION: +HMAC_Update 964 EXIST::FUNCTION: +HMAC_Final 965 EXIST::FUNCTION: ERR_get_next_error_library 966 EXIST::FUNCTION: EVP_PKEY_cmp_parameters 967 EXIST::FUNCTION: HMAC_cleanup 968 NOEXIST::FUNCTION: @@ -1998,7 +1998,7 @@ EC_GROUP_method_of 2568 EXIST::FUNCTION:EC i2d_KRB5_APREQ 2569 EXIST::FUNCTION: _ossl_old_des_encrypt 2570 NOEXIST::FUNCTION: ASN1_PRINTABLE_new 2571 EXIST::FUNCTION: -HMAC_Init_ex 2572 EXIST::FUNCTION:HMAC +HMAC_Init_ex 2572 EXIST::FUNCTION: d2i_KRB5_AUTHENT 2573 EXIST::FUNCTION: OCSP_archive_cutoff_new 2574 EXIST::FUNCTION: EC_POINT_set_Jprojective_coordinates_GFp 2575 EXIST:!VMS:FUNCTION:EC @@ -2206,7 +2206,7 @@ OBJ_NAME_do_all_sorted 2743 EXIST::FUNCTION: i2d_OCSP_BASICRESP 2744 EXIST::FUNCTION: i2d_OCSP_RESPBYTES 2745 EXIST::FUNCTION: PKCS12_unpack_p7encdata 2746 EXIST::FUNCTION: -HMAC_CTX_init 2747 EXIST::FUNCTION:HMAC +HMAC_CTX_init 2747 EXIST::FUNCTION: ENGINE_get_digest 2748 EXIST::FUNCTION:ENGINE OCSP_RESPONSE_print 2749 EXIST::FUNCTION: KRB5_TKTBODY_it 2750 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2255,7 +2255,7 @@ CRYPTO_get_locked_mem_ex_functions 2781 EXIST:!VMS:FUNCTION: CRYPTO_get_locked_mem_ex_funcs 2781 EXIST:VMS:FUNCTION: ASN1_TIME_check 2782 EXIST::FUNCTION: UI_get0_user_data 2783 EXIST::FUNCTION: -HMAC_CTX_cleanup 2784 EXIST::FUNCTION:HMAC +HMAC_CTX_cleanup 2784 EXIST::FUNCTION: DSA_up_ref 2785 EXIST::FUNCTION:DSA _ossl_odes_ede3_cfb64_encrypt 2786 NOEXIST::FUNCTION: _ossl_old_des_ede3_cfb64_encrypt 2786 NOEXIST::FUNCTION: @@ -2844,7 +2844,7 @@ FIPS_selftest_failed 3284 NOEXIST::FUNCTION: sk_is_sorted 3285 EXIST::FUNCTION: X509_check_ca 3286 EXIST::FUNCTION: private_idea_set_encrypt_key 3287 NOEXIST::FUNCTION: -HMAC_CTX_set_flags 3288 EXIST::FUNCTION:HMAC +HMAC_CTX_set_flags 3288 EXIST::FUNCTION: private_SHA_Init 3289 NOEXIST::FUNCTION: private_CAST_set_key 3290 NOEXIST::FUNCTION: private_RIPEMD160_Init 3291 NOEXIST::FUNCTION: @@ -3958,7 +3958,7 @@ d2i_TS_TST_INFO_bio 4336 EXIST::FUNCTION: TS_TST_INFO_get_ordering 4337 EXIST::FUNCTION: TS_RESP_print_bio 4338 EXIST::FUNCTION: TS_TST_INFO_get_exts 4339 EXIST::FUNCTION: -HMAC_CTX_copy 4340 EXIST::FUNCTION:HMAC +HMAC_CTX_copy 4340 EXIST::FUNCTION: PKCS5_pbe2_set_iv 4341 EXIST::FUNCTION: ENGINE_get_pkey_asn1_meths 4342 EXIST::FUNCTION:ENGINE b2i_PrivateKey 4343 EXIST::FUNCTION: diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 01329b7..809e9b3 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -1410,7 +1410,6 @@ sub read_options "no-rsa" => \$no_rsa, "no-dsa" => \$no_dsa, "no-dh" => \$no_dh, - "no-hmac" => \$no_hmac, "no-asm" => \$no_asm, "nasm" => \$nasm, "nw-nasm" => \$nw_nasm, diff --git a/util/mkdef.pl b/util/mkdef.pl index ed10da2..3ae0a90 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -135,7 +135,7 @@ close(IN); my $no_rc2; my $no_rc4; my $no_rc5; my $no_idea; my $no_des; my $no_bf; my $no_cast; my $no_whirlpool; my $no_camellia; my $no_seed; my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2; -my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5; +my $no_rsa; my $no_dsa; my $no_dh; my $no_aes; my $no_krb5; my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng; @@ -212,7 +212,6 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-ec$/) { $no_ec=1; } elsif (/^no-ecdsa$/) { $no_ecdsa=1; } elsif (/^no-ecdh$/) { $no_ecdh=1; } - elsif (/^no-hmac$/) { $no_hmac=1; } elsif (/^no-aes$/) { $no_aes=1; } elsif (/^no-camellia$/) { $no_camellia=1; } elsif (/^no-seed$/) { $no_seed=1; } @@ -1188,7 +1187,6 @@ sub is_valid if ($keyword eq "EC" && $no_ec) { return 0; } if ($keyword eq "ECDSA" && $no_ecdsa) { return 0; } if ($keyword eq "ECDH" && $no_ecdh) { return 0; } - if ($keyword eq "HMAC" && $no_hmac) { return 0; } if ($keyword eq "AES" && $no_aes) { return 0; } if ($keyword eq "CAMELLIA" && $no_camellia) { return 0; } if ($keyword eq "SEED" && $no_seed) { return 0; } From rsalz at openssl.org Fri Feb 6 15:45:54 2015 From: rsalz at openssl.org (Rich Salz) Date: Fri, 6 Feb 2015 16:45:54 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150206154555.006D71E035F@butler.localdomain> The branch master has been updated via 1a53f1d68b0444655743fc87e8e9f535d090fa20 (commit) from a283d2a80adfaa88573bcd9acd3d8d7ab55c1af4 (commit) - Log ----------------------------------------------------------------- commit 1a53f1d68b0444655743fc87e8e9f535d090fa20 Author: Rich Salz Date: Fri Feb 6 10:45:29 2015 -0500 Have mkdef.pl ignore APPLINK settings. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: util/mkdef.pl | 26 ++++++-------------------- 1 file changed, 6 insertions(+), 20 deletions(-) diff --git a/util/mkdef.pl b/util/mkdef.pl index 3ae0a90..ea6655a 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -5,25 +5,8 @@ # It does this by parsing the header files and looking for the # prototyped functions: it then prunes the output. # -# Intermediary files are created, call libeay.num and ssleay.num,... -# Previously, they had the following format: -# -# routine-name nnnn -# -# But that isn't enough for a number of reasons, the first on being that -# this format is (needlessly) very Win32-centric, and even then... -# One of the biggest problems is that there's no information about what -# routines should actually be used, which varies with what crypto algorithms -# are disabled. Also, some operating systems (for example VMS with VAX C) -# need to keep track of the global variables as well as the functions. -# -# So, a remake of this script is done so as to include information on the -# kind of symbol it is (function or variable) and what algorithms they're -# part of. This will allow easy translating to .def files or the corresponding -# file in other operating systems (a .opt file for VMS, possibly with a .mar -# file). -# -# The format now becomes: +# Intermediary files are created, call libeay.num and ssleay.num, +# The format of these files is: # # routine-name nnnn info # @@ -120,7 +103,10 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", # Unit testing "UNIT_TEST", # OCB mode - "OCB"); + "OCB", + # APPLINK (win build feature?) + "APPLINK" + ); my $options=""; open(IN," The branch master has been updated via 5b18d3025c1c1d36be8f81f137265b46da58f881 (commit) from 1a53f1d68b0444655743fc87e8e9f535d090fa20 (commit) - Log ----------------------------------------------------------------- commit 5b18d3025c1c1d36be8f81f137265b46da58f881 Author: Rich Salz Date: Fri Feb 6 10:47:53 2015 -0500 util/mkstack.pl now generates entire safestack.h The mkstack.pl script now generates the entire safestack.h file. It generates output that follows the coding style. Also, removed all instances of the obsolete IMPLEMENT_STACK_OF macro. Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: crypto/asn1/a_int.c | 2 - crypto/asn1/a_object.c | 2 - crypto/asn1/a_strnid.c | 2 - crypto/asn1/a_type.c | 2 - crypto/asn1/asn_mime.c | 2 - crypto/asn1/x_algor.c | 2 - crypto/asn1/x_crl.c | 4 - crypto/asn1/x_info.c | 2 - crypto/asn1/x_name.c | 2 - crypto/bio/bio_lib.c | 2 - crypto/conf/conf_api.c | 2 - crypto/ex_data.c | 2 - crypto/objects/o_names.c | 1 - crypto/stack/safestack.h | 163 ++++++++++++-- crypto/store/str_lib.c | 2 - crypto/ui/ui_lib.c | 2 - crypto/x509/x509_ext.c | 2 - crypto/x509/x509_lu.c | 4 - crypto/x509/x509_trs.c | 2 - crypto/x509/x509_vfy.c | 6 - crypto/x509v3/v3_cpols.c | 5 - crypto/x509v3/v3_crld.c | 2 - crypto/x509v3/v3_lib.c | 2 - crypto/x509v3/v3_purp.c | 2 - crypto/x509v3/v3_sxnet.c | 2 - ssl/ssl_lib.c | 4 - util/mkstack.pl | 534 ++++++++++++++++++++++++++++++++-------------- 27 files changed, 516 insertions(+), 243 deletions(-) diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c index 024115b..6b6a514 100644 --- a/crypto/asn1/a_int.c +++ b/crypto/asn1/a_int.c @@ -455,6 +455,4 @@ BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn) return (ret); } -IMPLEMENT_STACK_OF(ASN1_INTEGER) - IMPLEMENT_ASN1_SET_OF(ASN1_INTEGER) diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c index 99abf68..5732a71 100644 --- a/crypto/asn1/a_object.c +++ b/crypto/asn1/a_object.c @@ -400,6 +400,4 @@ ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len, return (OBJ_dup(&o)); } -IMPLEMENT_STACK_OF(ASN1_OBJECT) - IMPLEMENT_ASN1_SET_OF(ASN1_OBJECT) diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c index ab446b1..213cf63 100644 --- a/crypto/asn1/a_strnid.c +++ b/crypto/asn1/a_strnid.c @@ -302,8 +302,6 @@ static void st_free(ASN1_STRING_TABLE *tbl) } -IMPLEMENT_STACK_OF(ASN1_STRING_TABLE) - #ifdef STRING_TABLE_TEST main() diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c index 4a36aff..94d0b1a 100644 --- a/crypto/asn1/a_type.c +++ b/crypto/asn1/a_type.c @@ -103,8 +103,6 @@ int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value) return 1; } -IMPLEMENT_STACK_OF(ASN1_TYPE) - IMPLEMENT_ASN1_SET_OF(ASN1_TYPE) /* Returns 0 if they are equal, != 0 otherwise. */ diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c index 97e5b34..28622f2 100644 --- a/crypto/asn1/asn_mime.c +++ b/crypto/asn1/asn_mime.c @@ -78,7 +78,6 @@ typedef struct { } MIME_PARAM; DECLARE_STACK_OF(MIME_PARAM) -IMPLEMENT_STACK_OF(MIME_PARAM) typedef struct { char *name; /* Name of line e.g. "content-type" */ @@ -87,7 +86,6 @@ typedef struct { } MIME_HEADER; DECLARE_STACK_OF(MIME_HEADER) -IMPLEMENT_STACK_OF(MIME_HEADER) static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, const ASN1_ITEM *it); diff --git a/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c index fd7d16d..f7ff573 100644 --- a/crypto/asn1/x_algor.c +++ b/crypto/asn1/x_algor.c @@ -74,8 +74,6 @@ ASN1_ITEM_TEMPLATE_END(X509_ALGORS) IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR) IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_ALGORS, X509_ALGORS, X509_ALGORS) IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR) - -IMPLEMENT_STACK_OF(X509_ALGOR) IMPLEMENT_ASN1_SET_OF(X509_ALGOR) int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval) diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c index 79eab4f..bcbae1b 100644 --- a/crypto/asn1/x_crl.c +++ b/crypto/asn1/x_crl.c @@ -506,10 +506,6 @@ void *X509_CRL_get_meth_data(X509_CRL *crl) return crl->meth_data; } -IMPLEMENT_STACK_OF(X509_REVOKED) - IMPLEMENT_ASN1_SET_OF(X509_REVOKED) -IMPLEMENT_STACK_OF(X509_CRL) - IMPLEMENT_ASN1_SET_OF(X509_CRL) diff --git a/crypto/asn1/x_info.c b/crypto/asn1/x_info.c index 067fd72..a847277 100644 --- a/crypto/asn1/x_info.c +++ b/crypto/asn1/x_info.c @@ -113,5 +113,3 @@ void X509_INFO_free(X509_INFO *x) OPENSSL_free(x->enc_data); OPENSSL_free(x); } - -IMPLEMENT_STACK_OF(X509_INFO) diff --git a/crypto/asn1/x_name.c b/crypto/asn1/x_name.c index 737c426..bc446e0 100644 --- a/crypto/asn1/x_name.c +++ b/crypto/asn1/x_name.c @@ -522,6 +522,4 @@ int X509_NAME_set(X509_NAME **xn, X509_NAME *name) return (*xn != NULL); } -IMPLEMENT_STACK_OF(X509_NAME_ENTRY) - IMPLEMENT_ASN1_SET_OF(X509_NAME_ENTRY) diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c index 5267010..11e0142 100644 --- a/crypto/bio/bio_lib.c +++ b/crypto/bio/bio_lib.c @@ -590,5 +590,3 @@ unsigned long BIO_number_written(BIO *bio) return bio->num_write; return 0; } - -IMPLEMENT_STACK_OF(BIO) diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c index ff73f38..cba2de1 100644 --- a/crypto/conf/conf_api.c +++ b/crypto/conf/conf_api.c @@ -279,5 +279,3 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section) } return (v); } - -IMPLEMENT_STACK_OF(CONF_VALUE) diff --git a/crypto/ex_data.c b/crypto/ex_data.c index 5a3546a..4caddce 100644 --- a/crypto/ex_data.c +++ b/crypto/ex_data.c @@ -640,5 +640,3 @@ void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx) else return (sk_void_value(ad->sk, idx)); } - -IMPLEMENT_STACK_OF(CRYPTO_EX_DATA_FUNCS) diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c index e1e13a6..d7fa0d8 100644 --- a/crypto/objects/o_names.c +++ b/crypto/objects/o_names.c @@ -35,7 +35,6 @@ typedef struct name_funcs_st { } NAME_FUNCS; DECLARE_STACK_OF(NAME_FUNCS) -IMPLEMENT_STACK_OF(NAME_FUNCS) static STACK_OF(NAME_FUNCS) *name_funcs_stack; diff --git a/crypto/stack/safestack.h b/crypto/stack/safestack.h index aa2e993..bd0397d 100644 --- a/crypto/stack/safestack.h +++ b/crypto/stack/safestack.h @@ -1,3 +1,4 @@ +/* automatically generated by util/mkstack.pl */ /* ==================================================================== * Copyright (c) 1999 The OpenSSL Project. All rights reserved. * @@ -62,8 +63,7 @@ extern "C" { #endif # ifndef CHECKED_PTR_OF -# define CHECKED_PTR_OF(type, p) \ - ((void*) (1 ? p : (type*)0)) +# define CHECKED_PTR_OF(type, p) ((void*) (1 ? p : (type*)0)) # endif /* @@ -99,9 +99,6 @@ STACK_OF(type) \ _STACK stack; \ }; -/* nada (obsolete in new safestack approach)*/ -# define IMPLEMENT_STACK_OF(type) - /*- * Strings are special: normally an lhash entry will point to a single * (somewhat) mutable object. In the case of strings: @@ -117,17 +114,15 @@ STACK_OF(type) \ * string at all. */ typedef char *OPENSSL_STRING; - typedef const char *OPENSSL_CSTRING; -/* +/*- * Confusingly, LHASH_OF(STRING) deals with char ** throughout, but * STACK_OF(STRING) is really more like STACK_OF(char), only, as mentioned * above, instead of a single char each entry is a NUL-terminated array of * chars. So, we have to implement STRING specially for STACK_OF. This is * dealt with in the autogenerated macros below. */ - DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) /* @@ -138,6 +133,11 @@ typedef void *OPENSSL_BLOCK; DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) /* + * This file is automatically generated by util/mkstack.pl + * Do not edit! + */ + +/* * SKM_sk_... stack macros are internal to safestack.h: never use them * directly, use sk__... instead */ @@ -187,6 +187,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) sk_sort(CHECKED_STACK_OF(type, st)) # define SKM_sk_is_sorted(type, st) \ sk_is_sorted(CHECKED_STACK_OF(type, st)) + # define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ (STACK_OF(type) *)d2i_ASN1_SET( \ (STACK_OF(OPENSSL_BLOCK) **)CHECKED_PTR_OF(STACK_OF(type)*, st), \ @@ -198,19 +199,20 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) i2d_ASN1_SET(CHECKED_STACK_OF(type, st), pp, \ CHECKED_I2D_OF(type, i2d_func), \ ex_tag, ex_class, is_set) + # define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \ ASN1_seq_pack(CHECKED_PTR_OF(STACK_OF(type), st), \ CHECKED_I2D_OF(type, i2d_func), buf, len) # define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \ - (STACK_OF(type) *)ASN1_seq_unpack(buf, len, CHECKED_D2I_OF(type, d2i_func), CHECKED_SK_FREE_FUNC(type, free_func)) + (STACK_OF(type) *)ASN1_seq_unpack(buf, \ + len, CHECKED_D2I_OF(type, d2i_func), \ + CHECKED_SK_FREE_FUNC(type, free_func)) # define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \ (STACK_OF(type) *)PKCS12_decrypt_d2i(algor, \ CHECKED_D2I_OF(type, d2i_func), \ CHECKED_SK_FREE_FUNC(type, free_func), \ pass, passlen, oct, seq) -/* - * This block of defines is updated by util/mkstack.pl, please do not touch! - */ + # define sk_ACCESS_DESCRIPTION_new(cmp) SKM_sk_new(ACCESS_DESCRIPTION, (cmp)) # define sk_ACCESS_DESCRIPTION_new_null() SKM_sk_new_null(ACCESS_DESCRIPTION) # define sk_ACCESS_DESCRIPTION_free(st) SKM_sk_free(ACCESS_DESCRIPTION, (st)) @@ -233,6 +235,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_ACCESS_DESCRIPTION_pop(st) SKM_sk_pop(ACCESS_DESCRIPTION, (st)) # define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st)) # define sk_ACCESS_DESCRIPTION_is_sorted(st) SKM_sk_is_sorted(ACCESS_DESCRIPTION, (st)) + # define sk_ASIdOrRange_new(cmp) SKM_sk_new(ASIdOrRange, (cmp)) # define sk_ASIdOrRange_new_null() SKM_sk_new_null(ASIdOrRange) # define sk_ASIdOrRange_free(st) SKM_sk_free(ASIdOrRange, (st)) @@ -255,6 +258,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_ASIdOrRange_pop(st) SKM_sk_pop(ASIdOrRange, (st)) # define sk_ASIdOrRange_sort(st) SKM_sk_sort(ASIdOrRange, (st)) # define sk_ASIdOrRange_is_sorted(st) SKM_sk_is_sorted(ASIdOrRange, (st)) + # define sk_ASN1_GENERALSTRING_new(cmp) SKM_sk_new(ASN1_GENERALSTRING, (cmp)) # define sk_ASN1_GENERALSTRING_new_null() SKM_sk_new_null(ASN1_GENERALSTRING) # define sk_ASN1_GENERALSTRING_free(st) SKM_sk_free(ASN1_GENERALSTRING, (st)) @@ -277,6 +281,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_ASN1_GENERALSTRING_pop(st) SKM_sk_pop(ASN1_GENERALSTRING, (st)) # define sk_ASN1_GENERALSTRING_sort(st) SKM_sk_sort(ASN1_GENERALSTRING, (st)) # define sk_ASN1_GENERALSTRING_is_sorted(st) SKM_sk_is_sorted(ASN1_GENERALSTRING, (st)) + # define sk_ASN1_INTEGER_new(cmp) SKM_sk_new(ASN1_INTEGER, (cmp)) # define sk_ASN1_INTEGER_new_null() SKM_sk_new_null(ASN1_INTEGER) # define sk_ASN1_INTEGER_free(st) SKM_sk_free(ASN1_INTEGER, (st)) @@ -299,6 +304,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_ASN1_INTEGER_pop(st) SKM_sk_pop(ASN1_INTEGER, (st)) # define sk_ASN1_INTEGER_sort(st) SKM_sk_sort(ASN1_INTEGER, (st)) # define sk_ASN1_INTEGER_is_sorted(st) SKM_sk_is_sorted(ASN1_INTEGER, (st)) + # define sk_ASN1_OBJECT_new(cmp) SKM_sk_new(ASN1_OBJECT, (cmp)) # define sk_ASN1_OBJECT_new_null() SKM_sk_new_null(ASN1_OBJECT) # define sk_ASN1_OBJECT_free(st) SKM_sk_free(ASN1_OBJECT, (st)) @@ -321,6 +327,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_ASN1_OBJECT_pop(st) SKM_sk_pop(ASN1_OBJECT, (st)) # define sk_ASN1_OBJECT_sort(st) SKM_sk_sort(ASN1_OBJECT, (st)) # define sk_ASN1_OBJECT_is_sorted(st) SKM_sk_is_sorted(ASN1_OBJECT, (st)) + # define sk_ASN1_STRING_TABLE_new(cmp) SKM_sk_new(ASN1_STRING_TABLE, (cmp)) # define sk_ASN1_STRING_TABLE_new_null() SKM_sk_new_null(ASN1_STRING_TABLE) # define sk_ASN1_STRING_TABLE_free(st) SKM_sk_free(ASN1_STRING_TABLE, (st)) @@ -343,6 +350,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_ASN1_STRING_TABLE_pop(st) SKM_sk_pop(ASN1_STRING_TABLE, (st)) # define sk_ASN1_STRING_TABLE_sort(st) SKM_sk_sort(ASN1_STRING_TABLE, (st)) # define sk_ASN1_STRING_TABLE_is_sorted(st) SKM_sk_is_sorted(ASN1_STRING_TABLE, (st)) + # define sk_ASN1_TYPE_new(cmp) SKM_sk_new(ASN1_TYPE, (cmp)) # define sk_ASN1_TYPE_new_null() SKM_sk_new_null(ASN1_TYPE) # define sk_ASN1_TYPE_free(st) SKM_sk_free(ASN1_TYPE, (st)) @@ -365,6 +373,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_ASN1_TYPE_pop(st) SKM_sk_pop(ASN1_TYPE, (st)) # define sk_ASN1_TYPE_sort(st) SKM_sk_sort(ASN1_TYPE, (st)) # define sk_ASN1_TYPE_is_sorted(st) SKM_sk_is_sorted(ASN1_TYPE, (st)) + # define sk_ASN1_UTF8STRING_new(cmp) SKM_sk_new(ASN1_UTF8STRING, (cmp)) # define sk_ASN1_UTF8STRING_new_null() SKM_sk_new_null(ASN1_UTF8STRING) # define sk_ASN1_UTF8STRING_free(st) SKM_sk_free(ASN1_UTF8STRING, (st)) @@ -387,6 +396,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_ASN1_UTF8STRING_pop(st) SKM_sk_pop(ASN1_UTF8STRING, (st)) # define sk_ASN1_UTF8STRING_sort(st) SKM_sk_sort(ASN1_UTF8STRING, (st)) # define sk_ASN1_UTF8STRING_is_sorted(st) SKM_sk_is_sorted(ASN1_UTF8STRING, (st)) + # define sk_ASN1_VALUE_new(cmp) SKM_sk_new(ASN1_VALUE, (cmp)) # define sk_ASN1_VALUE_new_null() SKM_sk_new_null(ASN1_VALUE) # define sk_ASN1_VALUE_free(st) SKM_sk_free(ASN1_VALUE, (st)) @@ -409,6 +419,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_ASN1_VALUE_pop(st) SKM_sk_pop(ASN1_VALUE, (st)) # define sk_ASN1_VALUE_sort(st) SKM_sk_sort(ASN1_VALUE, (st)) # define sk_ASN1_VALUE_is_sorted(st) SKM_sk_is_sorted(ASN1_VALUE, (st)) + # define sk_BIO_new(cmp) SKM_sk_new(BIO, (cmp)) # define sk_BIO_new_null() SKM_sk_new_null(BIO) # define sk_BIO_free(st) SKM_sk_free(BIO, (st)) @@ -431,6 +442,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_BIO_pop(st) SKM_sk_pop(BIO, (st)) # define sk_BIO_sort(st) SKM_sk_sort(BIO, (st)) # define sk_BIO_is_sorted(st) SKM_sk_is_sorted(BIO, (st)) + # define sk_BY_DIR_ENTRY_new(cmp) SKM_sk_new(BY_DIR_ENTRY, (cmp)) # define sk_BY_DIR_ENTRY_new_null() SKM_sk_new_null(BY_DIR_ENTRY) # define sk_BY_DIR_ENTRY_free(st) SKM_sk_free(BY_DIR_ENTRY, (st)) @@ -453,6 +465,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_BY_DIR_ENTRY_pop(st) SKM_sk_pop(BY_DIR_ENTRY, (st)) # define sk_BY_DIR_ENTRY_sort(st) SKM_sk_sort(BY_DIR_ENTRY, (st)) # define sk_BY_DIR_ENTRY_is_sorted(st) SKM_sk_is_sorted(BY_DIR_ENTRY, (st)) + # define sk_BY_DIR_HASH_new(cmp) SKM_sk_new(BY_DIR_HASH, (cmp)) # define sk_BY_DIR_HASH_new_null() SKM_sk_new_null(BY_DIR_HASH) # define sk_BY_DIR_HASH_free(st) SKM_sk_free(BY_DIR_HASH, (st)) @@ -475,6 +488,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_BY_DIR_HASH_pop(st) SKM_sk_pop(BY_DIR_HASH, (st)) # define sk_BY_DIR_HASH_sort(st) SKM_sk_sort(BY_DIR_HASH, (st)) # define sk_BY_DIR_HASH_is_sorted(st) SKM_sk_is_sorted(BY_DIR_HASH, (st)) + # define sk_CMS_CertificateChoices_new(cmp) SKM_sk_new(CMS_CertificateChoices, (cmp)) # define sk_CMS_CertificateChoices_new_null() SKM_sk_new_null(CMS_CertificateChoices) # define sk_CMS_CertificateChoices_free(st) SKM_sk_free(CMS_CertificateChoices, (st)) @@ -497,6 +511,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_CMS_CertificateChoices_pop(st) SKM_sk_pop(CMS_CertificateChoices, (st)) # define sk_CMS_CertificateChoices_sort(st) SKM_sk_sort(CMS_CertificateChoices, (st)) # define sk_CMS_CertificateChoices_is_sorted(st) SKM_sk_is_sorted(CMS_CertificateChoices, (st)) + # define sk_CMS_RecipientEncryptedKey_new(cmp) SKM_sk_new(CMS_RecipientEncryptedKey, (cmp)) # define sk_CMS_RecipientEncryptedKey_new_null() SKM_sk_new_null(CMS_RecipientEncryptedKey) # define sk_CMS_RecipientEncryptedKey_free(st) SKM_sk_free(CMS_RecipientEncryptedKey, (st)) @@ -519,6 +534,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_CMS_RecipientEncryptedKey_pop(st) SKM_sk_pop(CMS_RecipientEncryptedKey, (st)) # define sk_CMS_RecipientEncryptedKey_sort(st) SKM_sk_sort(CMS_RecipientEncryptedKey, (st)) # define sk_CMS_RecipientEncryptedKey_is_sorted(st) SKM_sk_is_sorted(CMS_RecipientEncryptedKey, (st)) + # define sk_CMS_RecipientInfo_new(cmp) SKM_sk_new(CMS_RecipientInfo, (cmp)) # define sk_CMS_RecipientInfo_new_null() SKM_sk_new_null(CMS_RecipientInfo) # define sk_CMS_RecipientInfo_free(st) SKM_sk_free(CMS_RecipientInfo, (st)) @@ -541,6 +557,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_CMS_RecipientInfo_pop(st) SKM_sk_pop(CMS_RecipientInfo, (st)) # define sk_CMS_RecipientInfo_sort(st) SKM_sk_sort(CMS_RecipientInfo, (st)) # define sk_CMS_RecipientInfo_is_sorted(st) SKM_sk_is_sorted(CMS_RecipientInfo, (st)) + # define sk_CMS_RevocationInfoChoice_new(cmp) SKM_sk_new(CMS_RevocationInfoChoice, (cmp)) # define sk_CMS_RevocationInfoChoice_new_null() SKM_sk_new_null(CMS_RevocationInfoChoice) # define sk_CMS_RevocationInfoChoice_free(st) SKM_sk_free(CMS_RevocationInfoChoice, (st)) @@ -563,6 +580,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_CMS_RevocationInfoChoice_pop(st) SKM_sk_pop(CMS_RevocationInfoChoice, (st)) # define sk_CMS_RevocationInfoChoice_sort(st) SKM_sk_sort(CMS_RevocationInfoChoice, (st)) # define sk_CMS_RevocationInfoChoice_is_sorted(st) SKM_sk_is_sorted(CMS_RevocationInfoChoice, (st)) + # define sk_CMS_SignerInfo_new(cmp) SKM_sk_new(CMS_SignerInfo, (cmp)) # define sk_CMS_SignerInfo_new_null() SKM_sk_new_null(CMS_SignerInfo) # define sk_CMS_SignerInfo_free(st) SKM_sk_free(CMS_SignerInfo, (st)) @@ -585,6 +603,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_CMS_SignerInfo_pop(st) SKM_sk_pop(CMS_SignerInfo, (st)) # define sk_CMS_SignerInfo_sort(st) SKM_sk_sort(CMS_SignerInfo, (st)) # define sk_CMS_SignerInfo_is_sorted(st) SKM_sk_is_sorted(CMS_SignerInfo, (st)) + # define sk_CONF_IMODULE_new(cmp) SKM_sk_new(CONF_IMODULE, (cmp)) # define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE) # define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st)) @@ -607,6 +626,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_CONF_IMODULE_pop(st) SKM_sk_pop(CONF_IMODULE, (st)) # define sk_CONF_IMODULE_sort(st) SKM_sk_sort(CONF_IMODULE, (st)) # define sk_CONF_IMODULE_is_sorted(st) SKM_sk_is_sorted(CONF_IMODULE, (st)) + # define sk_CONF_MODULE_new(cmp) SKM_sk_new(CONF_MODULE, (cmp)) # define sk_CONF_MODULE_new_null() SKM_sk_new_null(CONF_MODULE) # define sk_CONF_MODULE_free(st) SKM_sk_free(CONF_MODULE, (st)) @@ -629,6 +649,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_CONF_MODULE_pop(st) SKM_sk_pop(CONF_MODULE, (st)) # define sk_CONF_MODULE_sort(st) SKM_sk_sort(CONF_MODULE, (st)) # define sk_CONF_MODULE_is_sorted(st) SKM_sk_is_sorted(CONF_MODULE, (st)) + # define sk_CONF_VALUE_new(cmp) SKM_sk_new(CONF_VALUE, (cmp)) # define sk_CONF_VALUE_new_null() SKM_sk_new_null(CONF_VALUE) # define sk_CONF_VALUE_free(st) SKM_sk_free(CONF_VALUE, (st)) @@ -651,6 +672,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_CONF_VALUE_pop(st) SKM_sk_pop(CONF_VALUE, (st)) # define sk_CONF_VALUE_sort(st) SKM_sk_sort(CONF_VALUE, (st)) # define sk_CONF_VALUE_is_sorted(st) SKM_sk_is_sorted(CONF_VALUE, (st)) + # define sk_CRYPTO_EX_DATA_FUNCS_new(cmp) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (cmp)) # define sk_CRYPTO_EX_DATA_FUNCS_new_null() SKM_sk_new_null(CRYPTO_EX_DATA_FUNCS) # define sk_CRYPTO_EX_DATA_FUNCS_free(st) SKM_sk_free(CRYPTO_EX_DATA_FUNCS, (st)) @@ -673,6 +695,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_CRYPTO_EX_DATA_FUNCS_pop(st) SKM_sk_pop(CRYPTO_EX_DATA_FUNCS, (st)) # define sk_CRYPTO_EX_DATA_FUNCS_sort(st) SKM_sk_sort(CRYPTO_EX_DATA_FUNCS, (st)) # define sk_CRYPTO_EX_DATA_FUNCS_is_sorted(st) SKM_sk_is_sorted(CRYPTO_EX_DATA_FUNCS, (st)) + # define sk_CRYPTO_dynlock_new(cmp) SKM_sk_new(CRYPTO_dynlock, (cmp)) # define sk_CRYPTO_dynlock_new_null() SKM_sk_new_null(CRYPTO_dynlock) # define sk_CRYPTO_dynlock_free(st) SKM_sk_free(CRYPTO_dynlock, (st)) @@ -695,6 +718,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_CRYPTO_dynlock_pop(st) SKM_sk_pop(CRYPTO_dynlock, (st)) # define sk_CRYPTO_dynlock_sort(st) SKM_sk_sort(CRYPTO_dynlock, (st)) # define sk_CRYPTO_dynlock_is_sorted(st) SKM_sk_is_sorted(CRYPTO_dynlock, (st)) + # define sk_DIST_POINT_new(cmp) SKM_sk_new(DIST_POINT, (cmp)) # define sk_DIST_POINT_new_null() SKM_sk_new_null(DIST_POINT) # define sk_DIST_POINT_free(st) SKM_sk_free(DIST_POINT, (st)) @@ -717,6 +741,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_DIST_POINT_pop(st) SKM_sk_pop(DIST_POINT, (st)) # define sk_DIST_POINT_sort(st) SKM_sk_sort(DIST_POINT, (st)) # define sk_DIST_POINT_is_sorted(st) SKM_sk_is_sorted(DIST_POINT, (st)) + # define sk_ENGINE_new(cmp) SKM_sk_new(ENGINE, (cmp)) # define sk_ENGINE_new_null() SKM_sk_new_null(ENGINE) # define sk_ENGINE_free(st) SKM_sk_free(ENGINE, (st)) @@ -739,6 +764,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_ENGINE_pop(st) SKM_sk_pop(ENGINE, (st)) # define sk_ENGINE_sort(st) SKM_sk_sort(ENGINE, (st)) # define sk_ENGINE_is_sorted(st) SKM_sk_is_sorted(ENGINE, (st)) + # define sk_ENGINE_CLEANUP_ITEM_new(cmp) SKM_sk_new(ENGINE_CLEANUP_ITEM, (cmp)) # define sk_ENGINE_CLEANUP_ITEM_new_null() SKM_sk_new_null(ENGINE_CLEANUP_ITEM) # define sk_ENGINE_CLEANUP_ITEM_free(st) SKM_sk_free(ENGINE_CLEANUP_ITEM, (st)) @@ -761,6 +787,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_ENGINE_CLEANUP_ITEM_pop(st) SKM_sk_pop(ENGINE_CLEANUP_ITEM, (st)) # define sk_ENGINE_CLEANUP_ITEM_sort(st) SKM_sk_sort(ENGINE_CLEANUP_ITEM, (st)) # define sk_ENGINE_CLEANUP_ITEM_is_sorted(st) SKM_sk_is_sorted(ENGINE_CLEANUP_ITEM, (st)) + # define sk_ESS_CERT_ID_new(cmp) SKM_sk_new(ESS_CERT_ID, (cmp)) # define sk_ESS_CERT_ID_new_null() SKM_sk_new_null(ESS_CERT_ID) # define sk_ESS_CERT_ID_free(st) SKM_sk_free(ESS_CERT_ID, (st)) @@ -783,6 +810,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_ESS_CERT_ID_pop(st) SKM_sk_pop(ESS_CERT_ID, (st)) # define sk_ESS_CERT_ID_sort(st) SKM_sk_sort(ESS_CERT_ID, (st)) # define sk_ESS_CERT_ID_is_sorted(st) SKM_sk_is_sorted(ESS_CERT_ID, (st)) + # define sk_EVP_MD_new(cmp) SKM_sk_new(EVP_MD, (cmp)) # define sk_EVP_MD_new_null() SKM_sk_new_null(EVP_MD) # define sk_EVP_MD_free(st) SKM_sk_free(EVP_MD, (st)) @@ -805,6 +833,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_EVP_MD_pop(st) SKM_sk_pop(EVP_MD, (st)) # define sk_EVP_MD_sort(st) SKM_sk_sort(EVP_MD, (st)) # define sk_EVP_MD_is_sorted(st) SKM_sk_is_sorted(EVP_MD, (st)) + # define sk_EVP_PBE_CTL_new(cmp) SKM_sk_new(EVP_PBE_CTL, (cmp)) # define sk_EVP_PBE_CTL_new_null() SKM_sk_new_null(EVP_PBE_CTL) # define sk_EVP_PBE_CTL_free(st) SKM_sk_free(EVP_PBE_CTL, (st)) @@ -827,6 +856,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_EVP_PBE_CTL_pop(st) SKM_sk_pop(EVP_PBE_CTL, (st)) # define sk_EVP_PBE_CTL_sort(st) SKM_sk_sort(EVP_PBE_CTL, (st)) # define sk_EVP_PBE_CTL_is_sorted(st) SKM_sk_is_sorted(EVP_PBE_CTL, (st)) + # define sk_EVP_PKEY_ASN1_METHOD_new(cmp) SKM_sk_new(EVP_PKEY_ASN1_METHOD, (cmp)) # define sk_EVP_PKEY_ASN1_METHOD_new_null() SKM_sk_new_null(EVP_PKEY_ASN1_METHOD) # define sk_EVP_PKEY_ASN1_METHOD_free(st) SKM_sk_free(EVP_PKEY_ASN1_METHOD, (st)) @@ -849,6 +879,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_EVP_PKEY_ASN1_METHOD_pop(st) SKM_sk_pop(EVP_PKEY_ASN1_METHOD, (st)) # define sk_EVP_PKEY_ASN1_METHOD_sort(st) SKM_sk_sort(EVP_PKEY_ASN1_METHOD, (st)) # define sk_EVP_PKEY_ASN1_METHOD_is_sorted(st) SKM_sk_is_sorted(EVP_PKEY_ASN1_METHOD, (st)) + # define sk_EVP_PKEY_METHOD_new(cmp) SKM_sk_new(EVP_PKEY_METHOD, (cmp)) # define sk_EVP_PKEY_METHOD_new_null() SKM_sk_new_null(EVP_PKEY_METHOD) # define sk_EVP_PKEY_METHOD_free(st) SKM_sk_free(EVP_PKEY_METHOD, (st)) @@ -871,6 +902,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_EVP_PKEY_METHOD_pop(st) SKM_sk_pop(EVP_PKEY_METHOD, (st)) # define sk_EVP_PKEY_METHOD_sort(st) SKM_sk_sort(EVP_PKEY_METHOD, (st)) # define sk_EVP_PKEY_METHOD_is_sorted(st) SKM_sk_is_sorted(EVP_PKEY_METHOD, (st)) + # define sk_GENERAL_NAME_new(cmp) SKM_sk_new(GENERAL_NAME, (cmp)) # define sk_GENERAL_NAME_new_null() SKM_sk_new_null(GENERAL_NAME) # define sk_GENERAL_NAME_free(st) SKM_sk_free(GENERAL_NAME, (st)) @@ -893,6 +925,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_GENERAL_NAME_pop(st) SKM_sk_pop(GENERAL_NAME, (st)) # define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st)) # define sk_GENERAL_NAME_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAME, (st)) + # define sk_GENERAL_NAMES_new(cmp) SKM_sk_new(GENERAL_NAMES, (cmp)) # define sk_GENERAL_NAMES_new_null() SKM_sk_new_null(GENERAL_NAMES) # define sk_GENERAL_NAMES_free(st) SKM_sk_free(GENERAL_NAMES, (st)) @@ -915,6 +948,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_GENERAL_NAMES_pop(st) SKM_sk_pop(GENERAL_NAMES, (st)) # define sk_GENERAL_NAMES_sort(st) SKM_sk_sort(GENERAL_NAMES, (st)) # define sk_GENERAL_NAMES_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAMES, (st)) + # define sk_GENERAL_SUBTREE_new(cmp) SKM_sk_new(GENERAL_SUBTREE, (cmp)) # define sk_GENERAL_SUBTREE_new_null() SKM_sk_new_null(GENERAL_SUBTREE) # define sk_GENERAL_SUBTREE_free(st) SKM_sk_free(GENERAL_SUBTREE, (st)) @@ -937,6 +971,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_GENERAL_SUBTREE_pop(st) SKM_sk_pop(GENERAL_SUBTREE, (st)) # define sk_GENERAL_SUBTREE_sort(st) SKM_sk_sort(GENERAL_SUBTREE, (st)) # define sk_GENERAL_SUBTREE_is_sorted(st) SKM_sk_is_sorted(GENERAL_SUBTREE, (st)) + # define sk_IPAddressFamily_new(cmp) SKM_sk_new(IPAddressFamily, (cmp)) # define sk_IPAddressFamily_new_null() SKM_sk_new_null(IPAddressFamily) # define sk_IPAddressFamily_free(st) SKM_sk_free(IPAddressFamily, (st)) @@ -959,6 +994,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_IPAddressFamily_pop(st) SKM_sk_pop(IPAddressFamily, (st)) # define sk_IPAddressFamily_sort(st) SKM_sk_sort(IPAddressFamily, (st)) # define sk_IPAddressFamily_is_sorted(st) SKM_sk_is_sorted(IPAddressFamily, (st)) + # define sk_IPAddressOrRange_new(cmp) SKM_sk_new(IPAddressOrRange, (cmp)) # define sk_IPAddressOrRange_new_null() SKM_sk_new_null(IPAddressOrRange) # define sk_IPAddressOrRange_free(st) SKM_sk_free(IPAddressOrRange, (st)) @@ -981,6 +1017,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_IPAddressOrRange_pop(st) SKM_sk_pop(IPAddressOrRange, (st)) # define sk_IPAddressOrRange_sort(st) SKM_sk_sort(IPAddressOrRange, (st)) # define sk_IPAddressOrRange_is_sorted(st) SKM_sk_is_sorted(IPAddressOrRange, (st)) + # define sk_KRB5_APREQBODY_new(cmp) SKM_sk_new(KRB5_APREQBODY, (cmp)) # define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY) # define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st)) @@ -1003,6 +1040,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_KRB5_APREQBODY_pop(st) SKM_sk_pop(KRB5_APREQBODY, (st)) # define sk_KRB5_APREQBODY_sort(st) SKM_sk_sort(KRB5_APREQBODY, (st)) # define sk_KRB5_APREQBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_APREQBODY, (st)) + # define sk_KRB5_AUTHDATA_new(cmp) SKM_sk_new(KRB5_AUTHDATA, (cmp)) # define sk_KRB5_AUTHDATA_new_null() SKM_sk_new_null(KRB5_AUTHDATA) # define sk_KRB5_AUTHDATA_free(st) SKM_sk_free(KRB5_AUTHDATA, (st)) @@ -1025,6 +1063,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_KRB5_AUTHDATA_pop(st) SKM_sk_pop(KRB5_AUTHDATA, (st)) # define sk_KRB5_AUTHDATA_sort(st) SKM_sk_sort(KRB5_AUTHDATA, (st)) # define sk_KRB5_AUTHDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHDATA, (st)) + # define sk_KRB5_AUTHENTBODY_new(cmp) SKM_sk_new(KRB5_AUTHENTBODY, (cmp)) # define sk_KRB5_AUTHENTBODY_new_null() SKM_sk_new_null(KRB5_AUTHENTBODY) # define sk_KRB5_AUTHENTBODY_free(st) SKM_sk_free(KRB5_AUTHENTBODY, (st)) @@ -1047,6 +1086,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_KRB5_AUTHENTBODY_pop(st) SKM_sk_pop(KRB5_AUTHENTBODY, (st)) # define sk_KRB5_AUTHENTBODY_sort(st) SKM_sk_sort(KRB5_AUTHENTBODY, (st)) # define sk_KRB5_AUTHENTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHENTBODY, (st)) + # define sk_KRB5_CHECKSUM_new(cmp) SKM_sk_new(KRB5_CHECKSUM, (cmp)) # define sk_KRB5_CHECKSUM_new_null() SKM_sk_new_null(KRB5_CHECKSUM) # define sk_KRB5_CHECKSUM_free(st) SKM_sk_free(KRB5_CHECKSUM, (st)) @@ -1069,6 +1109,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_KRB5_CHECKSUM_pop(st) SKM_sk_pop(KRB5_CHECKSUM, (st)) # define sk_KRB5_CHECKSUM_sort(st) SKM_sk_sort(KRB5_CHECKSUM, (st)) # define sk_KRB5_CHECKSUM_is_sorted(st) SKM_sk_is_sorted(KRB5_CHECKSUM, (st)) + # define sk_KRB5_ENCDATA_new(cmp) SKM_sk_new(KRB5_ENCDATA, (cmp)) # define sk_KRB5_ENCDATA_new_null() SKM_sk_new_null(KRB5_ENCDATA) # define sk_KRB5_ENCDATA_free(st) SKM_sk_free(KRB5_ENCDATA, (st)) @@ -1091,6 +1132,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_KRB5_ENCDATA_pop(st) SKM_sk_pop(KRB5_ENCDATA, (st)) # define sk_KRB5_ENCDATA_sort(st) SKM_sk_sort(KRB5_ENCDATA, (st)) # define sk_KRB5_ENCDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCDATA, (st)) + # define sk_KRB5_ENCKEY_new(cmp) SKM_sk_new(KRB5_ENCKEY, (cmp)) # define sk_KRB5_ENCKEY_new_null() SKM_sk_new_null(KRB5_ENCKEY) # define sk_KRB5_ENCKEY_free(st) SKM_sk_free(KRB5_ENCKEY, (st)) @@ -1113,6 +1155,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_KRB5_ENCKEY_pop(st) SKM_sk_pop(KRB5_ENCKEY, (st)) # define sk_KRB5_ENCKEY_sort(st) SKM_sk_sort(KRB5_ENCKEY, (st)) # define sk_KRB5_ENCKEY_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCKEY, (st)) + # define sk_KRB5_PRINCNAME_new(cmp) SKM_sk_new(KRB5_PRINCNAME, (cmp)) # define sk_KRB5_PRINCNAME_new_null() SKM_sk_new_null(KRB5_PRINCNAME) # define sk_KRB5_PRINCNAME_free(st) SKM_sk_free(KRB5_PRINCNAME, (st)) @@ -1135,6 +1178,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_KRB5_PRINCNAME_pop(st) SKM_sk_pop(KRB5_PRINCNAME, (st)) # define sk_KRB5_PRINCNAME_sort(st) SKM_sk_sort(KRB5_PRINCNAME, (st)) # define sk_KRB5_PRINCNAME_is_sorted(st) SKM_sk_is_sorted(KRB5_PRINCNAME, (st)) + # define sk_KRB5_TKTBODY_new(cmp) SKM_sk_new(KRB5_TKTBODY, (cmp)) # define sk_KRB5_TKTBODY_new_null() SKM_sk_new_null(KRB5_TKTBODY) # define sk_KRB5_TKTBODY_free(st) SKM_sk_free(KRB5_TKTBODY, (st)) @@ -1157,6 +1201,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_KRB5_TKTBODY_pop(st) SKM_sk_pop(KRB5_TKTBODY, (st)) # define sk_KRB5_TKTBODY_sort(st) SKM_sk_sort(KRB5_TKTBODY, (st)) # define sk_KRB5_TKTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_TKTBODY, (st)) + # define sk_MEM_OBJECT_DATA_new(cmp) SKM_sk_new(MEM_OBJECT_DATA, (cmp)) # define sk_MEM_OBJECT_DATA_new_null() SKM_sk_new_null(MEM_OBJECT_DATA) # define sk_MEM_OBJECT_DATA_free(st) SKM_sk_free(MEM_OBJECT_DATA, (st)) @@ -1179,6 +1224,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_MEM_OBJECT_DATA_pop(st) SKM_sk_pop(MEM_OBJECT_DATA, (st)) # define sk_MEM_OBJECT_DATA_sort(st) SKM_sk_sort(MEM_OBJECT_DATA, (st)) # define sk_MEM_OBJECT_DATA_is_sorted(st) SKM_sk_is_sorted(MEM_OBJECT_DATA, (st)) + # define sk_MIME_HEADER_new(cmp) SKM_sk_new(MIME_HEADER, (cmp)) # define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER) # define sk_MIME_HEADER_free(st) SKM_sk_free(MIME_HEADER, (st)) @@ -1201,6 +1247,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_MIME_HEADER_pop(st) SKM_sk_pop(MIME_HEADER, (st)) # define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st)) # define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st)) + # define sk_MIME_PARAM_new(cmp) SKM_sk_new(MIME_PARAM, (cmp)) # define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM) # define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st)) @@ -1223,6 +1270,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_MIME_PARAM_pop(st) SKM_sk_pop(MIME_PARAM, (st)) # define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st)) # define sk_MIME_PARAM_is_sorted(st) SKM_sk_is_sorted(MIME_PARAM, (st)) + # define sk_NAME_FUNCS_new(cmp) SKM_sk_new(NAME_FUNCS, (cmp)) # define sk_NAME_FUNCS_new_null() SKM_sk_new_null(NAME_FUNCS) # define sk_NAME_FUNCS_free(st) SKM_sk_free(NAME_FUNCS, (st)) @@ -1245,6 +1293,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_NAME_FUNCS_pop(st) SKM_sk_pop(NAME_FUNCS, (st)) # define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st)) # define sk_NAME_FUNCS_is_sorted(st) SKM_sk_is_sorted(NAME_FUNCS, (st)) + # define sk_OCSP_CERTID_new(cmp) SKM_sk_new(OCSP_CERTID, (cmp)) # define sk_OCSP_CERTID_new_null() SKM_sk_new_null(OCSP_CERTID) # define sk_OCSP_CERTID_free(st) SKM_sk_free(OCSP_CERTID, (st)) @@ -1267,6 +1316,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_OCSP_CERTID_pop(st) SKM_sk_pop(OCSP_CERTID, (st)) # define sk_OCSP_CERTID_sort(st) SKM_sk_sort(OCSP_CERTID, (st)) # define sk_OCSP_CERTID_is_sorted(st) SKM_sk_is_sorted(OCSP_CERTID, (st)) + # define sk_OCSP_ONEREQ_new(cmp) SKM_sk_new(OCSP_ONEREQ, (cmp)) # define sk_OCSP_ONEREQ_new_null() SKM_sk_new_null(OCSP_ONEREQ) # define sk_OCSP_ONEREQ_free(st) SKM_sk_free(OCSP_ONEREQ, (st)) @@ -1289,6 +1339,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_OCSP_ONEREQ_pop(st) SKM_sk_pop(OCSP_ONEREQ, (st)) # define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st)) # define sk_OCSP_ONEREQ_is_sorted(st) SKM_sk_is_sorted(OCSP_ONEREQ, (st)) + # define sk_OCSP_RESPID_new(cmp) SKM_sk_new(OCSP_RESPID, (cmp)) # define sk_OCSP_RESPID_new_null() SKM_sk_new_null(OCSP_RESPID) # define sk_OCSP_RESPID_free(st) SKM_sk_free(OCSP_RESPID, (st)) @@ -1311,6 +1362,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_OCSP_RESPID_pop(st) SKM_sk_pop(OCSP_RESPID, (st)) # define sk_OCSP_RESPID_sort(st) SKM_sk_sort(OCSP_RESPID, (st)) # define sk_OCSP_RESPID_is_sorted(st) SKM_sk_is_sorted(OCSP_RESPID, (st)) + # define sk_OCSP_SINGLERESP_new(cmp) SKM_sk_new(OCSP_SINGLERESP, (cmp)) # define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP) # define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st)) @@ -1333,6 +1385,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_OCSP_SINGLERESP_pop(st) SKM_sk_pop(OCSP_SINGLERESP, (st)) # define sk_OCSP_SINGLERESP_sort(st) SKM_sk_sort(OCSP_SINGLERESP, (st)) # define sk_OCSP_SINGLERESP_is_sorted(st) SKM_sk_is_sorted(OCSP_SINGLERESP, (st)) + # define sk_PKCS12_SAFEBAG_new(cmp) SKM_sk_new(PKCS12_SAFEBAG, (cmp)) # define sk_PKCS12_SAFEBAG_new_null() SKM_sk_new_null(PKCS12_SAFEBAG) # define sk_PKCS12_SAFEBAG_free(st) SKM_sk_free(PKCS12_SAFEBAG, (st)) @@ -1355,6 +1408,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_PKCS12_SAFEBAG_pop(st) SKM_sk_pop(PKCS12_SAFEBAG, (st)) # define sk_PKCS12_SAFEBAG_sort(st) SKM_sk_sort(PKCS12_SAFEBAG, (st)) # define sk_PKCS12_SAFEBAG_is_sorted(st) SKM_sk_is_sorted(PKCS12_SAFEBAG, (st)) + # define sk_PKCS7_new(cmp) SKM_sk_new(PKCS7, (cmp)) # define sk_PKCS7_new_null() SKM_sk_new_null(PKCS7) # define sk_PKCS7_free(st) SKM_sk_free(PKCS7, (st)) @@ -1377,6 +1431,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_PKCS7_pop(st) SKM_sk_pop(PKCS7, (st)) # define sk_PKCS7_sort(st) SKM_sk_sort(PKCS7, (st)) # define sk_PKCS7_is_sorted(st) SKM_sk_is_sorted(PKCS7, (st)) + # define sk_PKCS7_RECIP_INFO_new(cmp) SKM_sk_new(PKCS7_RECIP_INFO, (cmp)) # define sk_PKCS7_RECIP_INFO_new_null() SKM_sk_new_null(PKCS7_RECIP_INFO) # define sk_PKCS7_RECIP_INFO_free(st) SKM_sk_free(PKCS7_RECIP_INFO, (st)) @@ -1399,6 +1454,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_PKCS7_RECIP_INFO_pop(st) SKM_sk_pop(PKCS7_RECIP_INFO, (st)) # define sk_PKCS7_RECIP_INFO_sort(st) SKM_sk_sort(PKCS7_RECIP_INFO, (st)) # define sk_PKCS7_RECIP_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_RECIP_INFO, (st)) + # define sk_PKCS7_SIGNER_INFO_new(cmp) SKM_sk_new(PKCS7_SIGNER_INFO, (cmp)) # define sk_PKCS7_SIGNER_INFO_new_null() SKM_sk_new_null(PKCS7_SIGNER_INFO) # define sk_PKCS7_SIGNER_INFO_free(st) SKM_sk_free(PKCS7_SIGNER_INFO, (st)) @@ -1421,6 +1477,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_PKCS7_SIGNER_INFO_pop(st) SKM_sk_pop(PKCS7_SIGNER_INFO, (st)) # define sk_PKCS7_SIGNER_INFO_sort(st) SKM_sk_sort(PKCS7_SIGNER_INFO, (st)) # define sk_PKCS7_SIGNER_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_SIGNER_INFO, (st)) + # define sk_POLICYINFO_new(cmp) SKM_sk_new(POLICYINFO, (cmp)) # define sk_POLICYINFO_new_null() SKM_sk_new_null(POLICYINFO) # define sk_POLICYINFO_free(st) SKM_sk_free(POLICYINFO, (st)) @@ -1443,6 +1500,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_POLICYINFO_pop(st) SKM_sk_pop(POLICYINFO, (st)) # define sk_POLICYINFO_sort(st) SKM_sk_sort(POLICYINFO, (st)) # define sk_POLICYINFO_is_sorted(st) SKM_sk_is_sorted(POLICYINFO, (st)) + # define sk_POLICYQUALINFO_new(cmp) SKM_sk_new(POLICYQUALINFO, (cmp)) # define sk_POLICYQUALINFO_new_null() SKM_sk_new_null(POLICYQUALINFO) # define sk_POLICYQUALINFO_free(st) SKM_sk_free(POLICYQUALINFO, (st)) @@ -1465,6 +1523,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_POLICYQUALINFO_pop(st) SKM_sk_pop(POLICYQUALINFO, (st)) # define sk_POLICYQUALINFO_sort(st) SKM_sk_sort(POLICYQUALINFO, (st)) # define sk_POLICYQUALINFO_is_sorted(st) SKM_sk_is_sorted(POLICYQUALINFO, (st)) + # define sk_POLICY_MAPPING_new(cmp) SKM_sk_new(POLICY_MAPPING, (cmp)) # define sk_POLICY_MAPPING_new_null() SKM_sk_new_null(POLICY_MAPPING) # define sk_POLICY_MAPPING_free(st) SKM_sk_free(POLICY_MAPPING, (st)) @@ -1487,6 +1546,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_POLICY_MAPPING_pop(st) SKM_sk_pop(POLICY_MAPPING, (st)) # define sk_POLICY_MAPPING_sort(st) SKM_sk_sort(POLICY_MAPPING, (st)) # define sk_POLICY_MAPPING_is_sorted(st) SKM_sk_is_sorted(POLICY_MAPPING, (st)) + # define sk_SCT_new(cmp) SKM_sk_new(SCT, (cmp)) # define sk_SCT_new_null() SKM_sk_new_null(SCT) # define sk_SCT_free(st) SKM_sk_free(SCT, (st)) @@ -1509,6 +1569,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_SCT_pop(st) SKM_sk_pop(SCT, (st)) # define sk_SCT_sort(st) SKM_sk_sort(SCT, (st)) # define sk_SCT_is_sorted(st) SKM_sk_is_sorted(SCT, (st)) + # define sk_SRP_gN_new(cmp) SKM_sk_new(SRP_gN, (cmp)) # define sk_SRP_gN_new_null() SKM_sk_new_null(SRP_gN) # define sk_SRP_gN_free(st) SKM_sk_free(SRP_gN, (st)) @@ -1531,6 +1592,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_SRP_gN_pop(st) SKM_sk_pop(SRP_gN, (st)) # define sk_SRP_gN_sort(st) SKM_sk_sort(SRP_gN, (st)) # define sk_SRP_gN_is_sorted(st) SKM_sk_is_sorted(SRP_gN, (st)) + # define sk_SRP_gN_cache_new(cmp) SKM_sk_new(SRP_gN_cache, (cmp)) # define sk_SRP_gN_cache_new_null() SKM_sk_new_null(SRP_gN_cache) # define sk_SRP_gN_cache_free(st) SKM_sk_free(SRP_gN_cache, (st)) @@ -1553,6 +1615,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_SRP_gN_cache_pop(st) SKM_sk_pop(SRP_gN_cache, (st)) # define sk_SRP_gN_cache_sort(st) SKM_sk_sort(SRP_gN_cache, (st)) # define sk_SRP_gN_cache_is_sorted(st) SKM_sk_is_sorted(SRP_gN_cache, (st)) + # define sk_SRP_user_pwd_new(cmp) SKM_sk_new(SRP_user_pwd, (cmp)) # define sk_SRP_user_pwd_new_null() SKM_sk_new_null(SRP_user_pwd) # define sk_SRP_user_pwd_free(st) SKM_sk_free(SRP_user_pwd, (st)) @@ -1575,6 +1638,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_SRP_user_pwd_pop(st) SKM_sk_pop(SRP_user_pwd, (st)) # define sk_SRP_user_pwd_sort(st) SKM_sk_sort(SRP_user_pwd, (st)) # define sk_SRP_user_pwd_is_sorted(st) SKM_sk_is_sorted(SRP_user_pwd, (st)) + # define sk_SRTP_PROTECTION_PROFILE_new(cmp) SKM_sk_new(SRTP_PROTECTION_PROFILE, (cmp)) # define sk_SRTP_PROTECTION_PROFILE_new_null() SKM_sk_new_null(SRTP_PROTECTION_PROFILE) # define sk_SRTP_PROTECTION_PROFILE_free(st) SKM_sk_free(SRTP_PROTECTION_PROFILE, (st)) @@ -1597,6 +1661,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_SRTP_PROTECTION_PROFILE_pop(st) SKM_sk_pop(SRTP_PROTECTION_PROFILE, (st)) # define sk_SRTP_PROTECTION_PROFILE_sort(st) SKM_sk_sort(SRTP_PROTECTION_PROFILE, (st)) # define sk_SRTP_PROTECTION_PROFILE_is_sorted(st) SKM_sk_is_sorted(SRTP_PROTECTION_PROFILE, (st)) + # define sk_SSL_CIPHER_new(cmp) SKM_sk_new(SSL_CIPHER, (cmp)) # define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER) # define sk_SSL_CIPHER_free(st) SKM_sk_free(SSL_CIPHER, (st)) @@ -1619,6 +1684,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_SSL_CIPHER_pop(st) SKM_sk_pop(SSL_CIPHER, (st)) # define sk_SSL_CIPHER_sort(st) SKM_sk_sort(SSL_CIPHER, (st)) # define sk_SSL_CIPHER_is_sorted(st) SKM_sk_is_sorted(SSL_CIPHER, (st)) + # define sk_SSL_COMP_new(cmp) SKM_sk_new(SSL_COMP, (cmp)) # define sk_SSL_COMP_new_null() SKM_sk_new_null(SSL_COMP) # define sk_SSL_COMP_free(st) SKM_sk_free(SSL_COMP, (st)) @@ -1641,6 +1707,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_SSL_COMP_pop(st) SKM_sk_pop(SSL_COMP, (st)) # define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st)) # define sk_SSL_COMP_is_sorted(st) SKM_sk_is_sorted(SSL_COMP, (st)) + # define sk_STACK_OF_X509_NAME_ENTRY_new(cmp) SKM_sk_new(STACK_OF_X509_NAME_ENTRY, (cmp)) # define sk_STACK_OF_X509_NAME_ENTRY_new_null() SKM_sk_new_null(STACK_OF_X509_NAME_ENTRY) # define sk_STACK_OF_X509_NAME_ENTRY_free(st) SKM_sk_free(STACK_OF_X509_NAME_ENTRY, (st)) @@ -1663,6 +1730,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_STACK_OF_X509_NAME_ENTRY_pop(st) SKM_sk_pop(STACK_OF_X509_NAME_ENTRY, (st)) # define sk_STACK_OF_X509_NAME_ENTRY_sort(st) SKM_sk_sort(STACK_OF_X509_NAME_ENTRY, (st)) # define sk_STACK_OF_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(STACK_OF_X509_NAME_ENTRY, (st)) + # define sk_STORE_ATTR_INFO_new(cmp) SKM_sk_new(STORE_ATTR_INFO, (cmp)) # define sk_STORE_ATTR_INFO_new_null() SKM_sk_new_null(STORE_ATTR_INFO) # define sk_STORE_ATTR_INFO_free(st) SKM_sk_free(STORE_ATTR_INFO, (st)) @@ -1685,6 +1753,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_STORE_ATTR_INFO_pop(st) SKM_sk_pop(STORE_ATTR_INFO, (st)) # define sk_STORE_ATTR_INFO_sort(st) SKM_sk_sort(STORE_ATTR_INFO, (st)) # define sk_STORE_ATTR_INFO_is_sorted(st) SKM_sk_is_sorted(STORE_ATTR_INFO, (st)) + # define sk_STORE_OBJECT_new(cmp) SKM_sk_new(STORE_OBJECT, (cmp)) # define sk_STORE_OBJECT_new_null() SKM_sk_new_null(STORE_OBJECT) # define sk_STORE_OBJECT_free(st) SKM_sk_free(STORE_OBJECT, (st)) @@ -1707,6 +1776,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_STORE_OBJECT_pop(st) SKM_sk_pop(STORE_OBJECT, (st)) # define sk_STORE_OBJECT_sort(st) SKM_sk_sort(STORE_OBJECT, (st)) # define sk_STORE_OBJECT_is_sorted(st) SKM_sk_is_sorted(STORE_OBJECT, (st)) + # define sk_SXNETID_new(cmp) SKM_sk_new(SXNETID, (cmp)) # define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID) # define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st)) @@ -1729,6 +1799,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_SXNETID_pop(st) SKM_sk_pop(SXNETID, (st)) # define sk_SXNETID_sort(st) SKM_sk_sort(SXNETID, (st)) # define sk_SXNETID_is_sorted(st) SKM_sk_is_sorted(SXNETID, (st)) + # define sk_UI_STRING_new(cmp) SKM_sk_new(UI_STRING, (cmp)) # define sk_UI_STRING_new_null() SKM_sk_new_null(UI_STRING) # define sk_UI_STRING_free(st) SKM_sk_free(UI_STRING, (st)) @@ -1751,6 +1822,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_UI_STRING_pop(st) SKM_sk_pop(UI_STRING, (st)) # define sk_UI_STRING_sort(st) SKM_sk_sort(UI_STRING, (st)) # define sk_UI_STRING_is_sorted(st) SKM_sk_is_sorted(UI_STRING, (st)) + # define sk_X509_new(cmp) SKM_sk_new(X509, (cmp)) # define sk_X509_new_null() SKM_sk_new_null(X509) # define sk_X509_free(st) SKM_sk_free(X509, (st)) @@ -1773,6 +1845,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_X509_pop(st) SKM_sk_pop(X509, (st)) # define sk_X509_sort(st) SKM_sk_sort(X509, (st)) # define sk_X509_is_sorted(st) SKM_sk_is_sorted(X509, (st)) + # define sk_X509V3_EXT_METHOD_new(cmp) SKM_sk_new(X509V3_EXT_METHOD, (cmp)) # define sk_X509V3_EXT_METHOD_new_null() SKM_sk_new_null(X509V3_EXT_METHOD) # define sk_X509V3_EXT_METHOD_free(st) SKM_sk_free(X509V3_EXT_METHOD, (st)) @@ -1795,6 +1868,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_X509V3_EXT_METHOD_pop(st) SKM_sk_pop(X509V3_EXT_METHOD, (st)) # define sk_X509V3_EXT_METHOD_sort(st) SKM_sk_sort(X509V3_EXT_METHOD, (st)) # define sk_X509V3_EXT_METHOD_is_sorted(st) SKM_sk_is_sorted(X509V3_EXT_METHOD, (st)) + # define sk_X509_ALGOR_new(cmp) SKM_sk_new(X509_ALGOR, (cmp)) # define sk_X509_ALGOR_new_null() SKM_sk_new_null(X509_ALGOR) # define sk_X509_ALGOR_free(st) SKM_sk_free(X509_ALGOR, (st)) @@ -1817,6 +1891,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_X509_ALGOR_pop(st) SKM_sk_pop(X509_ALGOR, (st)) # define sk_X509_ALGOR_sort(st) SKM_sk_sort(X509_ALGOR, (st)) # define sk_X509_ALGOR_is_sorted(st) SKM_sk_is_sorted(X509_ALGOR, (st)) + # define sk_X509_ATTRIBUTE_new(cmp) SKM_sk_new(X509_ATTRIBUTE, (cmp)) # define sk_X509_ATTRIBUTE_new_null() SKM_sk_new_null(X509_ATTRIBUTE) # define sk_X509_ATTRIBUTE_free(st) SKM_sk_free(X509_ATTRIBUTE, (st)) @@ -1839,6 +1914,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_X509_ATTRIBUTE_pop(st) SKM_sk_pop(X509_ATTRIBUTE, (st)) # define sk_X509_ATTRIBUTE_sort(st) SKM_sk_sort(X509_ATTRIBUTE, (st)) # define sk_X509_ATTRIBUTE_is_sorted(st) SKM_sk_is_sorted(X509_ATTRIBUTE, (st)) + # define sk_X509_CRL_new(cmp) SKM_sk_new(X509_CRL, (cmp)) # define sk_X509_CRL_new_null() SKM_sk_new_null(X509_CRL) # define sk_X509_CRL_free(st) SKM_sk_free(X509_CRL, (st)) @@ -1861,6 +1937,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_X509_CRL_pop(st) SKM_sk_pop(X509_CRL, (st)) # define sk_X509_CRL_sort(st) SKM_sk_sort(X509_CRL, (st)) # define sk_X509_CRL_is_sorted(st) SKM_sk_is_sorted(X509_CRL, (st)) + # define sk_X509_EXTENSION_new(cmp) SKM_sk_new(X509_EXTENSION, (cmp)) # define sk_X509_EXTENSION_new_null() SKM_sk_new_null(X509_EXTENSION) # define sk_X509_EXTENSION_free(st) SKM_sk_free(X509_EXTENSION, (st)) @@ -1883,6 +1960,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_X509_EXTENSION_pop(st) SKM_sk_pop(X509_EXTENSION, (st)) # define sk_X509_EXTENSION_sort(st) SKM_sk_sort(X509_EXTENSION, (st)) # define sk_X509_EXTENSION_is_sorted(st) SKM_sk_is_sorted(X509_EXTENSION, (st)) + # define sk_X509_INFO_new(cmp) SKM_sk_new(X509_INFO, (cmp)) # define sk_X509_INFO_new_null() SKM_sk_new_null(X509_INFO) # define sk_X509_INFO_free(st) SKM_sk_free(X509_INFO, (st)) @@ -1905,6 +1983,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_X509_INFO_pop(st) SKM_sk_pop(X509_INFO, (st)) # define sk_X509_INFO_sort(st) SKM_sk_sort(X509_INFO, (st)) # define sk_X509_INFO_is_sorted(st) SKM_sk_is_sorted(X509_INFO, (st)) + # define sk_X509_LOOKUP_new(cmp) SKM_sk_new(X509_LOOKUP, (cmp)) # define sk_X509_LOOKUP_new_null() SKM_sk_new_null(X509_LOOKUP) # define sk_X509_LOOKUP_free(st) SKM_sk_free(X509_LOOKUP, (st)) @@ -1927,6 +2006,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_X509_LOOKUP_pop(st) SKM_sk_pop(X509_LOOKUP, (st)) # define sk_X509_LOOKUP_sort(st) SKM_sk_sort(X509_LOOKUP, (st)) # define sk_X509_LOOKUP_is_sorted(st) SKM_sk_is_sorted(X509_LOOKUP, (st)) + # define sk_X509_NAME_new(cmp) SKM_sk_new(X509_NAME, (cmp)) # define sk_X509_NAME_new_null() SKM_sk_new_null(X509_NAME) # define sk_X509_NAME_free(st) SKM_sk_free(X509_NAME, (st)) @@ -1949,6 +2029,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_X509_NAME_pop(st) SKM_sk_pop(X509_NAME, (st)) # define sk_X509_NAME_sort(st) SKM_sk_sort(X509_NAME, (st)) # define sk_X509_NAME_is_sorted(st) SKM_sk_is_sorted(X509_NAME, (st)) + # define sk_X509_NAME_ENTRY_new(cmp) SKM_sk_new(X509_NAME_ENTRY, (cmp)) # define sk_X509_NAME_ENTRY_new_null() SKM_sk_new_null(X509_NAME_ENTRY) # define sk_X509_NAME_ENTRY_free(st) SKM_sk_free(X509_NAME_ENTRY, (st)) @@ -1971,6 +2052,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_X509_NAME_ENTRY_pop(st) SKM_sk_pop(X509_NAME_ENTRY, (st)) # define sk_X509_NAME_ENTRY_sort(st) SKM_sk_sort(X509_NAME_ENTRY, (st)) # define sk_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(X509_NAME_ENTRY, (st)) + # define sk_X509_OBJECT_new(cmp) SKM_sk_new(X509_OBJECT, (cmp)) # define sk_X509_OBJECT_new_null() SKM_sk_new_null(X509_OBJECT) # define sk_X509_OBJECT_free(st) SKM_sk_free(X509_OBJECT, (st)) @@ -1993,6 +2075,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_X509_OBJECT_pop(st) SKM_sk_pop(X509_OBJECT, (st)) # define sk_X509_OBJECT_sort(st) SKM_sk_sort(X509_OBJECT, (st)) # define sk_X509_OBJECT_is_sorted(st) SKM_sk_is_sorted(X509_OBJECT, (st)) + # define sk_X509_POLICY_DATA_new(cmp) SKM_sk_new(X509_POLICY_DATA, (cmp)) # define sk_X509_POLICY_DATA_new_null() SKM_sk_new_null(X509_POLICY_DATA) # define sk_X509_POLICY_DATA_free(st) SKM_sk_free(X509_POLICY_DATA, (st)) @@ -2015,6 +2098,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_X509_POLICY_DATA_pop(st) SKM_sk_pop(X509_POLICY_DATA, (st)) # define sk_X509_POLICY_DATA_sort(st) SKM_sk_sort(X509_POLICY_DATA, (st)) # define sk_X509_POLICY_DATA_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_DATA, (st)) + # define sk_X509_POLICY_NODE_new(cmp) SKM_sk_new(X509_POLICY_NODE, (cmp)) # define sk_X509_POLICY_NODE_new_null() SKM_sk_new_null(X509_POLICY_NODE) # define sk_X509_POLICY_NODE_free(st) SKM_sk_free(X509_POLICY_NODE, (st)) @@ -2037,6 +2121,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_X509_POLICY_NODE_pop(st) SKM_sk_pop(X509_POLICY_NODE, (st)) # define sk_X509_POLICY_NODE_sort(st) SKM_sk_sort(X509_POLICY_NODE, (st)) # define sk_X509_POLICY_NODE_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_NODE, (st)) + # define sk_X509_PURPOSE_new(cmp) SKM_sk_new(X509_PURPOSE, (cmp)) # define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE) # define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st)) @@ -2059,6 +2144,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_X509_PURPOSE_pop(st) SKM_sk_pop(X509_PURPOSE, (st)) # define sk_X509_PURPOSE_sort(st) SKM_sk_sort(X509_PURPOSE, (st)) # define sk_X509_PURPOSE_is_sorted(st) SKM_sk_is_sorted(X509_PURPOSE, (st)) + # define sk_X509_REVOKED_new(cmp) SKM_sk_new(X509_REVOKED, (cmp)) # define sk_X509_REVOKED_new_null() SKM_sk_new_null(X509_REVOKED) # define sk_X509_REVOKED_free(st) SKM_sk_free(X509_REVOKED, (st)) @@ -2081,6 +2167,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_X509_REVOKED_pop(st) SKM_sk_pop(X509_REVOKED, (st)) # define sk_X509_REVOKED_sort(st) SKM_sk_sort(X509_REVOKED, (st)) # define sk_X509_REVOKED_is_sorted(st) SKM_sk_is_sorted(X509_REVOKED, (st)) + # define sk_X509_TRUST_new(cmp) SKM_sk_new(X509_TRUST, (cmp)) # define sk_X509_TRUST_new_null() SKM_sk_new_null(X509_TRUST) # define sk_X509_TRUST_free(st) SKM_sk_free(X509_TRUST, (st)) @@ -2103,6 +2190,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_X509_TRUST_pop(st) SKM_sk_pop(X509_TRUST, (st)) # define sk_X509_TRUST_sort(st) SKM_sk_sort(X509_TRUST, (st)) # define sk_X509_TRUST_is_sorted(st) SKM_sk_is_sorted(X509_TRUST, (st)) + # define sk_X509_VERIFY_PARAM_new(cmp) SKM_sk_new(X509_VERIFY_PARAM, (cmp)) # define sk_X509_VERIFY_PARAM_new_null() SKM_sk_new_null(X509_VERIFY_PARAM) # define sk_X509_VERIFY_PARAM_free(st) SKM_sk_free(X509_VERIFY_PARAM, (st)) @@ -2125,6 +2213,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_X509_VERIFY_PARAM_pop(st) SKM_sk_pop(X509_VERIFY_PARAM, (st)) # define sk_X509_VERIFY_PARAM_sort(st) SKM_sk_sort(X509_VERIFY_PARAM, (st)) # define sk_X509_VERIFY_PARAM_is_sorted(st) SKM_sk_is_sorted(X509_VERIFY_PARAM, (st)) + # define sk_nid_triple_new(cmp) SKM_sk_new(nid_triple, (cmp)) # define sk_nid_triple_new_null() SKM_sk_new_null(nid_triple) # define sk_nid_triple_free(st) SKM_sk_free(nid_triple, (st)) @@ -2147,6 +2236,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_nid_triple_pop(st) SKM_sk_pop(nid_triple, (st)) # define sk_nid_triple_sort(st) SKM_sk_sort(nid_triple, (st)) # define sk_nid_triple_is_sorted(st) SKM_sk_is_sorted(nid_triple, (st)) + # define sk_void_new(cmp) SKM_sk_new(void, (cmp)) # define sk_void_new_null() SKM_sk_new_null(void) # define sk_void_free(st) SKM_sk_free(void, (st)) @@ -2169,6 +2259,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_void_pop(st) SKM_sk_pop(void, (st)) # define sk_void_sort(st) SKM_sk_sort(void, (st)) # define sk_void_is_sorted(st) SKM_sk_is_sorted(void, (st)) + # define sk_OPENSSL_STRING_new(cmp) ((STACK_OF(OPENSSL_STRING) *)sk_new(CHECKED_SK_CMP_FUNC(char, cmp))) # define sk_OPENSSL_STRING_new_null() ((STACK_OF(OPENSSL_STRING) *)sk_new_null()) # define sk_OPENSSL_STRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) @@ -2193,6 +2284,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_OPENSSL_STRING_pop(st) (char *)sk_pop(CHECKED_STACK_OF(OPENSSL_STRING, st)) # define sk_OPENSSL_STRING_sort(st) SKM_sk_sort(OPENSSL_STRING, (st)) # define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st)) + # define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp))) # define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null()) # define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val)) @@ -2217,6 +2309,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_OPENSSL_BLOCK_pop(st) (void *)sk_pop(CHECKED_STACK_OF(OPENSSL_BLOCK, st)) # define sk_OPENSSL_BLOCK_sort(st) SKM_sk_sort(OPENSSL_BLOCK, (st)) # define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st)) + # define sk_OPENSSL_PSTRING_new(cmp) ((STACK_OF(OPENSSL_PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) # define sk_OPENSSL_PSTRING_new_null() ((STACK_OF(OPENSSL_PSTRING) *)sk_new_null()) # define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) @@ -2241,6 +2334,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_OPENSSL_PSTRING_pop(st) (OPENSSL_STRING *)sk_pop(CHECKED_STACK_OF(OPENSSL_PSTRING, st)) # define sk_OPENSSL_PSTRING_sort(st) SKM_sk_sort(OPENSSL_PSTRING, (st)) # define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st)) + # define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -2249,6 +2343,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) SKM_ASN1_seq_pack(ACCESS_DESCRIPTION, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_ACCESS_DESCRIPTION(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(ACCESS_DESCRIPTION, (buf), (len), (d2i_func), (free_func)) + # define d2i_ASN1_SET_OF_ASN1_INTEGER(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(ASN1_INTEGER, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_ASN1_INTEGER(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -2257,6 +2352,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) SKM_ASN1_seq_pack(ASN1_INTEGER, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_ASN1_INTEGER(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(ASN1_INTEGER, (buf), (len), (d2i_func), (free_func)) + # define d2i_ASN1_SET_OF_ASN1_OBJECT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(ASN1_OBJECT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_ASN1_OBJECT(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -2265,6 +2361,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) SKM_ASN1_seq_pack(ASN1_OBJECT, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_ASN1_OBJECT(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(ASN1_OBJECT, (buf), (len), (d2i_func), (free_func)) + # define d2i_ASN1_SET_OF_ASN1_TYPE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(ASN1_TYPE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_ASN1_TYPE(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -2273,6 +2370,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) SKM_ASN1_seq_pack(ASN1_TYPE, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_ASN1_TYPE(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(ASN1_TYPE, (buf), (len), (d2i_func), (free_func)) + # define d2i_ASN1_SET_OF_ASN1_UTF8STRING(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(ASN1_UTF8STRING, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_ASN1_UTF8STRING(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -2281,6 +2379,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) SKM_ASN1_seq_pack(ASN1_UTF8STRING, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_ASN1_UTF8STRING(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(ASN1_UTF8STRING, (buf), (len), (d2i_func), (free_func)) + # define d2i_ASN1_SET_OF_DIST_POINT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(DIST_POINT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_DIST_POINT(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -2289,6 +2388,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) SKM_ASN1_seq_pack(DIST_POINT, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_DIST_POINT(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(DIST_POINT, (buf), (len), (d2i_func), (free_func)) + # define d2i_ASN1_SET_OF_ESS_CERT_ID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(ESS_CERT_ID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_ESS_CERT_ID(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -2297,6 +2397,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) SKM_ASN1_seq_pack(ESS_CERT_ID, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_ESS_CERT_ID(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(ESS_CERT_ID, (buf), (len), (d2i_func), (free_func)) + # define d2i_ASN1_SET_OF_EVP_MD(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(EVP_MD, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_EVP_MD(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -2305,6 +2406,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) SKM_ASN1_seq_pack(EVP_MD, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_EVP_MD(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(EVP_MD, (buf), (len), (d2i_func), (free_func)) + # define d2i_ASN1_SET_OF_GENERAL_NAME(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(GENERAL_NAME, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_GENERAL_NAME(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -2313,6 +2415,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) SKM_ASN1_seq_pack(GENERAL_NAME, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_GENERAL_NAME(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(GENERAL_NAME, (buf), (len), (d2i_func), (free_func)) + # define d2i_ASN1_SET_OF_OCSP_ONEREQ(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(OCSP_ONEREQ, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_OCSP_ONEREQ(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -2321,6 +2424,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) SKM_ASN1_seq_pack(OCSP_ONEREQ, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_OCSP_ONEREQ(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(OCSP_ONEREQ, (buf), (len), (d2i_func), (free_func)) + # define d2i_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(OCSP_SINGLERESP, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -2329,6 +2433,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) SKM_ASN1_seq_pack(OCSP_SINGLERESP, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_OCSP_SINGLERESP(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(OCSP_SINGLERESP, (buf), (len), (d2i_func), (free_func)) + # define d2i_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(PKCS12_SAFEBAG, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -2337,6 +2442,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) SKM_ASN1_seq_pack(PKCS12_SAFEBAG, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_PKCS12_SAFEBAG(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(PKCS12_SAFEBAG, (buf), (len), (d2i_func), (free_func)) + # define d2i_ASN1_SET_OF_PKCS7(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(PKCS7, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_PKCS7(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -2345,6 +2451,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) SKM_ASN1_seq_pack(PKCS7, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_PKCS7(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(PKCS7, (buf), (len), (d2i_func), (free_func)) + # define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(PKCS7_RECIP_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -2353,6 +2460,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) SKM_ASN1_seq_pack(PKCS7_RECIP_INFO, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_PKCS7_RECIP_INFO(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(PKCS7_RECIP_INFO, (buf), (len), (d2i_func), (free_func)) + # define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(PKCS7_SIGNER_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -2361,6 +2469,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) SKM_ASN1_seq_pack(PKCS7_SIGNER_INFO, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_PKCS7_SIGNER_INFO(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(PKCS7_SIGNER_INFO, (buf), (len), (d2i_func), (free_func)) + # define d2i_ASN1_SET_OF_POLICYINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(POLICYINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_POLICYINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -2369,6 +2478,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) SKM_ASN1_seq_pack(POLICYINFO, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_POLICYINFO(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(POLICYINFO, (buf), (len), (d2i_func), (free_func)) + # define d2i_ASN1_SET_OF_POLICYQUALINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(POLICYQUALINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_POLICYQUALINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -2377,6 +2487,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) SKM_ASN1_seq_pack(POLICYQUALINFO, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_POLICYQUALINFO(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(POLICYQUALINFO, (buf), (len), (d2i_func), (free_func)) + # define d2i_ASN1_SET_OF_SXNETID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(SXNETID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_SXNETID(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -2385,6 +2496,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) SKM_ASN1_seq_pack(SXNETID, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_SXNETID(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(SXNETID, (buf), (len), (d2i_func), (free_func)) + # define d2i_ASN1_SET_OF_X509(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(X509, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_X509(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -2393,6 +2505,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) SKM_ASN1_seq_pack(X509, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_X509(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(X509, (buf), (len), (d2i_func), (free_func)) + # define d2i_ASN1_SET_OF_X509_ALGOR(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(X509_ALGOR, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_X509_ALGOR(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -2401,6 +2514,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) SKM_ASN1_seq_pack(X509_ALGOR, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_X509_ALGOR(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(X509_ALGOR, (buf), (len), (d2i_func), (free_func)) + # define d2i_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(X509_ATTRIBUTE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -2409,6 +2523,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) SKM_ASN1_seq_pack(X509_ATTRIBUTE, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_X509_ATTRIBUTE(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(X509_ATTRIBUTE, (buf), (len), (d2i_func), (free_func)) + # define d2i_ASN1_SET_OF_X509_CRL(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(X509_CRL, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_X509_CRL(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -2417,6 +2532,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) SKM_ASN1_seq_pack(X509_CRL, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_X509_CRL(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(X509_CRL, (buf), (len), (d2i_func), (free_func)) + # define d2i_ASN1_SET_OF_X509_EXTENSION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(X509_EXTENSION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_X509_EXTENSION(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -2425,6 +2541,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) SKM_ASN1_seq_pack(X509_EXTENSION, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_X509_EXTENSION(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(X509_EXTENSION, (buf), (len), (d2i_func), (free_func)) + # define d2i_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(X509_NAME_ENTRY, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -2433,6 +2550,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) SKM_ASN1_seq_pack(X509_NAME_ENTRY, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_X509_NAME_ENTRY(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(X509_NAME_ENTRY, (buf), (len), (d2i_func), (free_func)) + # define d2i_ASN1_SET_OF_X509_REVOKED(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(X509_REVOKED, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) # define i2d_ASN1_SET_OF_X509_REVOKED(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -2441,10 +2559,13 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) SKM_ASN1_seq_pack(X509_REVOKED, (st), (i2d_func), (buf), (len)) # define ASN1_seq_unpack_X509_REVOKED(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(X509_REVOKED, (buf), (len), (d2i_func), (free_func)) + # define PKCS12_decrypt_d2i_PKCS12_SAFEBAG(algor, d2i_func, free_func, pass, passlen, oct, seq) \ SKM_PKCS12_decrypt_d2i(PKCS12_SAFEBAG, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq)) + # define PKCS12_decrypt_d2i_PKCS7(algor, d2i_func, free_func, pass, passlen, oct, seq) \ SKM_PKCS12_decrypt_d2i(PKCS7, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq)) + # define lh_ADDED_OBJ_new() LHM_lh_new(ADDED_OBJ,added_obj) # define lh_ADDED_OBJ_insert(lh,inst) LHM_lh_insert(ADDED_OBJ,lh,inst) # define lh_ADDED_OBJ_retrieve(lh,inst) LHM_lh_retrieve(ADDED_OBJ,lh,inst) @@ -2462,6 +2583,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define lh_ADDED_OBJ_stats_bio(lh,out) \ LHM_lh_stats_bio(ADDED_OBJ,lh,out) # define lh_ADDED_OBJ_free(lh) LHM_lh_free(ADDED_OBJ,lh) + # define lh_APP_INFO_new() LHM_lh_new(APP_INFO,app_info) # define lh_APP_INFO_insert(lh,inst) LHM_lh_insert(APP_INFO,lh,inst) # define lh_APP_INFO_retrieve(lh,inst) LHM_lh_retrieve(APP_INFO,lh,inst) @@ -2479,6 +2601,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define lh_APP_INFO_stats_bio(lh,out) \ LHM_lh_stats_bio(APP_INFO,lh,out) # define lh_APP_INFO_free(lh) LHM_lh_free(APP_INFO,lh) + # define lh_CONF_VALUE_new() LHM_lh_new(CONF_VALUE,conf_value) # define lh_CONF_VALUE_insert(lh,inst) LHM_lh_insert(CONF_VALUE,lh,inst) # define lh_CONF_VALUE_retrieve(lh,inst) LHM_lh_retrieve(CONF_VALUE,lh,inst) @@ -2496,6 +2619,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define lh_CONF_VALUE_stats_bio(lh,out) \ LHM_lh_stats_bio(CONF_VALUE,lh,out) # define lh_CONF_VALUE_free(lh) LHM_lh_free(CONF_VALUE,lh) + # define lh_ENGINE_PILE_new() LHM_lh_new(ENGINE_PILE,engine_pile) # define lh_ENGINE_PILE_insert(lh,inst) LHM_lh_insert(ENGINE_PILE,lh,inst) # define lh_ENGINE_PILE_retrieve(lh,inst) LHM_lh_retrieve(ENGINE_PILE,lh,inst) @@ -2513,6 +2637,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define lh_ENGINE_PILE_stats_bio(lh,out) \ LHM_lh_stats_bio(ENGINE_PILE,lh,out) # define lh_ENGINE_PILE_free(lh) LHM_lh_free(ENGINE_PILE,lh) + # define lh_ERR_STATE_new() LHM_lh_new(ERR_STATE,err_state) # define lh_ERR_STATE_insert(lh,inst) LHM_lh_insert(ERR_STATE,lh,inst) # define lh_ERR_STATE_retrieve(lh,inst) LHM_lh_retrieve(ERR_STATE,lh,inst) @@ -2530,6 +2655,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define lh_ERR_STATE_stats_bio(lh,out) \ LHM_lh_stats_bio(ERR_STATE,lh,out) # define lh_ERR_STATE_free(lh) LHM_lh_free(ERR_STATE,lh) + # define lh_ERR_STRING_DATA_new() LHM_lh_new(ERR_STRING_DATA,err_string_data) # define lh_ERR_STRING_DATA_insert(lh,inst) LHM_lh_insert(ERR_STRING_DATA,lh,inst) # define lh_ERR_STRING_DATA_retrieve(lh,inst) LHM_lh_retrieve(ERR_STRING_DATA,lh,inst) @@ -2547,6 +2673,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define lh_ERR_STRING_DATA_stats_bio(lh,out) \ LHM_lh_stats_bio(ERR_STRING_DATA,lh,out) # define lh_ERR_STRING_DATA_free(lh) LHM_lh_free(ERR_STRING_DATA,lh) + # define lh_EX_CLASS_ITEM_new() LHM_lh_new(EX_CLASS_ITEM,ex_class_item) # define lh_EX_CLASS_ITEM_insert(lh,inst) LHM_lh_insert(EX_CLASS_ITEM,lh,inst) # define lh_EX_CLASS_ITEM_retrieve(lh,inst) LHM_lh_retrieve(EX_CLASS_ITEM,lh,inst) @@ -2564,6 +2691,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define lh_EX_CLASS_ITEM_stats_bio(lh,out) \ LHM_lh_stats_bio(EX_CLASS_ITEM,lh,out) # define lh_EX_CLASS_ITEM_free(lh) LHM_lh_free(EX_CLASS_ITEM,lh) + # define lh_FUNCTION_new() LHM_lh_new(FUNCTION,function) # define lh_FUNCTION_insert(lh,inst) LHM_lh_insert(FUNCTION,lh,inst) # define lh_FUNCTION_retrieve(lh,inst) LHM_lh_retrieve(FUNCTION,lh,inst) @@ -2581,6 +2709,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define lh_FUNCTION_stats_bio(lh,out) \ LHM_lh_stats_bio(FUNCTION,lh,out) # define lh_FUNCTION_free(lh) LHM_lh_free(FUNCTION,lh) + # define lh_MEM_new() LHM_lh_new(MEM,mem) # define lh_MEM_insert(lh,inst) LHM_lh_insert(MEM,lh,inst) # define lh_MEM_retrieve(lh,inst) LHM_lh_retrieve(MEM,lh,inst) @@ -2598,6 +2727,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define lh_MEM_stats_bio(lh,out) \ LHM_lh_stats_bio(MEM,lh,out) # define lh_MEM_free(lh) LHM_lh_free(MEM,lh) + # define lh_OBJ_NAME_new() LHM_lh_new(OBJ_NAME,obj_name) # define lh_OBJ_NAME_insert(lh,inst) LHM_lh_insert(OBJ_NAME,lh,inst) # define lh_OBJ_NAME_retrieve(lh,inst) LHM_lh_retrieve(OBJ_NAME,lh,inst) @@ -2615,6 +2745,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define lh_OBJ_NAME_stats_bio(lh,out) \ LHM_lh_stats_bio(OBJ_NAME,lh,out) # define lh_OBJ_NAME_free(lh) LHM_lh_free(OBJ_NAME,lh) + # define lh_OPENSSL_CSTRING_new() LHM_lh_new(OPENSSL_CSTRING,openssl_cstring) # define lh_OPENSSL_CSTRING_insert(lh,inst) LHM_lh_insert(OPENSSL_CSTRING,lh,inst) # define lh_OPENSSL_CSTRING_retrieve(lh,inst) LHM_lh_retrieve(OPENSSL_CSTRING,lh,inst) @@ -2632,6 +2763,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define lh_OPENSSL_CSTRING_stats_bio(lh,out) \ LHM_lh_stats_bio(OPENSSL_CSTRING,lh,out) # define lh_OPENSSL_CSTRING_free(lh) LHM_lh_free(OPENSSL_CSTRING,lh) + # define lh_OPENSSL_STRING_new() LHM_lh_new(OPENSSL_STRING,openssl_string) # define lh_OPENSSL_STRING_insert(lh,inst) LHM_lh_insert(OPENSSL_STRING,lh,inst) # define lh_OPENSSL_STRING_retrieve(lh,inst) LHM_lh_retrieve(OPENSSL_STRING,lh,inst) @@ -2649,6 +2781,7 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define lh_OPENSSL_STRING_stats_bio(lh,out) \ LHM_lh_stats_bio(OPENSSL_STRING,lh,out) # define lh_OPENSSL_STRING_free(lh) LHM_lh_free(OPENSSL_STRING,lh) + # define lh_SSL_SESSION_new() LHM_lh_new(SSL_SESSION,ssl_session) # define lh_SSL_SESSION_insert(lh,inst) LHM_lh_insert(SSL_SESSION,lh,inst) # define lh_SSL_SESSION_retrieve(lh,inst) LHM_lh_retrieve(SSL_SESSION,lh,inst) @@ -2666,8 +2799,8 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define lh_SSL_SESSION_stats_bio(lh,out) \ LHM_lh_stats_bio(SSL_SESSION,lh,out) # define lh_SSL_SESSION_free(lh) LHM_lh_free(SSL_SESSION,lh) -/* End of util/mkstack.pl block, you may now edit :-) */ -#ifdef __cplusplus + +# ifdef __cplusplus } +# endif #endif -#endif /* !defined HEADER_SAFESTACK_H */ diff --git a/crypto/store/str_lib.c b/crypto/store/str_lib.c index 227b797..d683fd8 100644 --- a/crypto/store/str_lib.c +++ b/crypto/store/str_lib.c @@ -1187,8 +1187,6 @@ void STORE_OBJECT_free(STORE_OBJECT *data) OPENSSL_free(data); } -IMPLEMENT_STACK_OF(STORE_OBJECT*) - struct STORE_attr_info_st { unsigned char set[(STORE_ATTR_TYPE_NUM + 8) / 8]; union { diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c index 2d6b7de..06e6cd8 100644 --- a/crypto/ui/ui_lib.c +++ b/crypto/ui/ui_lib.c @@ -65,8 +65,6 @@ #include #include "ui_locl.h" -IMPLEMENT_STACK_OF(UI_STRING_ST) - static const UI_METHOD *default_UI_meth = NULL; UI *UI_new(void) diff --git a/crypto/x509/x509_ext.c b/crypto/x509/x509_ext.c index fb4e311..1790b1b 100644 --- a/crypto/x509/x509_ext.c +++ b/crypto/x509/x509_ext.c @@ -206,6 +206,4 @@ int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags); } -IMPLEMENT_STACK_OF(X509_EXTENSION) - IMPLEMENT_ASN1_SET_OF(X509_EXTENSION) diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index 85fb59c..f77e59d 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -717,7 +717,3 @@ X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx) { return ctx->ctx; } - -IMPLEMENT_STACK_OF(X509_LOOKUP) - -IMPLEMENT_STACK_OF(X509_OBJECT) diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c index 11e0763..92ea2b5 100644 --- a/crypto/x509/x509_trs.c +++ b/crypto/x509/x509_trs.c @@ -96,8 +96,6 @@ static X509_TRUST trstandard[] = { #define X509_TRUST_COUNT (sizeof(trstandard)/sizeof(X509_TRUST)) -IMPLEMENT_STACK_OF(X509_TRUST) - static STACK_OF(X509_TRUST) *trtable = NULL; static int tr_cmp(const X509_TRUST *const *a, const X509_TRUST *const *b) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 31bb95b..22c1f68 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -2403,12 +2403,6 @@ void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param) ctx->param = param; } -IMPLEMENT_STACK_OF(X509) - IMPLEMENT_ASN1_SET_OF(X509) -IMPLEMENT_STACK_OF(X509_NAME) - -IMPLEMENT_STACK_OF(X509_ATTRIBUTE) - IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE) diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c index 476d51c..139b8f2 100644 --- a/crypto/x509v3/v3_cpols.c +++ b/crypto/x509v3/v3_cpols.c @@ -472,8 +472,3 @@ void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent) else BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, ""); } - - -IMPLEMENT_STACK_OF(X509_POLICY_NODE) - -IMPLEMENT_STACK_OF(X509_POLICY_DATA) diff --git a/crypto/x509v3/v3_crld.c b/crypto/x509v3/v3_crld.c index d3e1d1b..0dbed9f 100644 --- a/crypto/x509v3/v3_crld.c +++ b/crypto/x509v3/v3_crld.c @@ -341,8 +341,6 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method, return NULL; } -IMPLEMENT_STACK_OF(DIST_POINT) - IMPLEMENT_ASN1_SET_OF(DIST_POINT) static int dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c index b5598c9..90ddd86 100644 --- a/crypto/x509v3/v3_lib.c +++ b/crypto/x509v3/v3_lib.c @@ -337,5 +337,3 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode); return 0; } - -IMPLEMENT_STACK_OF(X509V3_EXT_METHOD) diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index b748e98..d51f93f 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -110,8 +110,6 @@ static X509_PURPOSE xstandard[] = { #define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE)) -IMPLEMENT_STACK_OF(X509_PURPOSE) - static STACK_OF(X509_PURPOSE) *xptable = NULL; static int xp_cmp(const X509_PURPOSE *const *a, const X509_PURPOSE *const *b) diff --git a/crypto/x509v3/v3_sxnet.c b/crypto/x509v3/v3_sxnet.c index a4e6a93..6bff278 100644 --- a/crypto/x509v3/v3_sxnet.c +++ b/crypto/x509v3/v3_sxnet.c @@ -268,6 +268,4 @@ ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone) return NULL; } -IMPLEMENT_STACK_OF(SXNETID) - IMPLEMENT_ASN1_SET_OF(SXNETID) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 4289fb9..2bb1866 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3599,8 +3599,4 @@ void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx) return ctx->cert->sec_ex; } -IMPLEMENT_STACK_OF(SSL_CIPHER) - -IMPLEMENT_STACK_OF(SSL_COMP) - IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); diff --git a/util/mkstack.pl b/util/mkstack.pl index 2bd96cd..5295cdd 100755 --- a/util/mkstack.pl +++ b/util/mkstack.pl @@ -1,194 +1,396 @@ #!/usr/local/bin/perl -w -# This is a utility that searches out "DECLARE_STACK_OF()" -# declarations in .h and .c files, and updates/creates/replaces -# the corresponding macro declarations in crypto/stack/safestack.h. -# As it's not generally possible to have macros that generate macros, -# we need to control this from the "outside", here in this script. -# -# Geoff Thorpe, June, 2000 (with massive Perl-hacking -# help from Steve Robb) - -my $safestack = "crypto/stack/safestack"; - -my $do_write; -while (@ARGV) { - my $arg = $ARGV[0]; - if($arg eq "-write") { - $do_write = 1; - } - shift @ARGV; -} +# Search out "DECLARE_STACK_OF()" # declarations in .h and .c files, +# and create corresponding macro declarations for crypto/stack/safestack.h. + +my $safestack = "crypto/stack/safestack.h"; +my $do_write = 0; +foreach ( @ARGV ) { + $do_write = 1 if $_ eq "-write"; +} - at source = (, , , ); +my @stacklst; +my @sstacklst; +my @asn1setlst; +my @p12stklst; +my @lhashlst; +my @source = (, , , ); foreach $file (@source) { - next if -l $file; - - # Open the .c/.h file for reading - open(IN, "< $file") || die "Can't open $file for reading: $!"; - - while() { - if (/^DECLARE_STACK_OF$([^)]+)$/) { - push @stacklst, $1; - } - if (/^DECLARE_SPECIAL_STACK_OF$([^,\s]+)\s*,\s*([^>\s]+)$/) { - push @sstacklst, [$1, $2]; - } - if (/^DECLARE_ASN1_SET_OF$([^)]+)$/) { - push @asn1setlst, $1; - } - if (/^DECLARE_PKCS12_STACK_OF$([^)]+)$/) { - push @p12stklst, $1; - } - if (/^DECLARE_LHASH_OF$([^)]+)$/) { - push @lhashlst, $1; - } - } - close(IN); + next if -l $file; + + # Open the .c/.h file for reading + open(IN, "< $file") || die "Can't open $file for reading, $!"; + + while() { + next unless /^DECLARE_/; + if (/^DECLARE_STACK_OF$([^)]+)$/) { + push @stacklst, $1; + } + elsif (/^DECLARE_SPECIAL_STACK_OF$([^,\s]+)\s*,\s*([^>\s]+)$/) { + push @sstacklst, [$1, $2]; + } + elsif (/^DECLARE_ASN1_SET_OF$([^)]+)$/) { + push @asn1setlst, $1; + } + elsif (/^DECLARE_PKCS12_STACK_OF$([^)]+)$/) { + push @p12stklst, $1; + } + elsif (/^DECLARE_LHASH_OF$([^)]+)$/) { + push @lhashlst, $1; + } + } + close(IN); } +my $new_stackfile = <<'EOF'; +/* automatically generated by util/mkstack.pl */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core at openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay at cryptsoft.com). This product includes software written by Tim + * Hudson (tjh at cryptsoft.com). + * + */ + +#ifndef HEADER_SAFESTACK_H +# define HEADER_SAFESTACK_H + +# include + +#ifdef __cplusplus +extern "C" { +#endif + +# ifndef CHECKED_PTR_OF +# define CHECKED_PTR_OF(type, p) ((void*) (1 ? p : (type*)0)) +# endif + +/* + * In C++ we get problems because an explicit cast is needed from (void *) we + * use CHECKED_STACK_OF to ensure the correct type is passed in the macros + * below. + */ + +# define CHECKED_STACK_OF(type, p) \ + ((_STACK*) (1 ? p : (STACK_OF(type)*)0)) + +# define CHECKED_SK_COPY_FUNC(type, p) \ + ((void *(*)(void *)) ((1 ? p : (type *(*)(const type *))0))) + +# define CHECKED_SK_FREE_FUNC(type, p) \ + ((void (*)(void *)) ((1 ? p : (void (*)(type *))0))) + +# define CHECKED_SK_CMP_FUNC(type, p) \ + ((int (*)(const void *, const void *)) \ + ((1 ? p : (int (*)(const type * const *, const type * const *))0))) + +# define STACK_OF(type) struct stack_st_##type +# define PREDECLARE_STACK_OF(type) STACK_OF(type); + +# define DECLARE_STACK_OF(type) \ +STACK_OF(type) \ + { \ + _STACK stack; \ + }; +# define DECLARE_SPECIAL_STACK_OF(type, type2) \ +STACK_OF(type) \ + { \ + _STACK stack; \ + }; + +/*- + * Strings are special: normally an lhash entry will point to a single + * (somewhat) mutable object. In the case of strings: + * + * a) Instead of a single char, there is an array of chars, NUL-terminated. + * b) The string may have be immutable. + * + * So, they need their own declarations. Especially important for + * type-checking tools, such as Deputy. + * + * In practice, however, it appears to be hard to have a const + * string. For now, I'm settling for dealing with the fact it is a + * string at all. + */ +typedef char *OPENSSL_STRING; +typedef const char *OPENSSL_CSTRING; + +/*- + * Confusingly, LHASH_OF(STRING) deals with char ** throughout, but + * STACK_OF(STRING) is really more like STACK_OF(char), only, as mentioned + * above, instead of a single char each entry is a NUL-terminated array of + * chars. So, we have to implement STRING specially for STACK_OF. This is + * dealt with in the autogenerated macros below. + */ +DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) + +/* + * Similarly, we sometimes use a block of characters, NOT nul-terminated. + * These should also be distinguished from "normal" stacks. + */ +typedef void *OPENSSL_BLOCK; +DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) + +/* + * This file is automatically generated by util/mkstack.pl + * Do not edit! + */ + +/* + * SKM_sk_... stack macros are internal to safestack.h: never use them + * directly, use sk__... instead + */ +# define SKM_sk_new(type, cmp) \ + ((STACK_OF(type) *)sk_new(CHECKED_SK_CMP_FUNC(type, cmp))) +# define SKM_sk_new_null(type) \ + ((STACK_OF(type) *)sk_new_null()) +# define SKM_sk_free(type, st) \ + sk_free(CHECKED_STACK_OF(type, st)) +# define SKM_sk_num(type, st) \ + sk_num(CHECKED_STACK_OF(type, st)) +# define SKM_sk_value(type, st,i) \ + ((type *)sk_value(CHECKED_STACK_OF(type, st), i)) +# define SKM_sk_set(type, st,i,val) \ + sk_set(CHECKED_STACK_OF(type, st), i, CHECKED_PTR_OF(type, val)) +# define SKM_sk_zero(type, st) \ + sk_zero(CHECKED_STACK_OF(type, st)) +# define SKM_sk_push(type, st, val) \ + sk_push(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val)) +# define SKM_sk_unshift(type, st, val) \ + sk_unshift(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val)) +# define SKM_sk_find(type, st, val) \ + sk_find(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val)) +# define SKM_sk_find_ex(type, st, val) \ + sk_find_ex(CHECKED_STACK_OF(type, st), \ + CHECKED_PTR_OF(type, val)) +# define SKM_sk_delete(type, st, i) \ + (type *)sk_delete(CHECKED_STACK_OF(type, st), i) +# define SKM_sk_delete_ptr(type, st, ptr) \ + (type *)sk_delete_ptr(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, ptr)) +# define SKM_sk_insert(type, st,val, i) \ + sk_insert(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val), i) +# define SKM_sk_set_cmp_func(type, st, cmp) \ + ((int (*)(const type * const *,const type * const *)) \ + sk_set_cmp_func(CHECKED_STACK_OF(type, st), CHECKED_SK_CMP_FUNC(type, cmp))) +# define SKM_sk_dup(type, st) \ + (STACK_OF(type) *)sk_dup(CHECKED_STACK_OF(type, st)) +# define SKM_sk_pop_free(type, st, free_func) \ + sk_pop_free(CHECKED_STACK_OF(type, st), CHECKED_SK_FREE_FUNC(type, free_func)) +# define SKM_sk_deep_copy(type, st, copy_func, free_func) \ + (STACK_OF(type) *)sk_deep_copy(CHECKED_STACK_OF(type, st), CHECKED_SK_COPY_FUNC(type, copy_func), CHECKED_SK_FREE_FUNC(type, free_func)) +# define SKM_sk_shift(type, st) \ + (type *)sk_shift(CHECKED_STACK_OF(type, st)) +# define SKM_sk_pop(type, st) \ + (type *)sk_pop(CHECKED_STACK_OF(type, st)) +# define SKM_sk_sort(type, st) \ + sk_sort(CHECKED_STACK_OF(type, st)) +# define SKM_sk_is_sorted(type, st) \ + sk_is_sorted(CHECKED_STACK_OF(type, st)) +# define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + (STACK_OF(type) *)d2i_ASN1_SET( \ + (STACK_OF(OPENSSL_BLOCK) **)CHECKED_PTR_OF(STACK_OF(type)*, st), \ + pp, length, \ + CHECKED_D2I_OF(type, d2i_func), \ + CHECKED_SK_FREE_FUNC(type, free_func), \ + ex_tag, ex_class) +# define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \ + i2d_ASN1_SET(CHECKED_STACK_OF(type, st), pp, \ + CHECKED_I2D_OF(type, i2d_func), \ + ex_tag, ex_class, is_set) + +# define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \ + ASN1_seq_pack(CHECKED_PTR_OF(STACK_OF(type), st), \ + CHECKED_I2D_OF(type, i2d_func), buf, len) +# define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \ + (STACK_OF(type) *)ASN1_seq_unpack(buf, \ + len, CHECKED_D2I_OF(type, d2i_func), \ + CHECKED_SK_FREE_FUNC(type, free_func)) +# define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \ + (STACK_OF(type) *)PKCS12_decrypt_d2i(algor, \ + CHECKED_D2I_OF(type, d2i_func), \ + CHECKED_SK_FREE_FUNC(type, free_func), \ + pass, passlen, oct, seq) +EOF + +my $old_stackfile; +{ + local $/ = undef; + open(IN, "$safestack") || die "Can't open $safestack, $!"; + $old_stackfile = ; + close(IN); +} -my $old_stackfile = ""; -my $new_stackfile = ""; -my $inside_block = 0; my $type_thing; +foreach $type_thing (sort @stacklst) { + $new_stackfile .= <) { - $old_stackfile .= $_; - - if (m|^/\* This block of defines is updated by util/mkstack.pl, please do not touch! \*/|) { - $inside_block = 1; - } - if (m|^/\* End of util/mkstack.pl block, you may now edit :-\) \*/|) { - $inside_block = 0; - } elsif ($inside_block == 0) { - $new_stackfile .= $_; - } - next if($inside_block != 1); - $new_stackfile .= "/* This block of defines is updated by util/mkstack.pl, please do not touch! */"; - - foreach $type_thing (sort @stacklst) { - $new_stackfile .= <[0]; - my $t2 = $type_thing->[1]; - $new_stackfile .= <[0]; + my $t2 = $type_thing->[1]; + $new_stackfile .= <$safestack.h" || die "Can't open output file"; - print OUT $new_stackfile; - close OUT; +if ($new_stackfile eq $old_stackfile) { + print "No changes to $safestack.\n"; } +elsif ($do_write) { + print "Writing new $safestack.\n"; + open OUT, ">$safestack" || die "Can't open $safestack for writing, $!"; + print OUT $new_stackfile; + close OUT; +} + +exit 0; From rsalz at openssl.org Fri Feb 6 15:53:05 2015 From: rsalz at openssl.org (Rich Salz) Date: Fri, 6 Feb 2015 16:53:05 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150206155307.B8C371E035F@butler.localdomain> The branch master has been updated via 9e9858d1cf28e39cfd214b5c508188d5016728fd (commit) from 5b18d3025c1c1d36be8f81f137265b46da58f881 (commit) - Log ----------------------------------------------------------------- commit 9e9858d1cf28e39cfd214b5c508188d5016728fd Author: Rich Salz Date: Fri Feb 6 10:52:12 2015 -0500 dead code cleanup: #if 0 in ssl I left many "#if 0" lines, usually because I thought we would probably want to revisit them later, or because they provided some useful internal documentation tips. Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: ssl/bio_ssl.c | 12 ---- ssl/d1_both.c | 27 --------- ssl/d1_clnt.c | 17 ------ ssl/d1_pkt.c | 173 -------------------------------------------------------- ssl/d1_srtp.c | 10 ---- ssl/d1_srvr.c | 5 -- ssl/kssl.c | 11 ---- ssl/s23_clnt.c | 7 --- ssl/s23_srvr.c | 3 - ssl/s3_clnt.c | 28 ++------- ssl/s3_lib.c | 35 ------------ ssl/s3_pkt.c | 69 ---------------------- ssl/ssl_cert.c | 14 ++--- ssl/ssl_lib.c | 50 ---------------- ssl/t1_enc.c | 5 -- ssl/t1_lib.c | 29 ---------- ssl/t1_trce.c | 8 --- 17 files changed, 10 insertions(+), 493 deletions(-) diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c index 458e071..e2831af 100644 --- a/ssl/bio_ssl.c +++ b/ssl/bio_ssl.c @@ -150,18 +150,6 @@ static int ssl_read(BIO *b, char *out, int outl) BIO_clear_retry_flags(b); -#if 0 - if (!SSL_is_init_finished(ssl)) { -/* ret=SSL_do_handshake(ssl); */ - if (ret > 0) { - - outflags = (BIO_FLAGS_READ | BIO_FLAGS_SHOULD_RETRY); - ret = -1; - goto end; - } - } -#endif -/* if (ret > 0) */ ret = SSL_read(ssl, out, outl); switch (SSL_get_error(ssl, ret)) { diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 487bc6c..7d48cc4 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -144,14 +144,6 @@ if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \ if (bitmask[ii] != 0xff) { is_complete = 0; break; } } -#if 0 -# define RSMBLY_BITMASK_PRINT(bitmask, msg_len) { \ - long ii; \ - printf("bitmask: "); for (ii = 0; ii < (msg_len); ii++) \ - printf("%d ", (bitmask[ii >> 3] & (1 << (ii & 7))) >> (ii & 7)); \ - printf("\n"); } -#endif - static unsigned char bitmask_start_values[] = { 0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80 }; static unsigned char bitmask_end_values[] = @@ -1031,20 +1023,6 @@ int dtls1_read_failed(SSL *s, int code) BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ); return code; } -#if 0 /* for now, each alert contains only one - * record number */ - item = pqueue_peek(state->rcvd_records); - if (item) { - /* send an alert immediately for all the missing records */ - } else -#endif - -#if 0 /* no more alert sending, just retransmit the - * last set of messages */ - if (state->timeout.read_timeouts >= DTLS1_TMO_READ_COUNT) - ssl3_send_alert(s, SSL3_AL_WARNING, - DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); -#endif return dtls1_handle_timeout(s); } @@ -1144,11 +1122,6 @@ int dtls1_buffer_message(SSL *s, int is_ccs) dtls1_hm_fragment_free(frag); return 0; } -#if 0 - fprintf(stderr, "buffered messge: \ttype = %xx\n", msg_buf->type); - fprintf(stderr, "\t\t\t\t\tlen = %d\n", msg_buf->len); - fprintf(stderr, "\t\t\t\t\tseq_num = %d\n", msg_buf->seq_num); -#endif pqueue_insert(s->d1->sent_messages, item); return 1; diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index 1858263..151dd47 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -714,13 +714,6 @@ int dtls1_connect(SSL *s) /* clean a few things up */ ssl3_cleanup_key_block(s); -#if 0 - if (s->init_buf != NULL) { - BUF_MEM_free(s->init_buf); - s->init_buf = NULL; - } -#endif - /* * If we are not 'joining' the last two packets, remove the * buffering now @@ -816,16 +809,6 @@ static int dtls1_get_hello_verify(SSL *s) } data = (unsigned char *)s->init_msg; -#if 0 - if (s->method->version != DTLS_ANY_VERSION && - ((data[0] != (s->version >> 8)) || (data[1] != (s->version & 0xff)))) - { - SSLerr(SSL_F_DTLS1_GET_HELLO_VERIFY, SSL_R_WRONG_SSL_VERSION); - s->version = (s->version & 0xff00) | data[1]; - al = SSL_AD_PROTOCOL_VERSION; - goto f_err; - } -#endif data += 2; cookie_len = *(data++); diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 331a50f..d66ecf5 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -187,11 +187,6 @@ static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap); static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap); static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch); -#if 0 -static int dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr, - unsigned short *priority, - unsigned long *offset); -#endif static int dtls1_buffer_record(SSL *s, record_pqueue *q, unsigned char *priority); static int dtls1_process_record(SSL *s); @@ -347,50 +342,6 @@ static int dtls1_process_buffered_records(SSL *s) return (1); } -#if 0 - -static int dtls1_get_buffered_record(SSL *s) -{ - pitem *item; - PQ_64BIT priority = - (((PQ_64BIT) s->d1->handshake_read_seq) << 32) | - ((PQ_64BIT) s->d1->r_msg_hdr.frag_off); - - /* if we're not (re)negotiating, nothing buffered */ - if (!SSL_in_init(s)) - return 0; - - item = pqueue_peek(s->d1->rcvd_records); - if (item && item->priority == priority) { - /* - * Check if we've received the record of interest. It must be a - * handshake record, since data records as passed up without - * buffering - */ - DTLS1_RECORD_DATA *rdata; - item = pqueue_pop(s->d1->rcvd_records); - rdata = (DTLS1_RECORD_DATA *)item->data; - - if (s->s3->rbuf.buf != NULL) - OPENSSL_free(s->s3->rbuf.buf); - - s->packet = rdata->packet; - s->packet_length = rdata->packet_length; - memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER)); - memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD)); - - OPENSSL_free(item->data); - pitem_free(item); - - /* s->d1->next_expected_seq_num++; */ - return (1); - } - - return 0; -} - -#endif - static int dtls1_process_record(SSL *s) { int i, al; @@ -1302,15 +1253,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) if (((s->state & SSL_ST_MASK) == SSL_ST_OK) && !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { -#if 0 /* worked only because C operator preferences - * are not as expected (and because this is - * not really needed for clients except for - * detecting protocol violations): */ - s->state = SSL_ST_BEFORE | (s->server) - ? SSL_ST_ACCEPT : SSL_ST_CONNECT; -#else s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; -#endif s->renegotiate = 1; s->new_session = 1; } @@ -1526,41 +1469,6 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, goto err; } - /* DTLS implements explicit IV, so no need for empty fragments */ -#if 0 - /* - * 'create_empty_fragment' is true only when this function calls itself - */ - if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done - && SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER) - { - /* - * countermeasure against known-IV weakness in CBC ciphersuites (see - * http://www.openssl.org/~bodo/tls-cbc.txt) - */ - - if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) { - /* - * recursive function call with 'create_empty_fragment' set; this - * prepares and buffers the data for an empty fragment (these - * 'prefix_len' bytes are sent out later together with the actual - * payload) - */ - prefix_len = s->method->do_ssl_write(s, type, buf, 0, 1); - if (prefix_len <= 0) - goto err; - - if (s->s3->wbuf.len < - (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE) { - /* insufficient space */ - SSLerr(SSL_F_DO_DTLS1_WRITE, ERR_R_INTERNAL_ERROR); - goto err; - } - } - - s->s3->empty_fragment_done = 1; - } -#endif p = wb->buf + prefix_len; /* write the header */ @@ -1672,13 +1580,6 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, wr->type = type; /* not needed but helps for debugging */ wr->length += DTLS1_RT_HEADER_LENGTH; -#if 0 /* this is now done at the message layer */ - /* buffer the record, making it easy to handle retransmits */ - if (type == SSL3_RT_HANDSHAKE || type == SSL3_RT_CHANGE_CIPHER_SPEC) - dtls1_buffer_record(s, wr->data, wr->length, - *((PQ_64BIT *) & (s->s3->write_sequence[0]))); -#endif - ssl3_record_sequence_update(&(s->s3->write_sequence[0])); if (create_empty_fragment) { @@ -1766,20 +1667,6 @@ int dtls1_dispatch_alert(SSL *s) #ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) { s2n(s->d1->handshake_read_seq, ptr); -# if 0 - if (s->d1->r_msg_hdr.frag_off == 0) - /* - * waiting for a new msg - */ - else - s2n(s->d1->r_msg_hdr.seq, ptr); /* partial msg read */ -# endif - -# if 0 - fprintf(stderr, - "s->d1->handshake_read_seq = %d, s->d1->r_msg_hdr.seq = %d\n", - s->d1->handshake_read_seq, s->d1->r_msg_hdr.seq); -# endif l2n3(s->d1->r_msg_hdr.frag_off, ptr); } #endif @@ -1833,66 +1720,6 @@ static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, return NULL; } -#if 0 -static int -dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr, - unsigned short *priority, unsigned long *offset) -{ - - /* alerts are passed up immediately */ - if (rr->type == SSL3_RT_APPLICATION_DATA || rr->type == SSL3_RT_ALERT) - return 0; - - /* - * Only need to buffer if a handshake is underway. (this implies that - * Hello Request and Client Hello are passed up immediately) - */ - if (SSL_in_init(s)) { - unsigned char *data = rr->data; - /* need to extract the HM/CCS sequence number here */ - if (rr->type == SSL3_RT_HANDSHAKE || - rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) { - unsigned short seq_num; - struct hm_header_st msg_hdr; - struct ccs_header_st ccs_hdr; - - if (rr->type == SSL3_RT_HANDSHAKE) { - dtls1_get_message_header(data, &msg_hdr); - seq_num = msg_hdr.seq; - *offset = msg_hdr.frag_off; - } else { - dtls1_get_ccs_header(data, &ccs_hdr); - seq_num = ccs_hdr.seq; - *offset = 0; - } - - /* - * this is either a record we're waiting for, or a retransmit of - * something we happened to previously receive (higher layers - * will drop the repeat silently - */ - if (seq_num < s->d1->handshake_read_seq) - return 0; - if (rr->type == SSL3_RT_HANDSHAKE && - seq_num == s->d1->handshake_read_seq && - msg_hdr.frag_off < s->d1->r_msg_hdr.frag_off) - return 0; - else if (seq_num == s->d1->handshake_read_seq && - (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC || - msg_hdr.frag_off == s->d1->r_msg_hdr.frag_off)) - return 0; - else { - *priority = seq_num; - return 1; - } - } else /* unknown record type */ - return 0; - } - - return 0; -} -#endif - void dtls1_reset_seq_numbers(SSL *s, int rw) { unsigned char *seq; diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c index c7861b8..0d62de6 100644 --- a/ssl/d1_srtp.c +++ b/ssl/d1_srtp.c @@ -129,16 +129,6 @@ static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = { "SRTP_AES128_CM_SHA1_32", SRTP_AES128_CM_SHA1_32, }, -# if 0 - { - "SRTP_NULL_SHA1_80", - SRTP_NULL_SHA1_80, - }, - { - "SRTP_NULL_SHA1_32", - SRTP_NULL_SHA1_32, - }, -# endif {0} }; diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 55d37e7..c5a5924 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -842,11 +842,6 @@ int dtls1_accept(SSL *s) /* clean a few things up */ ssl3_cleanup_key_block(s); -#if 0 - BUF_MEM_free(s->init_buf); - s->init_buf = NULL; -#endif - /* remove buffering on output */ ssl_free_wbio_buffer(s); diff --git a/ssl/kssl.c b/ssl/kssl.c index df8df59..6ec3742 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -962,17 +962,6 @@ void print_krb5_authdata(char *label, krb5_authdata **adata) return; } fprintf(stderr, "%s [%p]\n", label, (void *)adata); -# if 0 - { - int i; - fprintf(stderr, "%s[at%d:%d] ", label, adata->ad_type, adata->length); - for (i = 0; i < adata->length; i++) { - fprintf(stderr, (isprint(adata->contents[i])) ? "%c " : "%02x", - adata->contents[i]); - } - fprintf(stderr, "\n"); - } -# endif } /* diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 05fef3c..e04d3af 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -324,13 +324,6 @@ static int ssl23_client_hello(SSL *s) buf = (unsigned char *)s->init_buf->data; if (s->state == SSL23_ST_CW_CLNT_HELLO_A) { -#if 0 - /* don't reuse session-id's */ - if (!ssl_get_new_session(s, 0)) { - return (-1); - } -#endif - p = s->s3->client_random; if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0) return -1; diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index 1c6cf49..6ac6e4e 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -569,9 +569,6 @@ int ssl23_get_client_hello(SSL *s) s->s3->rbuf.left = 0; s->s3->rbuf.offset = 0; } -#if 0 /* ssl3_get_client_hello does this */ - s->client_version = (v[0] << 8) | v[1]; -#endif s->handshake_func = s->method->ssl_accept; } else { /* bad, very bad */ diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 4d7d05b..1e437b2 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -755,14 +755,8 @@ int ssl3_client_hello(SSL *s) * client_version in client hello and not resetting it to * the negotiated version. */ -#if 0 - *(p++) = s->version >> 8; - *(p++) = s->version & 0xff; - s->client_version = s->version; -#else *(p++) = s->client_version >> 8; *(p++) = s->client_version & 0xff; -#endif /* Random stuff */ memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE); @@ -1036,16 +1030,10 @@ int ssl3_get_server_hello(SSL *s) if (s->session->cipher) s->session->cipher_id = s->session->cipher->id; if (s->hit && (s->session->cipher_id != c->id)) { -/* Workaround is now obsolete */ -#if 0 - if (!(s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)) -#endif - { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, - SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); - goto f_err; - } + al = SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); + goto f_err; } s->s3->tmp.new_cipher = c; /* @@ -2091,14 +2079,6 @@ int ssl3_get_certificate_request(SSL *s) /* get the CA RDNs */ n2s(p, llen); -#if 0 - { - FILE *out; - out = fopen("/tmp/vsign.der", "w"); - fwrite(p, 1, llen, out); - fclose(out); - } -#endif if ((unsigned long)(p - d + llen) != n) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 320d4a5..ab19eeb 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -1213,41 +1213,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { #endif /* OPENSSL_NO_CAMELLIA */ #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES - /* New TLS Export CipherSuites from expired ID */ -# if 0 - /* Cipher 60 */ - { - 1, - TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5, - TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5, - SSL_kRSA, - SSL_aRSA, - SSL_RC4, - SSL_MD5, - SSL_TLSV1, - SSL_EXPORT | SSL_EXP56, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 56, - 128, - }, - - /* Cipher 61 */ - { - 1, - TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, - TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, - SSL_kRSA, - SSL_aRSA, - SSL_RC2, - SSL_MD5, - SSL_TLSV1, - SSL_EXPORT | SSL_EXP56, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 56, - 128, - }, -# endif - /* Cipher 62 */ { 1, diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 5b8fe5c..11b1c55 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -352,9 +352,6 @@ static int ssl3_get_record(SSL *s) ssl_minor = *(p++); version = (ssl_major << 8) | ssl_minor; n2s(p, rr->length); -#if 0 - fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length); -#endif /* Lets check version */ if (!s->first_packet) { @@ -585,10 +582,6 @@ static int ssl3_get_record(SSL *s) } goto again; } -#if 0 - fprintf(stderr, "Ultimate Record type=%d, Length=%d\n", rr->type, - rr->length); -#endif return (1); @@ -914,60 +907,6 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, goto err; } -#if 0 && !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK - if (type == SSL3_RT_APPLICATION_DATA && s->compress == NULL && - !SSL_USE_ETM(s) && SSL_USE_EXPLICIT_IV(s) && - EVP_CIPHER_flags(s->enc_write_ctx->cipher) & - EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) - do { - unsigned char aad[13]; - EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param = - { NULL, aad, sizeof(aad), 0 }; - int packlen; - - memcpy(aad, s->s3->write_sequence, 8); - aad[8] = type; - aad[9] = (unsigned char)(s->version >> 8); - aad[10] = (unsigned char)(s->version); - aad[11] = (unsigned char)(len >> 8); - aad[12] = (unsigned char)len; - packlen = EVP_CIPHER_CTX_ctrl(s->enc_write_ctx, - EVP_CTRL_TLS1_1_MULTIBLOCK_AAD, - sizeof(mb_param), &mb_param); - - if (packlen == 0 || packlen > wb->len) - break; - - mb_param.out = wb->buf; - mb_param.inp = buf; - mb_param.len = len; - EVP_CIPHER_CTX_ctrl(s->enc_write_ctx, - EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT, - sizeof(mb_param), &mb_param); - - s->s3->write_sequence[7] += mb_param.interleave; - if (s->s3->write_sequence[7] < mb_param.interleave) { - int j = 6; - while (j >= 0 && (++s->s3->write_sequence[j--]) == 0) ; - } - - wb->offset = 0; - wb->left = packlen; - - /* - * memorize arguments so that ssl3_write_pending can detect bad - * write retries later - */ - s->s3->wpend_tot = len; - s->s3->wpend_buf = buf; - s->s3->wpend_type = type; - s->s3->wpend_ret = len; - - /* we now just need to write the buffer */ - return ssl3_write_pending(s, type, buf, len); - } while (0); -#endif - /* * 'create_empty_fragment' is true only when this function calls itself */ @@ -1604,15 +1543,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake) { if (((s->state & SSL_ST_MASK) == SSL_ST_OK) && !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { -#if 0 /* worked only because C operator preferences - * are not as expected (and because this is - * not really needed for clients except for - * detecting protocol violations): */ - s->state = SSL_ST_BEFORE | (s->server) - ? SSL_ST_ACCEPT : SSL_ST_CONNECT; -#else s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; -#endif s->renegotiate = 1; s->new_session = 1; } diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index d81e06b..9742599 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -664,10 +664,12 @@ void ssl_sess_cert_free(SESS_CERT *sc) for (i = 0; i < SSL_PKEY_NUM; i++) { if (sc->peer_pkeys[i].x509 != NULL) X509_free(sc->peer_pkeys[i].x509); -#if 0 /* We don't have the peer's private key. - * These lines are just * here as a reminder - * that we're still using a - * not-quite-appropriate * data structure. */ +#if 0 + /* + * We don't have the peer's private key. These lines are just + * here as a reminder that we're still using a not-quite-appropriate + * data structure. + */ if (sc->peer_pkeys[i].privatekey != NULL) EVP_PKEY_free(sc->peer_pkeys[i].privatekey); #endif @@ -717,10 +719,6 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) } /* Set suite B flags if needed */ X509_STORE_CTX_set_flags(&ctx, tls1_suiteb(s)); -#if 0 - if (SSL_get_verify_depth(s) >= 0) - X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s)); -#endif X509_STORE_CTX_set_ex_data(&ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s); /* diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 2bb1866..ed987c0 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -204,23 +204,10 @@ int SSL_clear(SSL *s) s->hit = 0; s->shutdown = 0; -#if 0 - /* - * Disabled since version 1.10 of this file (early return not - * needed because SSL_clear is not called when doing renegotiation) - */ - /* - * This is set if we are doing dynamic renegotiation so keep - * the old cipher. It is sort of a SSL_clear_lite :-) - */ - if (s->renegotiate) - return (1); -#else if (s->renegotiate) { SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR); return 0; } -#endif s->type = 0; @@ -230,9 +217,6 @@ int SSL_clear(SSL *s) s->client_version = s->version; s->rwstate = SSL_NOTHING; s->rstate = SSL_ST_READ_HEADER; -#if 0 - s->read_ahead = s->ctx->read_ahead; -#endif if (s->init_buf != NULL) { BUF_MEM_free(s->init_buf); @@ -326,9 +310,6 @@ SSL *SSL_new(SSL_CTX *ctx) s->msg_callback_arg = ctx->msg_callback_arg; s->verify_mode = ctx->verify_mode; s->not_resumable_session_cb = ctx->not_resumable_session_cb; -#if 0 - s->verify_depth = ctx->verify_depth; -#endif s->sid_ctx_length = ctx->sid_ctx_length; OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx)); @@ -339,10 +320,6 @@ SSL *SSL_new(SSL_CTX *ctx) if (!s->param) goto err; X509_VERIFY_PARAM_inherit(s->param, ctx->param); -#if 0 - s->purpose = ctx->purpose; - s->trust = ctx->trust; -#endif s->quiet_shutdown = ctx->quiet_shutdown; s->max_send_fragment = ctx->max_send_fragment; @@ -1915,26 +1892,14 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) ret->references = 1; ret->quiet_shutdown = 0; - -/* ret->cipher=NULL;*/ -/*- - ret->s2->challenge=NULL; - ret->master_key=NULL; - ret->s2->conn_id=NULL; */ - ret->info_callback = NULL; - ret->app_verify_callback = 0; ret->app_verify_arg = NULL; - ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT; ret->read_ahead = 0; ret->msg_callback = 0; ret->msg_callback_arg = NULL; ret->verify_mode = SSL_VERIFY_NONE; -#if 0 - ret->verify_depth = -1; /* Don't impose a limit (but x509_lu.c does) */ -#endif ret->sid_ctx_length = 0; ret->default_verify_callback = NULL; if ((ret->cert = ssl_cert_new()) == NULL) @@ -2097,13 +2062,7 @@ void SSL_CTX_free(SSL_CTX *a) sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free); if (a->extra_certs != NULL) sk_X509_pop_free(a->extra_certs, X509_free); -#if 0 /* This should never be done, since it - * removes a global database */ - if (a->comp_methods != NULL) - sk_SSL_COMP_pop_free(a->comp_methods, SSL_COMP_free); -#else a->comp_methods = NULL; -#endif #ifndef OPENSSL_NO_SRTP if (a->srtp_profiles) @@ -2265,15 +2224,6 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc))) emask_k |= SSL_kRSA; -#if 0 - /* The match needs to be both kDHE and aRSA or aDSA, so don't worry */ - if ((dh_tmp || dh_rsa || dh_dsa) && (rsa_enc || rsa_sign || dsa_sign)) - mask_k |= SSL_kDHE; - if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) && - (rsa_enc || rsa_sign || dsa_sign)) - emask_k |= SSL_kDHE; -#endif - if (dh_tmp_export) emask_k |= SSL_kDHE; diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index a432dca..0c49619 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -1302,11 +1302,6 @@ int tls1_alert_code(int code) return (TLS1_AD_UNKNOWN_PSK_IDENTITY); case SSL_AD_INAPPROPRIATE_FALLBACK: return (TLS1_AD_INAPPROPRIATE_FALLBACK); -#if 0 - /* not appropriate for TLS, not used for DTLS */ - case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: - return (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); -#endif default: return (-1); } diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 22f7047..c91b761 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1923,9 +1923,6 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, if (data + size > (d + n)) goto ri_check; -# if 0 - fprintf(stderr, "Received extension type %d size %d\n", type, size); -# endif if (s->tlsext_debug_cb) s->tlsext_debug_cb(s, 0, type, data, size, s->tlsext_debug_arg); if (type == TLSEXT_TYPE_renegotiate) { @@ -2080,15 +2077,6 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length); } -# if 0 - fprintf(stderr, - "ssl_parse_clienthello_tlsext s->session->tlsext_ecpointformatlist (length=%i) ", - s->session->tlsext_ecpointformatlist_length); - sdata = s->session->tlsext_ecpointformatlist; - for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) - fprintf(stderr, "%i ", *(sdata++)); - fprintf(stderr, "\n"); -# endif } else if (type == TLSEXT_TYPE_elliptic_curves) { unsigned char *sdata = data; int ellipticcurvelist_length = (*(sdata++) << 8); @@ -2117,15 +2105,6 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length); } -# if 0 - fprintf(stderr, - "ssl_parse_clienthello_tlsext s->session->tlsext_ellipticcurvelist (length=%i) ", - s->session->tlsext_ellipticcurvelist_length); - sdata = s->session->tlsext_ellipticcurvelist; - for (i = 0; i < s->session->tlsext_ellipticcurvelist_length; i++) - fprintf(stderr, "%i ", *(sdata++)); - fprintf(stderr, "\n"); -# endif } # endif /* OPENSSL_NO_EC */ else if (type == TLSEXT_TYPE_session_ticket) { @@ -2462,14 +2441,6 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length); } -# if 0 - fprintf(stderr, - "ssl_parse_serverhello_tlsext s->session->tlsext_ecpointformatlist "); - sdata = s->session->tlsext_ecpointformatlist; - for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++) - fprintf(stderr, "%i ", *(sdata++)); - fprintf(stderr, "\n"); -# endif } # endif /* OPENSSL_NO_EC */ diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 4161750..77f2a9f 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -1214,14 +1214,6 @@ void SSL_trace(int write_p, int version, int content_type, (msg[3] << 8 | msg[4]), (msg[5] << 8 | msg[6]), (msg[7] << 8 | msg[8]), (msg[9] << 8 | msg[10])); -# if 0 - /* - * Just print handshake type so we can see what is going on - * during fragmentation. - */ - BIO_printf(bio, "(%s)\n", - ssl_trace_str(msg[msglen], ssl_handshake_tbl)); -# endif } BIO_printf(bio, " Content Type = %s (%d)\n Length = %d", From rsalz at openssl.org Fri Feb 6 15:54:47 2015 From: rsalz at openssl.org (Rich Salz) Date: Fri, 6 Feb 2015 16:54:47 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150206155447.4DEE31E035F@butler.localdomain> The branch master has been updated via 6f91b017bbb7140f816721141ac156d1b828a6b3 (commit) from 9e9858d1cf28e39cfd214b5c508188d5016728fd (commit) - Log ----------------------------------------------------------------- commit 6f91b017bbb7140f816721141ac156d1b828a6b3 Author: Rich Salz Date: Fri Feb 6 10:54:20 2015 -0500 Live code cleanup: remove #if 1 stuff For code bracketed by "#if 1" then remove the alternate "#else .. #endif" lines. Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: apps/s_client.c | 10 ---------- apps/s_server.c | 38 -------------------------------------- apps/speed.c | 5 +---- apps/x509.c | 7 ------- crypto/bio/bf_nbio.c | 12 ++---------- crypto/conf/conf_def.c | 15 --------------- crypto/ec/ec_mult.c | 3 --- crypto/ec/ectest.c | 4 ---- crypto/rand/rand_win.c | 2 -- engines/e_padlock.c | 7 ++++--- 10 files changed, 7 insertions(+), 96 deletions(-) diff --git a/apps/s_client.c b/apps/s_client.c index 325dbf1..1607c6e 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1872,17 +1872,7 @@ int MAIN(int argc, char **argv) } } #endif -#if 1 k = SSL_read(con, sbuf, 1024 /* BUFSIZZ */ ); -#else -/* Demo for pending and peek :-) */ - k = SSL_read(con, sbuf, 16); - { - char zbuf[10240]; - printf("read=%d pending=%d peek=%d\n", k, SSL_pending(con), - SSL_peek(con, zbuf, 10240)); - } -#endif switch (SSL_get_error(con, k)) { case SSL_ERROR_NONE: diff --git a/apps/s_server.c b/apps/s_server.c index 5537fde..573bc87 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1878,7 +1878,6 @@ int MAIN(int argc, char *argv[]) goto end; } #ifndef OPENSSL_NO_RSA -# if 1 if (!no_tmp_rsa) { SSL_CTX_set_tmp_rsa_callback(ctx, tmp_rsa_cb); # ifndef OPENSSL_NO_TLSEXT @@ -1886,31 +1885,6 @@ int MAIN(int argc, char *argv[]) SSL_CTX_set_tmp_rsa_callback(ctx2, tmp_rsa_cb); # endif } -# else - if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx)) { - RSA *rsa; - - BIO_printf(bio_s_out, "Generating temp (512 bit) RSA key..."); - BIO_flush(bio_s_out); - - rsa = RSA_generate_key(512, RSA_F4, NULL); - - if (!SSL_CTX_set_tmp_rsa(ctx, rsa)) { - ERR_print_errors(bio_err); - goto end; - } -# ifndef OPENSSL_NO_TLSEXT - if (ctx2) { - if (!SSL_CTX_set_tmp_rsa(ctx2, rsa)) { - ERR_print_errors(bio_err); - goto end; - } - } -# endif - RSA_free(rsa); - BIO_printf(bio_s_out, "\n"); - } -# endif #endif if (no_resume_ephemeral) { @@ -2488,11 +2462,7 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context) err: if (con != NULL) { BIO_printf(bio_s_out, "shutting down SSL\n"); -#if 1 SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); -#else - SSL_shutdown(con); -#endif SSL_free(con); } BIO_printf(bio_s_out, "CONNECTION CLOSED\n"); @@ -3051,16 +3021,8 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context) break; } end: -#if 1 /* make sure we re-use sessions */ SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); -#else - /* This kills performance */ - /* - * SSL_shutdown(con); A shutdown gets sent in the BIO_free_all(io) - * procession - */ -#endif err: diff --git a/apps/speed.c b/apps/speed.c index 6ba7a2e..ee9d2de 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -2028,7 +2028,6 @@ int MAIN(int argc, char **argv) rsa_count = count; } -# if 1 ret = RSA_verify(NID_md5_sha1, buf, 36, buf2, rsa_num, rsa_key[j]); if (ret <= 0) { BIO_printf(bio_err, @@ -2056,7 +2055,6 @@ int MAIN(int argc, char **argv) count, rsa_bits[j], d); rsa_results[j][1] = d / (double)count; } -# endif if (rsa_count <= 1) { /* if longer than 10s, don't do any more */ @@ -2162,9 +2160,8 @@ int MAIN(int argc, char **argv) ERR_print_errors(bio_err); rsa_count = 1; } else { -# if 1 EC_KEY_precompute_mult(ecdsa[j], NULL); -# endif + /* Perform ECDSA signature test */ EC_KEY_generate_key(ecdsa[j]); ret = ECDSA_sign(0, buf, 20, ecdsasig, &ecdsasiglen, ecdsa[j]); diff --git a/apps/x509.c b/apps/x509.c index 4248bdb..4b08c18 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -469,13 +469,6 @@ int MAIN(int argc, char **argv) CA_createserial = ++num; else if (strcmp(*argv, "-clrext") == 0) clrext = 1; -#if 1 /* stay backwards-compatible with 0.9.5; this - * should go away soon */ - else if (strcmp(*argv, "-crlext") == 0) { - BIO_printf(bio_err, "use -clrext instead of -crlext\n"); - clrext = 1; - } -#endif else if (strcmp(*argv, "-ocspid") == 0) ocspid = ++num; else if (strcmp(*argv, "-badsig") == 0) diff --git a/crypto/bio/bf_nbio.c b/crypto/bio/bf_nbio.c index da88a8a..3af58bd 100644 --- a/crypto/bio/bf_nbio.c +++ b/crypto/bio/bf_nbio.c @@ -127,10 +127,8 @@ static int nbiof_free(BIO *a) static int nbiof_read(BIO *b, char *out, int outl) { int ret = 0; -#if 1 int num; unsigned char n; -#endif if (out == NULL) return (0); @@ -138,7 +136,6 @@ static int nbiof_read(BIO *b, char *out, int outl) return (0); BIO_clear_retry_flags(b); -#if 1 RAND_pseudo_bytes(&n, 1); num = (n & 0x07); @@ -148,9 +145,7 @@ static int nbiof_read(BIO *b, char *out, int outl) if (num == 0) { ret = -1; BIO_set_retry_read(b); - } else -#endif - { + } else { ret = BIO_read(b->next_bio, out, outl); if (ret < 0) BIO_copy_next_retry(b); @@ -173,7 +168,6 @@ static int nbiof_write(BIO *b, const char *in, int inl) BIO_clear_retry_flags(b); -#if 1 if (nt->lwn > 0) { num = nt->lwn; nt->lwn = 0; @@ -188,9 +182,7 @@ static int nbiof_write(BIO *b, const char *in, int inl) if (num == 0) { ret = -1; BIO_set_retry_write(b); - } else -#endif - { + } else { ret = BIO_write(b->next_bio, in, inl); if (ret < 0) { BIO_copy_next_retry(b); diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 5e22670..59053e8 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -384,25 +384,10 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) } } else tv = sv; -#if 1 if (_CONF_add_string(conf, tv, v) == 0) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); goto err; } -#else - v->section = tv->section; - if (!sk_CONF_VALUE_push(ts, v)) { - CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); - goto err; - } - vv = (CONF_VALUE *)lh_insert(conf->data, v); - if (vv != NULL) { - sk_CONF_VALUE_delete_ptr(ts, vv); - OPENSSL_free(vv->name); - OPENSSL_free(vv->value); - OPENSSL_free(vv); - } -#endif v = NULL; } } diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index fe87c41..16b37db 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -496,11 +496,8 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, } } -#if 1 /* optional; EC_window_bits_for_scalar_size - * assumes we do this step */ if (!EC_POINTs_make_affine(group, num_val, val, ctx)) goto err; -#endif r_is_at_infinity = 1; diff --git a/crypto/ec/ectest.c b/crypto/ec/ectest.c index fc04f3b..2290c8e 100644 --- a/crypto/ec/ectest.c +++ b/crypto/ec/ectest.c @@ -239,11 +239,9 @@ static void prime_field_tests(void) size_t i, len; int k; -# if 1 /* optional */ ctx = BN_CTX_new(); if (!ctx) ABORT; -# endif p = BN_new(); a = BN_new(); @@ -945,11 +943,9 @@ static void char2_field_tests(void) size_t i, len; int k; -# if 1 /* optional */ ctx = BN_CTX_new(); if (!ctx) ABORT; -# endif p = BN_new(); a = BN_new(); diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index eeb5e9c..1de39bb 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -182,7 +182,6 @@ typedef BOOL(WINAPI *MODULE32) (HANDLE, LPMODULEENTRY32); # include # include -# if 1 /* * The NET API is Unicode only. It requires the use of the UNICODE macro. * When UNICODE is defined LPTSTR becomes LPWSTR. LMSTR was was added to the @@ -193,7 +192,6 @@ typedef BOOL(WINAPI *MODULE32) (HANDLE, LPMODULEENTRY32); typedef NET_API_STATUS(NET_API_FUNCTION *NETSTATGET) (LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE *); typedef NET_API_STATUS(NET_API_FUNCTION *NETFREE) (LPBYTE); -# endif /* 1 */ # endif /* !OPENSSL_SYS_WINCE */ int RAND_poll(void) diff --git a/engines/e_padlock.c b/engines/e_padlock.c index 85f3938..9acca7d 100644 --- a/engines/e_padlock.c +++ b/engines/e_padlock.c @@ -159,10 +159,11 @@ static int padlock_bind_helper(ENGINE *e) /* Check available features */ padlock_available(); -# if 1 /* disable RNG for now, see commentary in - * vicinity of RNG code */ + /* + * RNG is currently disabled for reasons discussed in commentary just + * before padlock_rand_bytes function. + */ padlock_use_rng = 0; -# endif /* Generate a nice engine name with available features */ BIO_snprintf(padlock_name, sizeof(padlock_name), From rsalz at openssl.org Fri Feb 6 15:57:40 2015 From: rsalz at openssl.org (Rich Salz) Date: Fri, 6 Feb 2015 16:57:40 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150206155740.DCEA11E035F@butler.localdomain> The branch master has been updated via fbf08b79ff33110c242849e836aeb494bc03a132 (commit) from 6f91b017bbb7140f816721141ac156d1b828a6b3 (commit) - Log ----------------------------------------------------------------- commit fbf08b79ff33110c242849e836aeb494bc03a132 Author: Rich Salz Date: Fri Feb 6 10:55:31 2015 -0500 Remove X509_PAIR Unused type; a pair X509 certificates. Intended for LDAP support. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/asn1/x_x509a.c | 7 ------- crypto/ossl_typ.h | 1 - crypto/pem/pem.h | 2 -- crypto/pem/pem_xaux.c | 2 -- crypto/x509/x509.h | 8 -------- crypto/x509v3/x509v3.h | 1 - engines/e_capi.c | 1 - 7 files changed, 22 deletions(-) diff --git a/crypto/asn1/x_x509a.c b/crypto/asn1/x_x509a.c index 83fb299..2a2ca87 100644 --- a/crypto/asn1/x_x509a.c +++ b/crypto/asn1/x_x509a.c @@ -192,10 +192,3 @@ void X509_reject_clear(X509 *x) x->aux->reject = NULL; } } - -ASN1_SEQUENCE(X509_CERT_PAIR) = { - ASN1_EXP_OPT(X509_CERT_PAIR, forward, X509, 0), - ASN1_EXP_OPT(X509_CERT_PAIR, reverse, X509, 1) -} ASN1_SEQUENCE_END(X509_CERT_PAIR) - -IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_PAIR) diff --git a/crypto/ossl_typ.h b/crypto/ossl_typ.h index 1cf0a5c..a75f3d7 100644 --- a/crypto/ossl_typ.h +++ b/crypto/ossl_typ.h @@ -109,7 +109,6 @@ typedef struct asn1_sctx_st ASN1_SCTX; # ifdef OPENSSL_SYS_WIN32 # undef X509_NAME # undef X509_EXTENSIONS -# undef X509_CERT_PAIR # undef PKCS7_ISSUER_AND_SERIAL # undef OCSP_REQUEST # undef OCSP_RESPONSE diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h index d8057cb..d42e5b0 100644 --- a/crypto/pem/pem.h +++ b/crypto/pem/pem.h @@ -109,7 +109,6 @@ extern "C" { # define PEM_STRING_X509_OLD "X509 CERTIFICATE" # define PEM_STRING_X509 "CERTIFICATE" -# define PEM_STRING_X509_PAIR "CERTIFICATE PAIR" # define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE" # define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST" # define PEM_STRING_X509_REQ "CERTIFICATE REQUEST" @@ -431,7 +430,6 @@ void PEM_dek_info(char *buf, const char *type, int len, char *str); DECLARE_PEM_rw(X509, X509) DECLARE_PEM_rw(X509_AUX, X509) -DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR) DECLARE_PEM_rw(X509_REQ, X509_REQ) DECLARE_PEM_write(X509_REQ_NEW, X509_REQ) DECLARE_PEM_rw(X509_CRL, X509_CRL) diff --git a/crypto/pem/pem_xaux.c b/crypto/pem/pem_xaux.c index c523430..3263bd6 100644 --- a/crypto/pem/pem_xaux.c +++ b/crypto/pem/pem_xaux.c @@ -66,5 +66,3 @@ #include IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX) -IMPLEMENT_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR, PEM_STRING_X509_PAIR, - X509_CERT_PAIR) diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index fae320f..1e78e30 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -107,7 +107,6 @@ extern "C" { # ifdef OPENSSL_SYS_WIN32 /* Under Win32 these are defined in wincrypt.h */ # undef X509_NAME -# undef X509_CERT_PAIR # undef X509_EXTENSIONS # endif @@ -298,11 +297,6 @@ typedef struct x509_trust_st { DECLARE_STACK_OF(X509_TRUST) -typedef struct x509_cert_pair_st { - X509 *forward; - X509 *reverse; -} X509_CERT_PAIR; - /* standard trust ids */ # define X509_TRUST_DEFAULT -1/* Only valid in purpose settings */ @@ -799,8 +793,6 @@ DECLARE_ASN1_FUNCTIONS(X509_CINF) DECLARE_ASN1_FUNCTIONS(X509) DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX) -DECLARE_ASN1_FUNCTIONS(X509_CERT_PAIR) - int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); int X509_set_ex_data(X509 *r, int idx, void *arg); diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index a99d71b..d1cd6d3 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -70,7 +70,6 @@ extern "C" { # ifdef OPENSSL_SYS_WIN32 /* Under Win32 these are defined in wincrypt.h */ # undef X509_NAME -# undef X509_CERT_PAIR # undef X509_EXTENSIONS # endif diff --git a/engines/e_capi.c b/engines/e_capi.c index a6824d3..f280397 100644 --- a/engines/e_capi.c +++ b/engines/e_capi.c @@ -100,7 +100,6 @@ #ifdef __COMPILE_CAPIENG # undef X509_EXTENSIONS -# undef X509_CERT_PAIR /* Definitions which may be missing from earlier version of headers */ # ifndef CERT_STORE_OPEN_EXISTING_FLAG From rsalz at openssl.org Fri Feb 6 19:53:23 2015 From: rsalz at openssl.org (Rich Salz) Date: Fri, 6 Feb 2015 20:53:23 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150206195324.042001E035F@butler.localdomain> The branch master has been updated via 7cd6069c74bad2371a8512a818de0e588d4894f5 (commit) from fbf08b79ff33110c242849e836aeb494bc03a132 (commit) - Log ----------------------------------------------------------------- commit 7cd6069c74bad2371a8512a818de0e588d4894f5 Author: Rich Salz Date: Fri Feb 6 14:52:40 2015 -0500 Remove ui_compat This is the last of the old DES API. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/crypto-lib.com | 3 +- crypto/symhacks.h | 6 ---- crypto/ui/Makefile | 13 ++------ crypto/ui/ui_compat.c | 69 -------------------------------------- crypto/ui/ui_compat.h | 88 ------------------------------------------------- util/libeay.num | 4 +-- util/mkdef.pl | 2 +- 7 files changed, 7 insertions(+), 178 deletions(-) delete mode 100644 crypto/ui/ui_compat.c delete mode 100644 crypto/ui/ui_compat.h diff --git a/crypto/crypto-lib.com b/crypto/crypto-lib.com index 0b76a33..bf01471 100644 --- a/crypto/crypto-lib.com +++ b/crypto/crypto-lib.com @@ -342,8 +342,7 @@ $ LIB_COMP = "comp_lib,comp_err,"+ - "c_rle,c_zlib" $ LIB_OCSP = "ocsp_asn,ocsp_ext,ocsp_ht,ocsp_lib,ocsp_cl,"+ - "ocsp_srv,ocsp_prn,ocsp_vfy,ocsp_err" -$ LIB_UI_COMPAT = ",ui_compat" -$ LIB_UI = "ui_err,ui_lib,ui_openssl,ui_util"+LIB_UI_COMPAT +$ LIB_UI = "ui_err,ui_lib,ui_openssl,ui_util" $ LIB_KRB5 = "krb5_asn" $ LIB_CMS = "cms_lib,cms_asn1,cms_att,cms_io,cms_smime,cms_err,"+ - "cms_sd,cms_dd,cms_cd,cms_env,cms_enc,cms_ess,"+ - diff --git a/crypto/symhacks.h b/crypto/symhacks.h index 03cdb1a..9785685 100644 --- a/crypto/symhacks.h +++ b/crypto/symhacks.h @@ -229,12 +229,6 @@ # undef OCSP_SINGLERESP_get_ext_by_critical # define OCSP_SINGLERESP_get_ext_by_critical OCSP_SINGLERESP_get_ext_by_crit -/* Hack some long DES names */ -# undef _ossl_old_des_ede3_cfb64_encrypt -# define _ossl_old_des_ede3_cfb64_encrypt _ossl_odes_ede3_cfb64_encrypt -# undef _ossl_old_des_ede3_ofb64_encrypt -# define _ossl_old_des_ede3_ofb64_encrypt _ossl_odes_ede3_ofb64_encrypt - /* Hack some long EVP names */ # undef OPENSSL_add_all_algorithms_noconf # define OPENSSL_add_all_algorithms_noconf OPENSSL_add_all_algo_noconf diff --git a/crypto/ui/Makefile b/crypto/ui/Makefile index a685659..f0376a3 100644 --- a/crypto/ui/Makefile +++ b/crypto/ui/Makefile @@ -17,16 +17,13 @@ GENERAL=Makefile TEST= APPS= -COMPATSRC= ui_compat.c -COMPATOBJ= ui_compat.o - LIB=$(TOP)/libcrypto.a -LIBSRC= ui_err.c ui_lib.c ui_openssl.c ui_util.c $(COMPATSRC) -LIBOBJ= ui_err.o ui_lib.o ui_openssl.o ui_util.o $(COMPATOBJ) +LIBSRC= ui_err.c ui_lib.c ui_openssl.c ui_util.c +LIBOBJ= ui_err.o ui_lib.o ui_openssl.o ui_util.o SRC= $(LIBSRC) -EXHEADER= ui.h ui_compat.h +EXHEADER= ui.h HEADER= $(EXHEADER) ui_locl.h ALL= $(GENERAL) $(SRC) $(HEADER) @@ -78,10 +75,6 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -ui_compat.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -ui_compat.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -ui_compat.o: ../../include/openssl/stack.h ../../include/openssl/ui.h -ui_compat.o: ../../include/openssl/ui_compat.h ui_compat.c ui_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h ui_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h ui_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h diff --git a/crypto/ui/ui_compat.c b/crypto/ui/ui_compat.c deleted file mode 100644 index 0ca5284..0000000 --- a/crypto/ui/ui_compat.c +++ /dev/null @@ -1,69 +0,0 @@ -/* crypto/ui/ui_compat.c -*- mode:C; c-file-style: "eay" -*- */ -/* ==================================================================== - * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core at openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay at cryptsoft.com). This product includes software written by Tim - * Hudson (tjh at cryptsoft.com). - * - */ - -#include -#include - -int _ossl_old_des_read_pw_string(char *buf, int length, const char *prompt, - int verify) -{ - return UI_UTIL_read_pw_string(buf, length, prompt, verify); -} - -int _ossl_old_des_read_pw(char *buf, char *buff, int size, const char *prompt, - int verify) -{ - return UI_UTIL_read_pw(buf, buff, size, prompt, verify); -} diff --git a/crypto/ui/ui_compat.h b/crypto/ui/ui_compat.h deleted file mode 100644 index 42fb9ff..0000000 --- a/crypto/ui/ui_compat.h +++ /dev/null @@ -1,88 +0,0 @@ -/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */ -/* - * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project - * 2001. - */ -/* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core at openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay at cryptsoft.com). This product includes software written by Tim - * Hudson (tjh at cryptsoft.com). - * - */ - -#ifndef HEADER_UI_COMPAT_H -# define HEADER_UI_COMPAT_H - -# include -# include - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * The following functions were previously part of the DES section, and are - * provided here for backward compatibility reasons. - */ - -# define des_read_pw_string(b,l,p,v) \ - _ossl_old_des_read_pw_string((b),(l),(p),(v)) -# define des_read_pw(b,bf,s,p,v) \ - _ossl_old_des_read_pw((b),(bf),(s),(p),(v)) - -int _ossl_old_des_read_pw_string(char *buf, int length, const char *prompt, - int verify); -int _ossl_old_des_read_pw(char *buf, char *buff, int size, const char *prompt, - int verify); - -#ifdef __cplusplus -} -#endif -#endif diff --git a/util/libeay.num b/util/libeay.num index e77c94e..32cba2e 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -795,8 +795,8 @@ DES_random_key 802 EXIST::FUNCTION:DES _ossl_old_des_random_seed 803 NOEXIST::FUNCTION: _ossl_old_des_read_2passwords 804 NOEXIST::FUNCTION: _ossl_old_des_read_password 805 NOEXIST::FUNCTION: -_ossl_old_des_read_pw 806 EXIST::FUNCTION: -_ossl_old_des_read_pw_string 807 EXIST::FUNCTION: +_ossl_old_des_read_pw 806 NOEXIST::FUNCTION: +_ossl_old_des_read_pw_string 807 NOEXIST::FUNCTION: DES_set_key 808 EXIST::FUNCTION:DES DES_set_odd_parity 809 EXIST::FUNCTION:DES DES_string_to_2keys 810 EXIST::FUNCTION:DES diff --git a/util/mkdef.pl b/util/mkdef.pl index ea6655a..b549a60 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -320,7 +320,7 @@ $crypto.=" crypto/ts/ts.h"; $crypto.=" crypto/rand/rand.h"; $crypto.=" crypto/comp/comp.h" ; # unless $no_comp; $crypto.=" crypto/ocsp/ocsp.h"; -$crypto.=" crypto/ui/ui.h crypto/ui/ui_compat.h"; +$crypto.=" crypto/ui/ui.h"; $crypto.=" crypto/krb5/krb5_asn.h"; #$crypto.=" crypto/store/store.h"; $crypto.=" crypto/pqueue/pqueue.h"; From rsalz at openssl.org Fri Feb 6 21:49:44 2015 From: rsalz at openssl.org (Rich Salz) Date: Fri, 6 Feb 2015 22:49:44 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150206214944.B046B1E035F@butler.localdomain> The branch master has been updated via 05c3234ddfb41f4fdaae1162de3b825d741da828 (commit) from 7cd6069c74bad2371a8512a818de0e588d4894f5 (commit) - Log ----------------------------------------------------------------- commit 05c3234ddfb41f4fdaae1162de3b825d741da828 Author: Rich Salz Date: Fri Feb 6 16:49:17 2015 -0500 ui_compat cleanup; makefiles and vms Remove ui_compat.h from Makefile dependencies And from two VMS build/install scripts. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: apps/Makefile | 6 +++--- crypto/des/Makefile | 46 ++++++++++++++++++++++----------------------- crypto/evp/Makefile | 8 ++++---- crypto/install-crypto.com | 2 +- crypto/mdc2/Makefile | 4 ++-- crypto/pem/Makefile | 2 +- makevms.com | 2 +- test/Makefile | 4 ++-- 8 files changed, 37 insertions(+), 37 deletions(-) diff --git a/apps/Makefile b/apps/Makefile index 3af50b1..12a72e0 100644 --- a/apps/Makefile +++ b/apps/Makefile @@ -605,7 +605,7 @@ passwd.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h passwd.o: ../include/openssl/safestack.h ../include/openssl/sha.h passwd.o: ../include/openssl/stack.h ../include/openssl/symhacks.h passwd.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -passwd.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +passwd.o: ../include/openssl/x509.h passwd.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h passwd.o: passwd.c pkcs12.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h @@ -954,7 +954,7 @@ speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h speed.o: ../include/openssl/seed.h ../include/openssl/sha.h speed.o: ../include/openssl/stack.h ../include/openssl/symhacks.h speed.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -speed.o: ../include/openssl/ui_compat.h ../include/openssl/whrlpool.h +speed.o: ../include/openssl/whrlpool.h speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h speed.o: ../include/openssl/x509v3.h apps.h speed.c testdsa.h testrsa.h spkac.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h @@ -1037,7 +1037,7 @@ version.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h version.o: ../include/openssl/rc4.h ../include/openssl/safestack.h version.o: ../include/openssl/sha.h ../include/openssl/stack.h version.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -version.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +version.o: ../include/openssl/ui.h version.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h version.o: ../include/openssl/x509v3.h apps.h version.c x509.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h diff --git a/crypto/des/Makefile b/crypto/des/Makefile index e906ff3..eb955cf 100644 --- a/crypto/des/Makefile +++ b/crypto/des/Makefile @@ -110,45 +110,45 @@ cbc_cksm.o: ../../include/openssl/des.h cbc_cksm.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h cbc_cksm.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h cbc_cksm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -cbc_cksm.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +cbc_cksm.o: ../../include/openssl/ui.h cbc_cksm.o: cbc_cksm.c des_locl.h cbc_enc.o: ../../include/openssl/des.h cbc_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h cbc_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h cbc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -cbc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +cbc_enc.o: ../../include/openssl/ui.h cbc_enc.o: cbc_enc.c des_locl.h ncbc_enc.c cfb64ede.o: ../../e_os.h ../../include/openssl/des.h cfb64ede.o: ../../include/openssl/e_os2.h cfb64ede.o: ../../include/openssl/opensslconf.h cfb64ede.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h cfb64ede.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -cfb64ede.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +cfb64ede.o: ../../include/openssl/ui.h cfb64ede.o: cfb64ede.c des_locl.h cfb64enc.o: ../../include/openssl/des.h cfb64enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h cfb64enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h cfb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -cfb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +cfb64enc.o: ../../include/openssl/ui.h cfb64enc.o: cfb64enc.c des_locl.h cfb_enc.o: ../../e_os.h ../../include/openssl/des.h cfb_enc.o: ../../include/openssl/e_os2.h cfb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/ossl_typ.h cfb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h cfb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -cfb_enc.o: ../../include/openssl/ui_compat.h cfb_enc.c des_locl.h +cfb_enc.o: cfb_enc.c des_locl.h des_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h des_enc.o: ../../include/openssl/e_os2.h des_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h des_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h des_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -des_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +des_enc.o: ../../include/openssl/ui.h des_enc.o: des_enc.c des_locl.h ncbc_enc.c spr.h ecb3_enc.o: ../../include/openssl/des.h ecb3_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h ecb3_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h ecb3_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ecb3_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +ecb3_enc.o: ../../include/openssl/ui.h ecb3_enc.o: des_locl.h ecb3_enc.c ecb_enc.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h ecb_enc.o: ../../include/openssl/des.h @@ -156,7 +156,7 @@ ecb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h ecb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ecb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h ecb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -ecb_enc.o: ../../include/openssl/ui_compat.h des_locl.h des_ver.h ecb_enc.c +ecb_enc.o: des_locl.h des_ver.h ecb_enc.c enc_read.o: ../../e_os.h ../../include/openssl/bio.h enc_read.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h enc_read.o: ../../include/openssl/des.h @@ -165,7 +165,7 @@ enc_read.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h enc_read.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h enc_read.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h enc_read.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -enc_read.o: ../../include/openssl/ui_compat.h ../cryptlib.h des_locl.h +enc_read.o: ../cryptlib.h des_locl.h enc_read.o: enc_read.c enc_writ.o: ../../e_os.h ../../include/openssl/bio.h enc_writ.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -175,87 +175,87 @@ enc_writ.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h enc_writ.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h enc_writ.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h enc_writ.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -enc_writ.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +enc_writ.o: ../../include/openssl/ui.h enc_writ.o: ../cryptlib.h des_locl.h enc_writ.c fcrypt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h fcrypt.o: ../../include/openssl/e_os2.h fcrypt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h fcrypt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h fcrypt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -fcrypt.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +fcrypt.o: ../../include/openssl/ui.h fcrypt.o: des_locl.h fcrypt.c fcrypt_b.o: ../../include/openssl/des.h fcrypt_b.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h fcrypt_b.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h fcrypt_b.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -fcrypt_b.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +fcrypt_b.o: ../../include/openssl/ui.h fcrypt_b.o: des_locl.h fcrypt_b.c ofb64ede.o: ../../include/openssl/des.h ofb64ede.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h ofb64ede.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h ofb64ede.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ofb64ede.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +ofb64ede.o: ../../include/openssl/ui.h ofb64ede.o: des_locl.h ofb64ede.c ofb64enc.o: ../../include/openssl/des.h ofb64enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h ofb64enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h ofb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ofb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +ofb64enc.o: ../../include/openssl/ui.h ofb64enc.o: des_locl.h ofb64enc.c ofb_enc.o: ../../include/openssl/des.h ofb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h ofb_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h ofb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ofb_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +ofb_enc.o: ../../include/openssl/ui.h ofb_enc.o: des_locl.h ofb_enc.c pcbc_enc.o: ../../include/openssl/des.h pcbc_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h pcbc_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h pcbc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pcbc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +pcbc_enc.o: ../../include/openssl/ui.h pcbc_enc.o: des_locl.h pcbc_enc.c qud_cksm.o: ../../include/openssl/des.h qud_cksm.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h qud_cksm.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h qud_cksm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -qud_cksm.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +qud_cksm.o: ../../include/openssl/ui.h qud_cksm.o: des_locl.h qud_cksm.c rand_key.o: ../../include/openssl/des.h rand_key.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h rand_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h rand_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h rand_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -rand_key.o: ../../include/openssl/ui_compat.h rand_key.c +rand_key.o: rand_key.c read2pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h read2pwd.o: ../../include/openssl/e_os2.h read2pwd.o: ../../include/openssl/opensslconf.h read2pwd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h read2pwd.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h read2pwd.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -read2pwd.o: ../../include/openssl/ui_compat.h read2pwd.c +read2pwd.o: read2pwd.c rpc_enc.o: ../../include/openssl/des.h rpc_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h rpc_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h rpc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rpc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +rpc_enc.o: ../../include/openssl/ui.h rpc_enc.o: des_locl.h des_ver.h rpc_des.h rpc_enc.c set_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h set_key.o: ../../include/openssl/e_os2.h set_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h set_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h set_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -set_key.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +set_key.o: ../../include/openssl/ui.h set_key.o: des_locl.h set_key.c str2key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h str2key.o: ../../include/openssl/e_os2.h str2key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h str2key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h str2key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -str2key.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +str2key.o: ../../include/openssl/ui.h str2key.o: des_locl.h str2key.c xcbc_enc.o: ../../include/openssl/des.h xcbc_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h xcbc_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h xcbc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -xcbc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +xcbc_enc.o: ../../include/openssl/ui.h xcbc_enc.o: des_locl.h xcbc_enc.c diff --git a/crypto/evp/Makefile b/crypto/evp/Makefile index 925b094..ccaa6c8 100644 --- a/crypto/evp/Makefile +++ b/crypto/evp/Makefile @@ -271,7 +271,7 @@ e_des.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h e_des.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h e_des.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h e_des.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -e_des.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des.c evp_locl.h +e_des.o: ../cryptlib.h e_des.c evp_locl.h e_des3.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_des3.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_des3.o: ../../include/openssl/des.h @@ -282,7 +282,7 @@ e_des3.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h e_des3.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h e_des3.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h e_des3.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -e_des3.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +e_des3.o: ../../include/openssl/ui.h e_des3.o: ../cryptlib.h e_des3.c evp_locl.h e_idea.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_idea.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -358,7 +358,7 @@ e_xcbc_d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h e_xcbc_d.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h e_xcbc_d.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h e_xcbc_d.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -e_xcbc_d.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_xcbc_d.c +e_xcbc_d.o: ../cryptlib.h e_xcbc_d.c e_xcbc_d.o: evp_locl.h encode.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h encode.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -530,7 +530,7 @@ m_mdc2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h m_mdc2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h m_mdc2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h m_mdc2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -m_mdc2.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h +m_mdc2.o: ../../include/openssl/x509.h m_mdc2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_mdc2.c m_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h diff --git a/crypto/install-crypto.com b/crypto/install-crypto.com index a43f433..7734f94 100755 --- a/crypto/install-crypto.com +++ b/crypto/install-crypto.com @@ -131,7 +131,7 @@ $ exheader_pkcs7 := pkcs7.h $ exheader_pkcs12 := pkcs12.h $ exheader_comp := comp.h $ exheader_ocsp := ocsp.h -$ exheader_ui := ui.h, ui_compat.h +$ exheader_ui := ui.h $ exheader_krb5 := krb5_asn.h $ exheader_cms := cms.h $ exheader_pqueue := pqueue.h diff --git a/crypto/mdc2/Makefile b/crypto/mdc2/Makefile index 0e66978..7811764 100644 --- a/crypto/mdc2/Makefile +++ b/crypto/mdc2/Makefile @@ -83,11 +83,11 @@ mdc2_one.o: ../../include/openssl/opensslconf.h mdc2_one.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h mdc2_one.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h mdc2_one.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -mdc2_one.o: ../../include/openssl/ui_compat.h ../cryptlib.h mdc2_one.c +mdc2_one.o: ../cryptlib.h mdc2_one.c mdc2dgst.o: ../../include/openssl/crypto.h ../../include/openssl/des.h mdc2dgst.o: ../../include/openssl/e_os2.h mdc2dgst.o: ../../include/openssl/mdc2.h ../../include/openssl/opensslconf.h mdc2dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h mdc2dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h mdc2dgst.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -mdc2dgst.o: ../../include/openssl/ui_compat.h mdc2dgst.c +mdc2dgst.o: mdc2dgst.c diff --git a/crypto/pem/Makefile b/crypto/pem/Makefile index 9ac00b9..3664055 100644 --- a/crypto/pem/Makefile +++ b/crypto/pem/Makefile @@ -135,7 +135,7 @@ pem_lib.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h pem_lib.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h pem_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h pem_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -pem_lib.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h +pem_lib.o: ../../include/openssl/x509.h pem_lib.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h pem_lib.o: pem_lib.c pem_oth.o: ../../e_os.h ../../include/openssl/asn1.h diff --git a/makevms.com b/makevms.com index 6a73441..0f403db 100755 --- a/makevms.com +++ b/makevms.com @@ -830,7 +830,7 @@ $ EXHEADER_PKCS7 := pkcs7.h $ EXHEADER_PKCS12 := pkcs12.h $ EXHEADER_COMP := comp.h $ EXHEADER_OCSP := ocsp.h -$ EXHEADER_UI := ui.h, ui_compat.h +$ EXHEADER_UI := ui.h $ EXHEADER_KRB5 := krb5_asn.h $ EXHEADER_CMS := cms.h $ EXHEADER_PQUEUE := pqueue.h diff --git a/test/Makefile b/test/Makefile index fa5bd9f..4dfe892 100644 --- a/test/Makefile +++ b/test/Makefile @@ -574,7 +574,7 @@ destest.o: ../include/openssl/des.h destest.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h destest.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h destest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -destest.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h destest.c +destest.o: ../include/openssl/ui.h destest.c dhtest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h dhtest.o: ../include/openssl/crypto.h ../include/openssl/dh.h dhtest.o: ../include/openssl/e_os2.h ../include/openssl/err.h @@ -742,7 +742,7 @@ mdc2test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h mdc2test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h mdc2test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h mdc2test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -mdc2test.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h mdc2test.c +mdc2test.o: ../include/openssl/ui.h mdc2test.c p5_crpt2_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h p5_crpt2_test.o: ../include/openssl/buffer.h ../include/openssl/conf.h p5_crpt2_test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h From matt at openssl.org Sat Feb 7 14:31:22 2015 From: matt at openssl.org (Matt Caswell) Date: Sat, 7 Feb 2015 15:31:22 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150207143122.D271F1E035F@butler.localdomain> The branch master has been updated via 3ffbe008083dcaad282622e8e4be69bb29bc6315 (commit) from 05c3234ddfb41f4fdaae1162de3b825d741da828 (commit) - Log ----------------------------------------------------------------- commit 3ffbe008083dcaad282622e8e4be69bb29bc6315 Author: Matt Caswell Date: Sat Feb 7 00:08:59 2015 +0000 Apache Traffic Server has a need to set the rbio without touching the wbio. There is no mechanism to do that at the moment - SSL_set_bio makes changes to the wbio even if you pass in SSL_get_wbio(). This commit introduces two new API functions SSL_set_rbio() and SSL_set_wbio(). These do the same job as SSL_set_bio() except they enable you to manage the rbio and wbio individually. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: doc/ssl/SSL_set_bio.pod | 13 +++++++++++-- ssl/ssl.h | 2 ++ ssl/ssl_lib.c | 18 ++++++++++++++---- 3 files changed, 27 insertions(+), 6 deletions(-) diff --git a/doc/ssl/SSL_set_bio.pod b/doc/ssl/SSL_set_bio.pod index 67c9756..8b96ee9 100644 --- a/doc/ssl/SSL_set_bio.pod +++ b/doc/ssl/SSL_set_bio.pod @@ -2,7 +2,7 @@ =head1 NAME -SSL_set_bio - connect the SSL object with a BIO +SSL_set_bio, SSL_set_rbio, SSL_set_wbio - connect the SSL object with a BIO =head1 SYNOPSIS @@ -21,9 +21,14 @@ If a BIO is non-blocking, the B will also have non-blocking behaviour. If there was already a BIO connected to B, BIO_free() will be called (for both the reading and writing side, if different). +SSL_set_rbio() does the same job as SSL_set_bio() except that it enables you +to only connect the read bio, without touching the write bio. Similarly +SSL_set_wbio() enables you to connect the write bio without touching the read +bio. + =head1 RETURN VALUES -SSL_set_bio() cannot fail. +SSL_set_bio(), SSL_set_rbio() and SSL_set_wbio() cannot fail. =head1 SEE ALSO @@ -31,4 +36,8 @@ L, L, L, L, L, L +=head1 HISTORY + +SSL_set_rbio() and SSL_set_wbio() were added in OpenSSL 1.1.0. + =cut diff --git a/ssl/ssl.h b/ssl/ssl.h index 8eed2ca..564b75e 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1398,6 +1398,8 @@ int SSL_set_fd(SSL *s, int fd); int SSL_set_rfd(SSL *s, int fd); int SSL_set_wfd(SSL *s, int fd); # endif +void SSL_set_rbio(SSL *s, BIO *rbio); +void SSL_set_wbio(SSL *s, BIO *wbio); void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio); BIO *SSL_get_rbio(const SSL *s); BIO *SSL_get_wbio(const SSL *s); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index ed987c0..c535a42 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -622,7 +622,14 @@ void SSL_free(SSL *s) OPENSSL_free(s); } -void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio) +void SSL_set_rbio(SSL *s, BIO *rbio) +{ + if ((s->rbio != NULL) && (s->rbio != rbio)) + BIO_free_all(s->rbio); + s->rbio = rbio; +} + +void SSL_set_wbio(SSL *s, BIO *wbio) { /* * If the output buffering BIO is still in place, remove it @@ -633,14 +640,17 @@ void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio) s->bbio->next_bio = NULL; } } - if ((s->rbio != NULL) && (s->rbio != rbio)) - BIO_free_all(s->rbio); if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio)) BIO_free_all(s->wbio); - s->rbio = rbio; s->wbio = wbio; } +void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio) +{ + SSL_set_wbio(s, wbio); + SSL_set_rbio(s, rbio); +} + BIO *SSL_get_rbio(const SSL *s) { return (s->rbio); From rsalz at openssl.org Sun Feb 8 23:49:05 2015 From: rsalz at openssl.org (Rich Salz) Date: Mon, 9 Feb 2015 00:49:05 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150208234905.5804A1DF1AB@butler.localdomain> The branch master has been updated via 06cf881a3a10d5af3c1255c08cfd0c6ddb5f1cc3 (commit) from 3ffbe008083dcaad282622e8e4be69bb29bc6315 (commit) - Log ----------------------------------------------------------------- commit 06cf881a3a10d5af3c1255c08cfd0c6ddb5f1cc3 Author: Rich Salz Date: Sun Feb 8 18:48:09 2015 -0500 Final (for me, for now) dead code cleanup This is a final pass looking for '#if 0'/'#if 1' controls and removing the appropriate pieces. Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_add.c | 21 --------------------- crypto/bn/bn_lib.c | 23 ----------------------- crypto/bn/bn_mod.c | 8 -------- crypto/bn/bn_rand.c | 4 ---- crypto/bn/bn_recp.c | 2 -- crypto/ocsp/ocsp_ext.c | 43 ------------------------------------------- crypto/x509/x509_vfy.c | 6 ------ 7 files changed, 107 deletions(-) diff --git a/crypto/bn/bn_add.c b/crypto/bn/bn_add.c index f569a7e..e09451d 100644 --- a/crypto/bn/bn_add.c +++ b/crypto/bn/bn_add.c @@ -222,28 +222,7 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) break; } } -#if 0 memcpy(rp, ap, sizeof(*rp) * (max - i)); -#else - if (rp != ap) { - for (;;) { - if (!dif--) - break; - rp[0] = ap[0]; - if (!dif--) - break; - rp[1] = ap[1]; - if (!dif--) - break; - rp[2] = ap[2]; - if (!dif--) - break; - rp[3] = ap[3]; - rp += 4; - ap += 4; - } - } -#endif r->top = max; r->neg = 0; diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index c742db6..c3164fa 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -384,29 +384,6 @@ BIGNUM *bn_expand2(BIGNUM *b, int words) b->dmax = words; } -/* None of this should be necessary because of what b->top means! */ -#if 0 - /* - * NB: bn_wexpand() calls this only if the BIGNUM really has to grow - */ - if (b->top < b->dmax) { - int i; - BN_ULONG *A = &(b->d[b->top]); - for (i = (b->dmax - b->top) >> 3; i > 0; i--, A += 8) { - A[0] = 0; - A[1] = 0; - A[2] = 0; - A[3] = 0; - A[4] = 0; - A[5] = 0; - A[6] = 0; - A[7] = 0; - } - for (i = (b->dmax - b->top) & 7; i > 0; i--, A++) - A[0] = 0; - assert(A == &(b->d[b->dmax])); - } -#endif bn_check_top(b); return b; } diff --git a/crypto/bn/bn_mod.c b/crypto/bn/bn_mod.c index ffbce89..e0ed478 100644 --- a/crypto/bn/bn_mod.c +++ b/crypto/bn/bn_mod.c @@ -116,14 +116,6 @@ #include "cryptlib.h" #include "bn_lcl.h" -#if 0 /* now just a #define */ -int BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx) -{ - return (BN_div(NULL, rem, m, d, ctx)); - /* note that rem->neg == m->neg (unless the remainder is zero) */ -} -#endif - int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx) { /* diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index ecdce9f..9488454 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -149,7 +149,6 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) goto err; } -#if 1 if (pseudorand == 2) { /* * generate patterns that are more likely to trigger BN library bugs @@ -167,7 +166,6 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) buf[i] = 255; } } -#endif if (top != -1) { if (top) { @@ -206,12 +204,10 @@ int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom) return bnrand(1, rnd, bits, top, bottom); } -#if 1 int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom) { return bnrand(2, rnd, bits, top, bottom); } -#endif /* random number r: 0 <= r < range */ static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range) diff --git a/crypto/bn/bn_recp.c b/crypto/bn/bn_recp.c index db5660b..4f94408 100644 --- a/crypto/bn/bn_recp.c +++ b/crypto/bn/bn_recp.c @@ -195,7 +195,6 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, goto err; r->neg = 0; -#if 1 j = 0; while (BN_ucmp(r, &(recp->N)) >= 0) { if (j++ > 2) { @@ -207,7 +206,6 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, if (!BN_add_word(d, 1)) goto err; } -#endif r->neg = BN_is_zero(r) ? 0 : m->neg; d->neg = m->neg ^ recp->N.neg; diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c index 849cb2f..ce31b1b 100644 --- a/crypto/ocsp/ocsp_ext.c +++ b/crypto/ocsp/ocsp_ext.c @@ -287,49 +287,6 @@ int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc) } /* also CRL Entry Extensions */ -#if 0 -ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d, - void *data, STACK_OF(ASN1_OBJECT) *sk) -{ - int i; - unsigned char *p, *b = NULL; - - if (data) { - if ((i = i2d(data, NULL)) <= 0) - goto err; - if (!(b = p = OPENSSL_malloc((unsigned int)i))) - goto err; - if (i2d(data, &p) <= 0) - goto err; - } else if (sk) { - if ((i = i2d_ASN1_SET_OF_ASN1_OBJECT(sk, NULL, - (I2D_OF(ASN1_OBJECT)) i2d, - V_ASN1_SEQUENCE, - V_ASN1_UNIVERSAL, - IS_SEQUENCE)) <= 0) - goto err; - if (!(b = p = OPENSSL_malloc((unsigned int)i))) - goto err; - if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk, &p, (I2D_OF(ASN1_OBJECT)) i2d, - V_ASN1_SEQUENCE, - V_ASN1_UNIVERSAL, IS_SEQUENCE) <= 0) - goto err; - } else { - OCSPerr(OCSP_F_ASN1_STRING_ENCODE, OCSP_R_BAD_DATA); - goto err; - } - if (!s && !(s = ASN1_STRING_new())) - goto err; - if (!(ASN1_STRING_set(s, b, i))) - goto err; - OPENSSL_free(b); - return s; - err: - if (b) - OPENSSL_free(b); - return NULL; -} -#endif /* Nonce handling functions */ diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 22c1f68..7e3bca7 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -145,12 +145,6 @@ static int null_callback(int ok, X509_STORE_CTX *e) return ok; } -#if 0 -static int x509_subject_cmp(X509 **a, X509 **b) -{ - return X509_subject_name_cmp(*a, *b); -} -#endif /* Return 1 is a certificate is self signed */ static int cert_self_signed(X509 *x) { From appro at openssl.org Mon Feb 9 08:00:19 2015 From: appro at openssl.org (Andy Polyakov) Date: Mon, 9 Feb 2015 09:00:19 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150209080020.1EA641DF1AB@butler.localdomain> The branch master has been updated via 719122c759f86f1057b9d7aa8a9f7f2a9edd424c (commit) from 06cf881a3a10d5af3c1255c08cfd0c6ddb5f1cc3 (commit) - Log ----------------------------------------------------------------- commit 719122c759f86f1057b9d7aa8a9f7f2a9edd424c Author: Andy Polyakov Date: Mon Feb 9 08:58:43 2015 +0100 des/asm/des_enc.m4: fix brown-bag typo in last commit. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/des/asm/des_enc.m4 | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/des/asm/des_enc.m4 b/crypto/des/asm/des_enc.m4 index 6ae17fd..3efe246 100644 --- a/crypto/des/asm/des_enc.m4 +++ b/crypto/des/asm/des_enc.m4 @@ -1610,6 +1610,7 @@ DES_ede3_cbc_encrypt: LDPTR [%fp+BIAS+ARG0+6*ARGSZ], local4 ! ivec cmp local3, 0 ! enc + be .ede3.dec STPTR in4, KS2 STPTR in5, KS3 From appro at openssl.org Mon Feb 9 08:55:34 2015 From: appro at openssl.org (Andy Polyakov) Date: Mon, 9 Feb 2015 09:55:34 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150209085534.A2EE41DF1AB@butler.localdomain> The branch master has been updated via 7ce38623194f6df6a846cd01753b63f361c88e57 (commit) from 719122c759f86f1057b9d7aa8a9f7f2a9edd424c (commit) - Log ----------------------------------------------------------------- commit 7ce38623194f6df6a846cd01753b63f361c88e57 Author: Andy Polyakov Date: Sat Feb 7 10:15:32 2015 +0100 Harmonize objects.pl output with new format. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/objects/objects.pl | 43 ++++++++++++++++++++++++++----------------- 1 file changed, 26 insertions(+), 17 deletions(-) diff --git a/crypto/objects/objects.pl b/crypto/objects/objects.pl index 15c00bb..a653985 100644 --- a/crypto/objects/objects.pl +++ b/crypto/objects/objects.pl @@ -121,9 +121,9 @@ open (OUT,">$ARGV[2]") || die "Can't open output file $ARGV[2]"; print OUT <<'EOF'; /* crypto/objects/obj_mac.h */ -/* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the - * following command: - * perl objects.pl objects.txt obj_mac.num obj_mac.h +/* + * THIS FILE IS GENERATED FROM objects.txt by objects.pl via the following + * command: perl objects.pl objects.txt obj_mac.num obj_mac.h */ /* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com) @@ -132,21 +132,21 @@ print OUT <<'EOF'; * This package is an SSL implementation written * by Eric Young (eay at cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh at cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -161,10 +161,10 @@ print OUT <<'EOF'; * Eric Young (eay at cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -176,27 +176,36 @@ print OUT <<'EOF'; * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ -#define SN_undef "UNDEF" -#define LN_undef "undefined" -#define NID_undef 0 -#define OBJ_undef 0L +#define SN_undef "UNDEF" +#define LN_undef "undefined" +#define NID_undef 0 +#define OBJ_undef 0L EOF +sub expand + { + my $string = shift; + + 1 while $string =~ s/\t+/' ' x (length($&) * 8 - length($`) % 8)/e; + + return $string; + } + foreach (sort { $a <=> $b } keys %ordern) { $Cname=$ordern{$_}; - print OUT "#define SN_",$Cname,"\t\t\"",$sn{$Cname},"\"\n" if $sn{$Cname} ne ""; - print OUT "#define LN_",$Cname,"\t\t\"",$ln{$Cname},"\"\n" if $ln{$Cname} ne ""; - print OUT "#define NID_",$Cname,"\t\t",$nid{$Cname},"\n" if $nid{$Cname} ne ""; - print OUT "#define OBJ_",$Cname,"\t\t",$obj{$Cname},"\n" if $obj{$Cname} ne ""; + print OUT expand("#define SN_$Cname\t\t\"$sn{$Cname}\"\n") if $sn{$Cname} ne ""; + print OUT expand("#define LN_$Cname\t\t\"$ln{$Cname}\"\n") if $ln{$Cname} ne ""; + print OUT expand("#define NID_$Cname\t\t$nid{$Cname}\n") if $nid{$Cname} ne ""; + print OUT expand("#define OBJ_$Cname\t\t$obj{$Cname}\n") if $obj{$Cname} ne ""; print OUT "\n"; } From appro at openssl.org Mon Feb 9 08:57:47 2015 From: appro at openssl.org (Andy Polyakov) Date: Mon, 9 Feb 2015 09:57:47 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150209085747.134981DF1AB@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via 506805e708604efb9448d26e9e94c14cb2d9ccd9 (commit) from 04222b630efc936386ce0afb8a678dcc9f16e276 (commit) - Log ----------------------------------------------------------------- commit 506805e708604efb9448d26e9e94c14cb2d9ccd9 Author: Andy Polyakov Date: Sat Feb 7 10:15:32 2015 +0100 Harmonize objects.pl output with new format. Reviewed-by: Tim Hudson (cherry picked from commit 7ce38623194f6df6a846cd01753b63f361c88e57) ----------------------------------------------------------------------- Summary of changes: crypto/objects/objects.pl | 43 ++++++++++++++++++++++++++----------------- 1 file changed, 26 insertions(+), 17 deletions(-) diff --git a/crypto/objects/objects.pl b/crypto/objects/objects.pl index 15c00bb..a653985 100644 --- a/crypto/objects/objects.pl +++ b/crypto/objects/objects.pl @@ -121,9 +121,9 @@ open (OUT,">$ARGV[2]") || die "Can't open output file $ARGV[2]"; print OUT <<'EOF'; /* crypto/objects/obj_mac.h */ -/* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the - * following command: - * perl objects.pl objects.txt obj_mac.num obj_mac.h +/* + * THIS FILE IS GENERATED FROM objects.txt by objects.pl via the following + * command: perl objects.pl objects.txt obj_mac.num obj_mac.h */ /* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com) @@ -132,21 +132,21 @@ print OUT <<'EOF'; * This package is an SSL implementation written * by Eric Young (eay at cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh at cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -161,10 +161,10 @@ print OUT <<'EOF'; * Eric Young (eay at cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -176,27 +176,36 @@ print OUT <<'EOF'; * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ -#define SN_undef "UNDEF" -#define LN_undef "undefined" -#define NID_undef 0 -#define OBJ_undef 0L +#define SN_undef "UNDEF" +#define LN_undef "undefined" +#define NID_undef 0 +#define OBJ_undef 0L EOF +sub expand + { + my $string = shift; + + 1 while $string =~ s/\t+/' ' x (length($&) * 8 - length($`) % 8)/e; + + return $string; + } + foreach (sort { $a <=> $b } keys %ordern) { $Cname=$ordern{$_}; - print OUT "#define SN_",$Cname,"\t\t\"",$sn{$Cname},"\"\n" if $sn{$Cname} ne ""; - print OUT "#define LN_",$Cname,"\t\t\"",$ln{$Cname},"\"\n" if $ln{$Cname} ne ""; - print OUT "#define NID_",$Cname,"\t\t",$nid{$Cname},"\n" if $nid{$Cname} ne ""; - print OUT "#define OBJ_",$Cname,"\t\t",$obj{$Cname},"\n" if $obj{$Cname} ne ""; + print OUT expand("#define SN_$Cname\t\t\"$sn{$Cname}\"\n") if $sn{$Cname} ne ""; + print OUT expand("#define LN_$Cname\t\t\"$ln{$Cname}\"\n") if $ln{$Cname} ne ""; + print OUT expand("#define NID_$Cname\t\t$nid{$Cname}\n") if $nid{$Cname} ne ""; + print OUT expand("#define OBJ_$Cname\t\t$obj{$Cname}\n") if $obj{$Cname} ne ""; print OUT "\n"; } From appro at openssl.org Mon Feb 9 09:08:23 2015 From: appro at openssl.org (Andy Polyakov) Date: Mon, 9 Feb 2015 10:08:23 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <20150209090823.117A21DF1AB@butler.localdomain> The branch OpenSSL_1_0_0-stable has been updated via 2487d7710459c428a6cfc9aff00a0544125a9efe (commit) from e5d2a44fb7f31ed88553e364a421cc89c8629c84 (commit) - Log ----------------------------------------------------------------- commit 2487d7710459c428a6cfc9aff00a0544125a9efe Author: Andy Polyakov Date: Sat Feb 7 10:15:32 2015 +0100 Harmonize objects.pl output with new format. Reviewed-by: Tim Hudson (cherry picked from commit 7ce38623194f6df6a846cd01753b63f361c88e57) ----------------------------------------------------------------------- Summary of changes: crypto/objects/objects.pl | 43 ++++++++++++++++++++++++++----------------- 1 file changed, 26 insertions(+), 17 deletions(-) diff --git a/crypto/objects/objects.pl b/crypto/objects/objects.pl index 15c00bb..a653985 100644 --- a/crypto/objects/objects.pl +++ b/crypto/objects/objects.pl @@ -121,9 +121,9 @@ open (OUT,">$ARGV[2]") || die "Can't open output file $ARGV[2]"; print OUT <<'EOF'; /* crypto/objects/obj_mac.h */ -/* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the - * following command: - * perl objects.pl objects.txt obj_mac.num obj_mac.h +/* + * THIS FILE IS GENERATED FROM objects.txt by objects.pl via the following + * command: perl objects.pl objects.txt obj_mac.num obj_mac.h */ /* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com) @@ -132,21 +132,21 @@ print OUT <<'EOF'; * This package is an SSL implementation written * by Eric Young (eay at cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh at cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -161,10 +161,10 @@ print OUT <<'EOF'; * Eric Young (eay at cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -176,27 +176,36 @@ print OUT <<'EOF'; * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ -#define SN_undef "UNDEF" -#define LN_undef "undefined" -#define NID_undef 0 -#define OBJ_undef 0L +#define SN_undef "UNDEF" +#define LN_undef "undefined" +#define NID_undef 0 +#define OBJ_undef 0L EOF +sub expand + { + my $string = shift; + + 1 while $string =~ s/\t+/' ' x (length($&) * 8 - length($`) % 8)/e; + + return $string; + } + foreach (sort { $a <=> $b } keys %ordern) { $Cname=$ordern{$_}; - print OUT "#define SN_",$Cname,"\t\t\"",$sn{$Cname},"\"\n" if $sn{$Cname} ne ""; - print OUT "#define LN_",$Cname,"\t\t\"",$ln{$Cname},"\"\n" if $ln{$Cname} ne ""; - print OUT "#define NID_",$Cname,"\t\t",$nid{$Cname},"\n" if $nid{$Cname} ne ""; - print OUT "#define OBJ_",$Cname,"\t\t",$obj{$Cname},"\n" if $obj{$Cname} ne ""; + print OUT expand("#define SN_$Cname\t\t\"$sn{$Cname}\"\n") if $sn{$Cname} ne ""; + print OUT expand("#define LN_$Cname\t\t\"$ln{$Cname}\"\n") if $ln{$Cname} ne ""; + print OUT expand("#define NID_$Cname\t\t$nid{$Cname}\n") if $nid{$Cname} ne ""; + print OUT expand("#define OBJ_$Cname\t\t$obj{$Cname}\n") if $obj{$Cname} ne ""; print OUT "\n"; } From appro at openssl.org Mon Feb 9 09:08:41 2015 From: appro at openssl.org (Andy Polyakov) Date: Mon, 9 Feb 2015 10:08:41 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <20150209090842.89C9B1DF1AB@butler.localdomain> The branch OpenSSL_0_9_8-stable has been updated via 9eca2cbc1617015cec2318d732098208889d9929 (commit) from d7efe7ea18ffec1bcf0d93f563c175ea5094b654 (commit) - Log ----------------------------------------------------------------- commit 9eca2cbc1617015cec2318d732098208889d9929 Author: Andy Polyakov Date: Sat Feb 7 10:15:32 2015 +0100 Harmonize objects.pl output with new format. Reviewed-by: Tim Hudson (cherry picked from commit 7ce38623194f6df6a846cd01753b63f361c88e57) ----------------------------------------------------------------------- Summary of changes: crypto/objects/objects.pl | 43 ++++++++++++++++++++++++++----------------- 1 file changed, 26 insertions(+), 17 deletions(-) diff --git a/crypto/objects/objects.pl b/crypto/objects/objects.pl index 76c06cc..719b5cd 100644 --- a/crypto/objects/objects.pl +++ b/crypto/objects/objects.pl @@ -118,9 +118,9 @@ open (OUT,">$ARGV[2]") || die "Can't open output file $ARGV[2]"; print OUT <<'EOF'; /* crypto/objects/obj_mac.h */ -/* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the - * following command: - * perl objects.pl objects.txt obj_mac.num obj_mac.h +/* + * THIS FILE IS GENERATED FROM objects.txt by objects.pl via the following + * command: perl objects.pl objects.txt obj_mac.num obj_mac.h */ /* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com) @@ -129,21 +129,21 @@ print OUT <<'EOF'; * This package is an SSL implementation written * by Eric Young (eay at cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh at cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -158,10 +158,10 @@ print OUT <<'EOF'; * Eric Young (eay at cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -173,27 +173,36 @@ print OUT <<'EOF'; * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ -#define SN_undef "UNDEF" -#define LN_undef "undefined" -#define NID_undef 0 -#define OBJ_undef 0L +#define SN_undef "UNDEF" +#define LN_undef "undefined" +#define NID_undef 0 +#define OBJ_undef 0L EOF +sub expand + { + my $string = shift; + + 1 while $string =~ s/\t+/' ' x (length($&) * 8 - length($`) % 8)/e; + + return $string; + } + foreach (sort { $a <=> $b } keys %ordern) { $Cname=$ordern{$_}; - print OUT "#define SN_",$Cname,"\t\t\"",$sn{$Cname},"\"\n" if $sn{$Cname} ne ""; - print OUT "#define LN_",$Cname,"\t\t\"",$ln{$Cname},"\"\n" if $ln{$Cname} ne ""; - print OUT "#define NID_",$Cname,"\t\t",$nid{$Cname},"\n" if $nid{$Cname} ne ""; - print OUT "#define OBJ_",$Cname,"\t\t",$obj{$Cname},"\n" if $obj{$Cname} ne ""; + print OUT expand("#define SN_$Cname\t\t\"$sn{$Cname}\"\n") if $sn{$Cname} ne ""; + print OUT expand("#define LN_$Cname\t\t\"$ln{$Cname}\"\n") if $ln{$Cname} ne ""; + print OUT expand("#define NID_$Cname\t\t$nid{$Cname}\n") if $nid{$Cname} ne ""; + print OUT expand("#define OBJ_$Cname\t\t$obj{$Cname}\n") if $obj{$Cname} ne ""; print OUT "\n"; } From matt at openssl.org Mon Feb 9 09:14:31 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 9 Feb 2015 10:14:31 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150209091432.5AE551DF1AB@butler.localdomain> The branch master has been updated via 0350ef69add8758dd180e73cbc7c1961bf64e503 (commit) from 7ce38623194f6df6a846cd01753b63f361c88e57 (commit) - Log ----------------------------------------------------------------- commit 0350ef69add8758dd180e73cbc7c1961bf64e503 Author: Matt Caswell Date: Sun Feb 8 15:47:46 2015 +0000 Remove stray "=back". This was causing newer versions of pod2man to choke. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: doc/ssl/SSL_get_extms_support.pod | 2 -- 1 file changed, 2 deletions(-) diff --git a/doc/ssl/SSL_get_extms_support.pod b/doc/ssl/SSL_get_extms_support.pod index 427819a..4e24824 100644 --- a/doc/ssl/SSL_get_extms_support.pod +++ b/doc/ssl/SSL_get_extms_support.pod @@ -24,8 +24,6 @@ master secret, 0 if it did not and -1 if a handshake is currently in progress i.e. it is not possible to determine if extended master secret was used. -=back - =head1 SEE ALSO L From appro at openssl.org Mon Feb 9 09:33:43 2015 From: appro at openssl.org (Andy Polyakov) Date: Mon, 9 Feb 2015 10:33:43 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <20150209093343.ED8F21DF1AB@butler.localdomain> The branch OpenSSL_1_0_1-stable has been updated via 97ac0d8564f5b8f9be7905c2cd60d9c6f8efc1f1 (commit) from f8e662e71cd18e8b077c5450f955cfc34b178457 (commit) - Log ----------------------------------------------------------------- commit 97ac0d8564f5b8f9be7905c2cd60d9c6f8efc1f1 Author: Andy Polyakov Date: Sat Feb 7 10:15:32 2015 +0100 Harmonize objects.pl output with new format. Reviewed-by: Tim Hudson (cherry picked from commit 7ce38623194f6df6a846cd01753b63f361c88e57) ----------------------------------------------------------------------- Summary of changes: crypto/objects/objects.pl | 43 ++++++++++++++++++++++++++----------------- 1 file changed, 26 insertions(+), 17 deletions(-) diff --git a/crypto/objects/objects.pl b/crypto/objects/objects.pl index 15c00bb..a653985 100644 --- a/crypto/objects/objects.pl +++ b/crypto/objects/objects.pl @@ -121,9 +121,9 @@ open (OUT,">$ARGV[2]") || die "Can't open output file $ARGV[2]"; print OUT <<'EOF'; /* crypto/objects/obj_mac.h */ -/* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the - * following command: - * perl objects.pl objects.txt obj_mac.num obj_mac.h +/* + * THIS FILE IS GENERATED FROM objects.txt by objects.pl via the following + * command: perl objects.pl objects.txt obj_mac.num obj_mac.h */ /* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com) @@ -132,21 +132,21 @@ print OUT <<'EOF'; * This package is an SSL implementation written * by Eric Young (eay at cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh at cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -161,10 +161,10 @@ print OUT <<'EOF'; * Eric Young (eay at cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -176,27 +176,36 @@ print OUT <<'EOF'; * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ -#define SN_undef "UNDEF" -#define LN_undef "undefined" -#define NID_undef 0 -#define OBJ_undef 0L +#define SN_undef "UNDEF" +#define LN_undef "undefined" +#define NID_undef 0 +#define OBJ_undef 0L EOF +sub expand + { + my $string = shift; + + 1 while $string =~ s/\t+/' ' x (length($&) * 8 - length($`) % 8)/e; + + return $string; + } + foreach (sort { $a <=> $b } keys %ordern) { $Cname=$ordern{$_}; - print OUT "#define SN_",$Cname,"\t\t\"",$sn{$Cname},"\"\n" if $sn{$Cname} ne ""; - print OUT "#define LN_",$Cname,"\t\t\"",$ln{$Cname},"\"\n" if $ln{$Cname} ne ""; - print OUT "#define NID_",$Cname,"\t\t",$nid{$Cname},"\n" if $nid{$Cname} ne ""; - print OUT "#define OBJ_",$Cname,"\t\t",$obj{$Cname},"\n" if $obj{$Cname} ne ""; + print OUT expand("#define SN_$Cname\t\t\"$sn{$Cname}\"\n") if $sn{$Cname} ne ""; + print OUT expand("#define LN_$Cname\t\t\"$ln{$Cname}\"\n") if $ln{$Cname} ne ""; + print OUT expand("#define NID_$Cname\t\t$nid{$Cname}\n") if $nid{$Cname} ne ""; + print OUT expand("#define OBJ_$Cname\t\t$obj{$Cname}\n") if $obj{$Cname} ne ""; print OUT "\n"; } From appro at openssl.org Mon Feb 9 09:46:47 2015 From: appro at openssl.org (Andy Polyakov) Date: Mon, 9 Feb 2015 10:46:47 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150209094647.5AFC71DF1AB@butler.localdomain> The branch master has been updated via bdc985b133a69186c5edba4ba703b400a02325ee (commit) from 0350ef69add8758dd180e73cbc7c1961bf64e503 (commit) - Log ----------------------------------------------------------------- commit bdc985b133a69186c5edba4ba703b400a02325ee Author: Andy Polyakov Date: Mon Feb 9 10:20:49 2015 +0100 evp/e_aes.c: fix pair of SPARC T4-specific problems: - SIGSEGV/ILL in CCM (RT#3688); - SIGBUS in OCB; Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/evp/e_aes.c | 46 +++++++++++++++++++++++++++++----------------- 1 file changed, 29 insertions(+), 17 deletions(-) diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index eaceab2..4fab21b 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -115,8 +115,14 @@ typedef struct { # ifndef OPENSSL_NO_OCB typedef struct { - AES_KEY ksenc; /* AES key schedule to use for encryption */ - AES_KEY ksdec; /* AES key schedule to use for decryption */ + union { + double align; + AES_KEY ks; + } ksenc; /* AES key schedule to use for encryption */ + union { + double align; + AES_KEY ks; + } ksdec; /* AES key schedule to use for decryption */ int key_set; /* Set if key initialised */ int iv_set; /* Set if an iv is set */ OCB128_CONTEXT ocb; @@ -466,9 +472,10 @@ static int aesni_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, * needs both. We could possibly optimise to remove setting the * decrypt for an encryption operation. */ - aesni_set_encrypt_key(key, ctx->key_len * 8, &octx->ksenc); - aesni_set_decrypt_key(key, ctx->key_len * 8, &octx->ksdec); - if (!CRYPTO_ocb128_init(&octx->ocb, &octx->ksenc, &octx->ksdec, + aesni_set_encrypt_key(key, ctx->key_len * 8, &octx->ksenc.ks); + aesni_set_decrypt_key(key, ctx->key_len * 8, &octx->ksdec.ks); + if (!CRYPTO_ocb128_init(&octx->ocb, + &octx->ksenc.ks, &octx->ksdec.ks, (block128_f) aesni_encrypt, (block128_f) aesni_decrypt)) return 0; @@ -829,6 +836,7 @@ static int aes_t4_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, aes_t4_set_encrypt_key(key, bits, &cctx->ks.ks); CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, &cctx->ks, (block128_f) aes_t4_encrypt); + cctx->str = NULL; cctx->key_set = 1; } if (iv) { @@ -856,9 +864,10 @@ static int aes_t4_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, * needs both. We could possibly optimise to remove setting the * decrypt for an encryption operation. */ - aes_t4_set_encrypt_key(key, ctx->key_len * 8, &octx->ksenc); - aes_t4_set_decrypt_key(key, ctx->key_len * 8, &octx->ksdec); - if (!CRYPTO_ocb128_init(&octx->ocb, &octx->ksenc, &octx->ksdec, + aes_t4_set_encrypt_key(key, ctx->key_len * 8, &octx->ksenc.ks); + aes_t4_set_decrypt_key(key, ctx->key_len * 8, &octx->ksdec.ks); + if (!CRYPTO_ocb128_init(&octx->ocb, + &octx->ksenc.ks, &octx->ksdec.ks, (block128_f) aes_t4_encrypt, (block128_f) aes_t4_decrypt)) return 0; @@ -2222,7 +2231,8 @@ static int aes_ocb_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) newc = (EVP_CIPHER_CTX *)ptr; new_octx = newc->cipher_data; return CRYPTO_ocb128_copy_ctx(&new_octx->ocb, &octx->ocb, - &new_octx->ksenc, &new_octx->ksdec); + &new_octx->ksenc.ks, + &new_octx->ksdec.ks); default: return -1; @@ -2245,18 +2255,20 @@ static int aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, */ # ifdef VPAES_CAPABLE if (VPAES_CAPABLE) { - vpaes_set_encrypt_key(key, ctx->key_len * 8, &octx->ksenc); - vpaes_set_decrypt_key(key, ctx->key_len * 8, &octx->ksdec); - if (!CRYPTO_ocb128_init - (&octx->ocb, &octx->ksenc, &octx->ksdec, - (block128_f) vpaes_encrypt, (block128_f) vpaes_decrypt)) + vpaes_set_encrypt_key(key, ctx->key_len * 8, &octx->ksenc.ks); + vpaes_set_decrypt_key(key, ctx->key_len * 8, &octx->ksdec.ks); + if (!CRYPTO_ocb128_init(&octx->ocb, + &octx->ksenc.ks, &octx->ksdec.ks, + (block128_f) vpaes_encrypt, + (block128_f) vpaes_decrypt)) return 0; break; } # endif - AES_set_encrypt_key(key, ctx->key_len * 8, &octx->ksenc); - AES_set_decrypt_key(key, ctx->key_len * 8, &octx->ksdec); - if (!CRYPTO_ocb128_init(&octx->ocb, &octx->ksenc, &octx->ksdec, + AES_set_encrypt_key(key, ctx->key_len * 8, &octx->ksenc.ks); + AES_set_decrypt_key(key, ctx->key_len * 8, &octx->ksdec.ks); + if (!CRYPTO_ocb128_init(&octx->ocb, + &octx->ksenc.ks, &octx->ksdec.ks, (block128_f) AES_encrypt, (block128_f) AES_decrypt)) return 0; From steve at openssl.org Mon Feb 9 12:48:51 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 9 Feb 2015 13:48:51 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150209124852.6B6631DF1AB@butler.localdomain> The branch master has been updated via 259c360d0b4faad28c89c97352291219903ee3c5 (commit) from bdc985b133a69186c5edba4ba703b400a02325ee (commit) - Log ----------------------------------------------------------------- commit 259c360d0b4faad28c89c97352291219903ee3c5 Author: Dr. Stephen Henson Date: Mon Feb 9 12:03:48 2015 +0000 Remove obsolete IMPLEMENT_ASN1_SET_OF Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: crypto/asn1/a_int.c | 2 -- crypto/asn1/a_object.c | 2 -- crypto/asn1/a_type.c | 2 -- crypto/asn1/asn1.h | 1 - crypto/asn1/x_algor.c | 1 - crypto/asn1/x_crl.c | 4 ---- crypto/asn1/x_name.c | 2 -- crypto/x509/x509_ext.c | 2 -- crypto/x509/x509_vfy.c | 4 ---- crypto/x509v3/v3_crld.c | 2 -- crypto/x509v3/v3_sxnet.c | 2 -- 11 files changed, 24 deletions(-) diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c index 6b6a514..7f11859 100644 --- a/crypto/asn1/a_int.c +++ b/crypto/asn1/a_int.c @@ -454,5 +454,3 @@ BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn) BN_set_negative(ret, 1); return (ret); } - -IMPLEMENT_ASN1_SET_OF(ASN1_INTEGER) diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c index 5732a71..c780d8e 100644 --- a/crypto/asn1/a_object.c +++ b/crypto/asn1/a_object.c @@ -399,5 +399,3 @@ ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len, ASN1_OBJECT_FLAG_DYNAMIC_DATA; return (OBJ_dup(&o)); } - -IMPLEMENT_ASN1_SET_OF(ASN1_OBJECT) diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c index 94d0b1a..13ecfcd 100644 --- a/crypto/asn1/a_type.c +++ b/crypto/asn1/a_type.c @@ -103,8 +103,6 @@ int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value) return 1; } -IMPLEMENT_ASN1_SET_OF(ASN1_TYPE) - /* Returns 0 if they are equal, != 0 otherwise. */ int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b) { diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index 104056e..5254c7d 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -160,7 +160,6 @@ extern "C" { DECLARE_STACK_OF(X509_ALGOR) # define DECLARE_ASN1_SET_OF(type)/* filled in by mkstack.pl */ -# define IMPLEMENT_ASN1_SET_OF(type)/* nothing, no longer needed */ /* * We MUST make sure that, except for constness, asn1_ctx_st and diff --git a/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c index f7ff573..0aa3ded 100644 --- a/crypto/asn1/x_algor.c +++ b/crypto/asn1/x_algor.c @@ -74,7 +74,6 @@ ASN1_ITEM_TEMPLATE_END(X509_ALGORS) IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR) IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_ALGORS, X509_ALGORS, X509_ALGORS) IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR) -IMPLEMENT_ASN1_SET_OF(X509_ALGOR) int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval) { diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c index bcbae1b..8884223 100644 --- a/crypto/asn1/x_crl.c +++ b/crypto/asn1/x_crl.c @@ -505,7 +505,3 @@ void *X509_CRL_get_meth_data(X509_CRL *crl) { return crl->meth_data; } - -IMPLEMENT_ASN1_SET_OF(X509_REVOKED) - -IMPLEMENT_ASN1_SET_OF(X509_CRL) diff --git a/crypto/asn1/x_name.c b/crypto/asn1/x_name.c index bc446e0..b915050 100644 --- a/crypto/asn1/x_name.c +++ b/crypto/asn1/x_name.c @@ -521,5 +521,3 @@ int X509_NAME_set(X509_NAME **xn, X509_NAME *name) } return (*xn != NULL); } - -IMPLEMENT_ASN1_SET_OF(X509_NAME_ENTRY) diff --git a/crypto/x509/x509_ext.c b/crypto/x509/x509_ext.c index 1790b1b..c5a3ad9 100644 --- a/crypto/x509/x509_ext.c +++ b/crypto/x509/x509_ext.c @@ -205,5 +205,3 @@ int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, { return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags); } - -IMPLEMENT_ASN1_SET_OF(X509_EXTENSION) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 7e3bca7..cc9665e 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -2396,7 +2396,3 @@ void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param) X509_VERIFY_PARAM_free(ctx->param); ctx->param = param; } - -IMPLEMENT_ASN1_SET_OF(X509) - -IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE) diff --git a/crypto/x509v3/v3_crld.c b/crypto/x509v3/v3_crld.c index 0dbed9f..9363541 100644 --- a/crypto/x509v3/v3_crld.c +++ b/crypto/x509v3/v3_crld.c @@ -341,8 +341,6 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method, return NULL; } -IMPLEMENT_ASN1_SET_OF(DIST_POINT) - static int dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) { diff --git a/crypto/x509v3/v3_sxnet.c b/crypto/x509v3/v3_sxnet.c index 6bff278..df1384a 100644 --- a/crypto/x509v3/v3_sxnet.c +++ b/crypto/x509v3/v3_sxnet.c @@ -267,5 +267,3 @@ ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone) } return NULL; } - -IMPLEMENT_ASN1_SET_OF(SXNETID) From steve at openssl.org Mon Feb 9 13:00:44 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 9 Feb 2015 14:00:44 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150209130044.E658A1DF1AB@butler.localdomain> The branch master has been updated via 9c7a780bbebc1b6d87dc38a6aa3339033911a8bb (commit) from 259c360d0b4faad28c89c97352291219903ee3c5 (commit) - Log ----------------------------------------------------------------- commit 9c7a780bbebc1b6d87dc38a6aa3339033911a8bb Author: Dr. Stephen Henson Date: Sun Feb 8 13:14:05 2015 +0000 Fix memory leak reporting. Free up bio_err after memory leak data has been printed to it. In int_free_ex_data if ex_data is NULL there is nothing to free up so return immediately and don't reallocate it. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: apps/openssl.c | 8 ++++---- crypto/ex_data.c | 2 ++ 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/apps/openssl.c b/apps/openssl.c index 50c8275..e070a44 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -423,10 +423,6 @@ int main(int Argc, char *ARGV[]) if (arg.data != NULL) OPENSSL_free(arg.data); - if (bio_err != NULL) { - BIO_free(bio_err); - bio_err = NULL; - } #if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64) /* Free any duplicate Argv[] storage. */ if (free_Argv) { @@ -435,6 +431,10 @@ int main(int Argc, char *ARGV[]) #endif apps_shutdown(); CRYPTO_mem_leaks(bio_err); + if (bio_err != NULL) { + BIO_free(bio_err); + bio_err = NULL; + } OPENSSL_EXIT(ret); } diff --git a/crypto/ex_data.c b/crypto/ex_data.c index 4caddce..d55985b 100644 --- a/crypto/ex_data.c +++ b/crypto/ex_data.c @@ -500,6 +500,8 @@ static void int_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) EX_CLASS_ITEM *item; void *ptr; CRYPTO_EX_DATA_FUNCS **storage = NULL; + if (ex_data == NULL) + return; if ((item = def_get_class(class_index)) == NULL) return; CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA); From steve at openssl.org Mon Feb 9 13:02:30 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 9 Feb 2015 14:02:30 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <20150209130230.234FF1DF1AB@butler.localdomain> The branch OpenSSL_1_0_1-stable has been updated via 66aacf387224e8977d8214437939227d7e0c91d8 (commit) from 97ac0d8564f5b8f9be7905c2cd60d9c6f8efc1f1 (commit) - Log ----------------------------------------------------------------- commit 66aacf387224e8977d8214437939227d7e0c91d8 Author: Dr. Stephen Henson Date: Sun Feb 8 13:14:05 2015 +0000 Fix memory leak reporting. Free up bio_err after memory leak data has been printed to it. In int_free_ex_data if ex_data is NULL there is nothing to free up so return immediately and don't reallocate it. Reviewed-by: Tim Hudson (cherry picked from commit 9c7a780bbebc1b6d87dc38a6aa3339033911a8bb) ----------------------------------------------------------------------- Summary of changes: apps/openssl.c | 8 ++++---- crypto/ex_data.c | 2 ++ 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/apps/openssl.c b/apps/openssl.c index 112ed7e..6873145 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -428,10 +428,6 @@ int main(int Argc, char *ARGV[]) if (arg.data != NULL) OPENSSL_free(arg.data); - if (bio_err != NULL) { - BIO_free(bio_err); - bio_err = NULL; - } #if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64) /* Free any duplicate Argv[] storage. */ if (free_Argv) { @@ -440,6 +436,10 @@ int main(int Argc, char *ARGV[]) #endif apps_shutdown(); CRYPTO_mem_leaks(bio_err); + if (bio_err != NULL) { + BIO_free(bio_err); + bio_err = NULL; + } OPENSSL_EXIT(ret); } diff --git a/crypto/ex_data.c b/crypto/ex_data.c index 5a3546a..f96a517 100644 --- a/crypto/ex_data.c +++ b/crypto/ex_data.c @@ -500,6 +500,8 @@ static void int_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) EX_CLASS_ITEM *item; void *ptr; CRYPTO_EX_DATA_FUNCS **storage = NULL; + if (ex_data == NULL) + return; if ((item = def_get_class(class_index)) == NULL) return; CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA); From steve at openssl.org Mon Feb 9 13:02:30 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 9 Feb 2015 14:02:30 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150209130230.670C21E0360@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via ba25221226f0c9b033d8ff8a2a2bde8b359c6426 (commit) from 506805e708604efb9448d26e9e94c14cb2d9ccd9 (commit) - Log ----------------------------------------------------------------- commit ba25221226f0c9b033d8ff8a2a2bde8b359c6426 Author: Dr. Stephen Henson Date: Sun Feb 8 13:14:05 2015 +0000 Fix memory leak reporting. Free up bio_err after memory leak data has been printed to it. In int_free_ex_data if ex_data is NULL there is nothing to free up so return immediately and don't reallocate it. Reviewed-by: Tim Hudson (cherry picked from commit 9c7a780bbebc1b6d87dc38a6aa3339033911a8bb) ----------------------------------------------------------------------- Summary of changes: apps/openssl.c | 8 ++++---- crypto/ex_data.c | 2 ++ 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/apps/openssl.c b/apps/openssl.c index 112ed7e..6873145 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -428,10 +428,6 @@ int main(int Argc, char *ARGV[]) if (arg.data != NULL) OPENSSL_free(arg.data); - if (bio_err != NULL) { - BIO_free(bio_err); - bio_err = NULL; - } #if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64) /* Free any duplicate Argv[] storage. */ if (free_Argv) { @@ -440,6 +436,10 @@ int main(int Argc, char *ARGV[]) #endif apps_shutdown(); CRYPTO_mem_leaks(bio_err); + if (bio_err != NULL) { + BIO_free(bio_err); + bio_err = NULL; + } OPENSSL_EXIT(ret); } diff --git a/crypto/ex_data.c b/crypto/ex_data.c index 5a3546a..f96a517 100644 --- a/crypto/ex_data.c +++ b/crypto/ex_data.c @@ -500,6 +500,8 @@ static void int_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) EX_CLASS_ITEM *item; void *ptr; CRYPTO_EX_DATA_FUNCS **storage = NULL; + if (ex_data == NULL) + return; if ((item = def_get_class(class_index)) == NULL) return; CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA); From matt at openssl.org Mon Feb 9 13:14:09 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 9 Feb 2015 14:14:09 +0100 (CET) Subject: [openssl-commits] [openssl] master-pre-auto-reformat create Message-ID: <20150209131409.67F6D1E0361@butler.localdomain> The annotated tag master-pre-auto-reformat has been created at 9fd62bd141af640af7482d017e89382b389bb669 (tag) tagging 22b52164aaed31d6e93dbd2d397ace041360e6aa (commit) replaces master-pre-reformat tagged by Matt Caswell on Mon Feb 9 13:11:01 2015 +0000 - Log ----------------------------------------------------------------- Pre run of automated reformating script on master Reviewed-by: Richard Levitte Andy Polyakov (20): bn/rsaz_exp.c: make it indent-friendly. apps/speed.c: make it indent-friendly. apps/srp.c: make it indent-friendly. engines/e_ubsec.c: make it indent-friendly. bn/bn_recp.c: make it indent-friendly. bn/bntest.c: make it indent-friendly. crypto/cryptlib.c: make it indent-friendly. crypto/mem_dbg.c: make it indent-friendly. modes/cts128.c: make it indent-friendly. modes/gcm128.c: make it indent-friendly. modes/modes_lcl.h: make it indent-friendly. bn/bn_exp.c: make it indent-friendly. bn/bn_asm.c: make it indent-friendly. bn/asm/x86_64-gcc.cL make it indent-friendly. bn/bn_const.c: make it indent-friendly. ec/ecp_nistz256.c: harmonize with latest indent script. modes/cfb128.c: make it indent-friendly. modes/ctr128.c: make it indent-friendly. crypto/ofb128.c: make it indent-friendly. ec/ecp_nistz256.c: further harmonization with latest rules. Dr. Stephen Henson (4): Script fixes. Test option -nc Add -d debug option to save preprocessed files. Delete trailing whitespace from output. Matt Caswell (21): Further comment changes for reformat (master) More comments Yet more comments Fix source where indent will not be able to cope Provide script for filtering data initialisers for structs/unions. indent just can't handle it. Fix make errors Fix logic to check for indent.pro Fix indent issue with engine.h Fix indent issue with functions using STACK_OF More indent fixes for STACK_OF indent has problems with comments that are on the right hand side of a line. Sometimes it fails to format them very well, and sometimes it corrupts them! This commit moves some particularly problematic ones. Fix strange formatting by indent Add obj_dat.h to the list of files that will not be processed by openssl-format-source Manually reformat aes_core.c Add aes_core.c to the list of files not processed by openssl-format-source Amend openssl-format-source so that it give more repeatable output Fix indent comment corruption issue Manually reformat aes_x86core.c and add it to the list of files skipped by openssl-format-source Add ecp_nistz256.c to list of files skipped by openssl-format-source Move more comments that confuse indent Tweaks for comments due to indent's inability to handle them More tweaks for comments due indent issues Richard Levitte (3): Force the use of our indent profile Run expand before perl, to make sure things are properly aligned Make the script a little more location agnostic Tim Hudson (1): Provide source reformating script. Requires GNU indent to be available. ----------------------------------------------------------------------- From matt at openssl.org Mon Feb 9 13:14:09 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 9 Feb 2015 14:14:09 +0100 (CET) Subject: [openssl-commits] [openssl] master-post-auto-reformat create Message-ID: <20150209131409.61D6B1E0360@butler.localdomain> The annotated tag master-post-auto-reformat has been created at 0c59a14b93b682c48a9611876d081409bbbf9941 (tag) tagging 739a5eee619fc8c03736140828891b369f8690f4 (commit) replaces master-pre-auto-reformat tagged by Matt Caswell on Mon Feb 9 13:09:57 2015 +0000 - Log ----------------------------------------------------------------- Post run of automated reformating script on master Reviewed-by: Richard Levitte Matt Caswell (2): Run util/openssl-format-source -v -c . Rerun util/openssl-format-source -v -c . ----------------------------------------------------------------------- From matt at openssl.org Mon Feb 9 13:14:09 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 9 Feb 2015 14:14:09 +0100 (CET) Subject: [openssl-commits] [openssl] master-pre-reformat create Message-ID: <20150209131409.AAF9D1DF1AB@butler.localdomain> The annotated tag master-pre-reformat has been created at e422e1a89576a7bef94ec5ec7db3e3c7dc77e009 (tag) tagging 4b618848f9beb8271f24883694e097caa70013c0 (commit) tagged by Matt Caswell on Mon Feb 9 13:11:58 2015 +0000 - Log ----------------------------------------------------------------- Pre reformat of master Reviewed-by: Richard Levitte Adam Langley (20): Fix for EXP-RC2-CBC-MD5 Add volatile qualifications to two blocks of inline asm to stop GCC from eliminating them as dead code. Ensure that x**0 mod 1 = 0. Ensure that, when generating small primes, the result is actually of the requested size. Fixes OpenSSL #2701. This change alters the processing of invalid, RSA pre-master secrets so that bad encryptions are treated like random session keys in constant time. Don't SEGFAULT when trying to export a public DSA key as a private key. Limit the number of empty records that will be processed consecutively in order to prevent ssl3_get_record from never returning. Add secure DSA nonce flag. Make `safe' (EC)DSA nonces the default. Support ALPN. Add tests for ALPN functionality. Avoid double free when processing DTLS packets. Fix memory leak from zero-length DTLS fragments. Fix return code for truncated DTLS fragment. Remove some duplicate DTLS code. RT3065: ec_private_key_dont_crash psk_client_callback, 128-byte id bug. Don't set client_version to the ServerHello version. Premaster secret handling fixes Ensure that the session ID context of an SSL* is updated when its SSL_CTX is updated. Adam Williamson (1): RT3511: doc fix; req default serial is random Alan Hryngle (1): Return smaller of ret and f. Alok Menghrajani (3): Fixes a minor typo in the EVP docs. Improves the proxy certificates howto doc. Improves certificates HOWTO Alon Bar-Lev (1): RT1771: Add string.h include. Andreas Westfeld (1): Fix typo in ideatest.c Andr?? Guerreiro (1): Add documentation on -timeout option in the ocsp utility Andy Polyakov (1908): crypto/bn/asm/mips3.s is obsolete. I'm moving it to crypto/bn/asm/obsolete in order to replace it with a new version. crypto/bn/asm/mips3.s is moved to crypto/bn/asm/obsolete/ MIPS III/IV assembler module is reimplemented. Get rid of redundant multiplications in bn_div_words. - performance retunes, v8plus bn_*_comba routines are reimplemented; - support for GNU assembler (read SPARC Linux); GNU assembler (read SPARC Linux) support added. Added support for SPARC Linux. Minor MD5 tune-up for WIN32 on Intel. SGI IRIX config updates. SPARC Solaris config updates. when invoking bn_*_comba[48] result->top wasn't always set correctly. Bignum division tune-up. Idea is to move multiplications in front of loop body and replace 'em with addition/subtraction. Extra i386+gcc bn_div.c tune-up featuring inline division and saving the remainder left in %edx. Here is the resulting performance improvement matrix (improvement as a result of this *and* previous tune-up committed two days ago). The results were obtained by profiling the "div" part of the crypto/bn/bnspeed.c. Minor MIPS III/IV tune-up. md32_common.h update and accompanying MD5 update. RIPEMD160 shape-up. Major news are that it's operational on all platforms now and I'm putting it back to 'make test' later today. RIPEMD160 shape-up Intel assembler companion. Cycle counter benchmarks went down from 1050 to 921 cycles on Pentium II. I haven't checked the figures on Pentium yet. RIPEMD160 shape-up. Final touch. SHA clean-up and (LP64) tune-up. SHA clean-up Intel assembler companion. Initial support for MacOS. RC4 tune-up. RC4 tune-up featuring 30-40% performance improvement on most RISC platforms. See crypto/rc4/rc4_enc.c for further details. RC4 tune-up featuring 30-40% performance improvement on most RISC platforms. See crypto/rc4/rc4_enc.c for further details. MacOS updates. Initial support for MacOS is now available Late break-in patch for MacOS support. Even more late break-in MacOS tidbits... Even more late break-in MacOS tidbits (last for today)... Minor documentation update. Makefile clean-ups, crypto/bn/asm/alpha.s compiles on Alpha Linux. MacOS updates. Initial support for GUSI (MacOS socket implementation) is added. Enhanced support for Alpha Linux. See CHANGES for details. Alpha Linux update companion. Metrowerks for Motorola tune-up. Rhapsody 5.5 (a.k.a. MacOS X) compiler bug workaround. At the very least passes 'make test' now:-) Further work on MacOS port. See INSTALL.MacOS for details. Support for "multiply high" instruction, see BN_UMULT_HIGH comment in crypto/bn/bn_lcl.h for further details. It should be noted that for the moment of this writing the code was tested only on Alpha. If compiled with DEC C the C implementation exhibits 12% performance improvement over the crypto/bn/asm/alpha.s (on EV56 box running AlphaLinux). GNU C is (unfortunately) 8% behind the assembler implementation. But it's OpenVMS Alpha users who *may* benefit most as 'apps/openssl speed rsa' exhibits 6 (six) times performance improvement over the original VMS bignum implementation. Where "*may*" means "as soon as code is enabled though #define SIXTY_FOUR_BIT and crypto/bn/asm/vms.mar is skipped." New xcbc_ok test vector is required after the parity bits in cbc2_key were fixed up. The catch is that in the DESX test the cbc2_key is used as whitening key where *all* 64 bits are significant. Support for MacOS X (Rhapsody) is added. Also get rid of volatile qualifier in asm definitions as it prevents compiler from moving the instruction(s) during optimization pass. HP-UX tune-up: new unified configs, HP C compiler bug workaround. test_mont was exercising 100-bit multiplication modulus X*I-bit, where X is 5120 on 32-bit and 151552 on 64-bit architectures and I varies from 0 to 4. As result the test was *unreasonably* slow and virtually impossible to complete on 64-bit architectures (e.g. IRIX bc couldn't even swallow such long lines). New NO_INLINE_ASM macro. Primary target for the moment is Solaris x86 which can't stand GNU C assembler templates. Avoid GNU C assembler templates under Solaris x86. Move CAST_S_tables to read-only segment. Move initial key to read-only segment. Move primes to read-only segment. There're two (incompatible) ways to write multi-threaded programs under IRIX, one is to call sproc(2) when every thread does get own pid and POSIX threads when all the threads share same pid. Linux is almost the only one where getpid() == thread-id. IRIX is another one, but only if you stick to sproc(2). BN_div_recp fix. I've ran divtest for 10 mins and it didn't exhibit a single fault:-) Needless to mention that bnbug.c posted couple of days ago passes as well... Statement that it fails only on 32-bit architectures isn't true. MacOS tidbits. Add new files to the project, update config. IRIX6* tests passed. More tests passed. MacOS pseudo-random entropy collector. GCC 2.95.2 from IRIX 6.5 -mabi=64 compiler bug workaround:-( MT-support for IRIX 6.x and Alpha-Linux Compaq C warns that "the expression 'p=scan_esc(p)' modifies the variable 'p' more than once without an intervening sequence point. This behavior is undefined." What it essentially complains about is 'p=p+=1'. Now it's changed to 'p=p+1'... The IRIX fix. Asm recap and corresponding declation. Assembler support for IA-64. See the source code commentary for further details (performance numbers and accompanying discussions:-). Note that the code is not engaged in ./Configure yet. I'll add it later this week along with updates for .spec file. Get rid of RAW dependency warnings. Get rid of "possible WAW dependency" warnings. This fixes "Spurious test failures on IRIX?" reported in April. Apparently I was wrong in conclusions about when addition starts overflowing in combaX routines. Missing line 0.9.6b release and IA-64 patch advertisement:-) Support for 64-bit Solaris build with GCC 3.0 and later. It should be explicitely noted that 64-bit SPARCv9 ABI is not officially supported by GCC 3.0 (support is scheduled for 3.1 release), but it appears to work, at the very least 'make test' passes... Typo in stty command lines. Support for Intel and HP-UXi assemblers. Enhanced support for IA-64 Linux and HP-UX (as well as better support for HP-UX in common in ./config). Note that for the moment of this writing none of 64-bit platforms pass bntest. I'm committing this anyway as it's too frustrating to patch snapshots over and over while 0.9.6 is known to work. Just a "get to know your system" bit. linux64-sparcv9 support finally debugged and tested. Workaround for GCC-ia64 compiler bug. BN_sqr test failure entry. IA-32 assembler modules (primarily DES) PIC-ification. Idea is to keep shared libraries shared. DES PIC-ification. Windows companion. x86_64 performance patch. New DETECT_GNU_LD procedure. Solaris shared build fix-ups. See RT#238,239 for details. As you might have noticed I tried to change for . prefix, because it's the one to be used to denote local labels in single function scope. Problem is that SHA uses same label set across functions, therefore I have to switch back to $ prefix. Ooops! No ROTATE on some platforms after x86_64 performance patch... DES PIC-ification. "Cygwin" companion. Problem was that preprocessor macro is not expanded if prepended with a $-sign. Always forget this one... 'a=b c=$a; echo $c' doesn't necessarily prints "b", '' vs. "", $s in Makefiles... I suppose it wasn't tested very much... Make "perl des-586.pl a.out" work, see RT#402 Fix for RT#405, Solaris refuses to invoke preprocessor if egrep returns 1. Linux for example doesn't exhibit this behaviour, but I add "exit 0" to all potentially affected rules, just to be on the safe side. Better wording? Fix for "shift count too large" when compiling for hpux-parisc2 and irix-mips. The bug was introduced with accelerated support for x86_64. My fault! Fixed now. FAQ addenum as discussed in RT#417. UltraSPARC performance "tune-up." I can't confirm the claim being removed and nobody seems to speak up for it. It probably belongs in PROBLEMS, but it's more likely to be a FAQ. My English is definitely not good as my assembly skills:-) And it looks like titles can't be multi-line... I implemented this when troubleshooting performance problem on SPARC Solaris. As there is an apparent interest for optimization for footprint, I figured that this can eventually become useful. Very old submission (from 2000) of UltraSPARC assembler DES implementation. It was not accepted because code is not PIC, too UltraSPARC-specific when it doesn't have to and 32-bit only. I'm committing the original version mostly for reference purposes. 64, PIC, blended CPU tune-up follows shortly. Obtained from: http://inet.uni2.dk/~svolaf/des.htm UltraSPARC assembler DES implementation tune-up. The code can be compiled for any SPARC CPU (UltraSPARC performance is *not* affected), can be compiled for 64-bit ABI and is position-independent. Complete integration of SPARC assembler DES implementation. Tested on Solaris only. I'll keep my eyes open for Linux and OpenBSD targets. Support for Intel compiler. More details will be provided in closing note for RT#17 as snapshot becomes available for download. HP/UX 11i make gets upset by this line containing nothing but a Tab pa-risc2.s was not PIC, see RT#426. I strip call to fprintf as it's never called anyway (it's a debugging assertion). If pa-risc2W.s is PIC remains to be seen... Support for ILP32 on HPUX-IA64. Unified targets for ELF assembler modules. Tested on Linux, Solaris and FreeBSD. Goal is to extend support even to SCO5, UnixWare/OpenUnix... Redundant now as it's moved to ./Makefile.org. Oops! I've toasted Cygwin! Fixed now. GAS can't stand stub, which is stb's synonym. Another GAS fix-up and some commentary... Fix a typo. Finalizing asm support for UnixWare, SCO, OpenUnix... Note that I've replaced #if logic around bn_sub_part_words in bn_mul.c. I rely upon OPENSSL_BN_ASM_PART_WORDS being added by ./Configure script. Would it still work on non-Unix platforms? At least OpenBSD implements PIC in the same way ELF does. Avoid unnecessary pollution of object module name table. Cygwin shared build workaround (DJGPP swallows it too). One probably should do same as with ELF calling it COFF, but I'm very short in COFF platforms, so I just go for easy ad-hoc solution. I'll take care of merge to 0.9.7 later. Just an extra comment. OpenBSD FAQ update. Apparently gas from binutils-2.x makes it impossible to use gcc -fPIC ... on OpenBSD-i386. Alternative solution is provided. Minor FAQ update Fix for AIX shared build, see RT#463. Caldera/SCO targets erroneously limit themselves to 386. See RT#464. -lresolv is not present on SCO Unix, RT#460. SCO target missed .so suffix. Oops! Missed closing quote... Didn't have time to verify before a snapshot was cut... This is an *initial* tune-up. This update puts Itanium2 back on par with Itanium. I mean if overall performance improvement over C version was X for Itanium, it's X even for Itanium2. Suggestion was to change ${MACHINE} to i586 in lines in question. Well, "whatever" doesn't the same (avoids 386 being passed to ./Configure), consistent with other elder SCO targets and denotes that we probably shouldn't care much about every out-of-date platform. The patch speaks for itself. Workaround for lame compiler bug introduced in "CPU pack" for MSVC6SP5. Provide "dummy" &main::picmeup even in Windows perlasm modules. ./config failed to correctly detect if gcc uses 64-bit ABI on HP-UX. PR: 772 hpux64-parisc2-gcc target added. Once it is verified, ./config should be modified to choose it instead of hpux64-parisc-gcc, which should then be removed. hpux64-parisc-cc is removed already now as redundant [in case you wonder, 64-bit HP-UX ABI *implies* PA-RISC2.0]. SHA-1 assembler tune-up for Intel P4 Get rid of bogus warning when compiling with Sun vendor compiler. Fix declaration inconsistency in ecparam.c. Even though C specification explicitly says that constant type "stretches" automatically to accomodate the value, some compilers fail to do so. Most notably 0x0123456789ABCDEF should come out as long long in 32-bit context, but HP compiler truncates it to 32-bit value. Which in turn breaks GF(2^m) arithmetics in hpux-parisc2-cc build. Therefore this fix... CFB DES sync-up with FIPS branch. #undef _POSIX_C_SOURCE in ui_openssl.c ruined IRIX builds. Comment on why _POSIX_C_SOURCE needed in first place. HP/UX PA-RISC 2 targets update. Typo in PA-RISC 2 rules in crypto/bn/Makefile.ssl Typo in crypto/bn/asm/x86_64.c, bn_div_words(). PR: 821 IRIX 6.x shared build fix-up. This is essentially Intel 32-bit compiler tune-up. To start with all available compiler versions generated bogus machine code trying to compile new crypto/des/cfb_enc.c. Secondly, 8th version defines __GNUC__ macro, but fails to compile *some* inline assembler correctly. Note that all versions of icc implement MSC-like _lrot[rl] intrinsic, which is used now instead of offensive asm. Finally, unnecessary linker dependencies are eliminated. Most notably dependency from libirc.a caused trouble at application start-up, if libcrypto.so is linked with -Bsymbolic (which it is). Improved PowerPC support. Proper ./config support for ppc targets, especially for AIX. But most important BIGNUM assembler implementation submitted by IBM. Oops! Typo in ./config... Support for IA-32 SSE2 instruction set. SSE2 accelerated bn_mul_add_words. Code is currently disabled till proper config and run-time support is added. PR: 788 Submitted by: Reviewed by: SSE2 SHA512_Transform implementation. No, it's not used anywhere yet and is subject to change as C implementation is added... SHA-224/-256/-384/-512 implementation. This is just sheer code commit. Makefile modifications, make test, etc. will appear later... CHANGES to mention improved PowerPC platform support. size_t-fication of message digest APIs. We should size_t-fy more APIs... Make reservations for FIPS code in HEAD branch, so that the moment FIPS comes in we have required macros in place. Final API adaptation. Final, "all openssl" performance numbers [not mixture of different implementations]. Real-life performance improvement is rated at 2-3x, not 6x as preliminary announced. Stress collector/padding function. SHA-256/-512 update. A bug fix, SHA-512 tune-up for AMD64, hook for SSE2 code, Makefile update. While size_t-fying let's not forget to update documentation:-) SHA-256/-512 test and benchmark. Framework for glueing BIO layer and Win32 compiler run-time. Goal is to make it possible to produce for a unified binary build, which can be used with a variety of Win32 compilers. Documentation note for Win32 glue between BIO layer and compiler run-time. SHA-224 test vectors added. Attempt to unify hpux-shared rules. More adjustments might be required after more tests... Eliminate compiler warnings and throw in performance table. Make sure we return 0 if test passed. Unified hpux-shared rule. Verified with both 32- and 64-bit builds and both vendor and GNU compilers. ./engine shared build are still busted. I mean always were... hpux-shared rules to cover even for GNU ld. gcc -Wcast-qual clean-up. Typo in linux-ppc64 target. Kill unused macro and reimplement it for that single context it can actually be used, namely x86* platforms [because they don't bomb on unaligned access]. This resulted in 30-40% [depending on message length] improvement for SHA-256 compiled with gcc and running on P4. In the lack of assembler implementation I give the compiler all the help it can possibly get:-) Final SHA-256/-512 touches. Extra md_len field in SHA[256|512]_CTX reserves for truncated hash function output mode and makes SHA224 thread-safe. Next stop is integration with EVP and we're done... Typo in commentary section. Make sha-256/-512 naming in speed.c consistent with their names as they will appear at EVP leyer. objects.txt update for SHA-224/-256/-384/-512. SHA-224 ids still appear "draft," but we have to start somewhere... EVP bindings to new SHA algorithms. Extend HMAC_MAX_MD_CBLOCK to accomodate SHA-512. Mention new SHA algorithms in CHANGES. This completes the integration. Working on HP-UX shared support... 32-bit PA-RISC requires -Bsymbolic when linking libcrypto.sl. Without this flag RAND_poll ends up in end-less loop calling RAND_add. But don't ask me why... Minimal work-around for ./engine shared builds. "Minimal" means that I think that proper Makefile clean-up is required. SHA fails to compile on x86_64 if compiled with custom flags, without recommended -DMD32_REG_T=int in particular. PR: 893 Submitted by: Michal Ludvig New scalable bn_mul_add_words loop, which provides up to >20% overall performance improvement. Make module more gcc friendly and clarify copyright issues for division routine. New SHA algorithms assembler implementation for IA-64. Note that despite module name both SHA-256 and SHA-512 are supported. AES assembler implementation for IA-64. Note that there is no anchor from C code yet... Minor (+12% on P4) performance tweak for sha512_block_sse2. RC4 tune-up for AMD64. Performance improvement of 2.22x is measured for linux-x86_64 target. Integration of RC4 AMD64 module. IA-64 is intolerant to misaligned access. It was a problem on Win64 as we were mislead by _MSC_VER macro, which is defined by *all* Windows Microsoft compilers. Add licensing terms. Add anchors for AES, SHA-256/-512 assembler modules and SSE2 code pathes. I also used this opportunity to clean up some out-of-date targets and re-group targets by OS. Type in Configure and TABLE update. Anchor AES and SHA-256/-512 assembler from C. Make rand_win.c UNICODE savvy. All SIXTY_FOUR_BIT platforms (mind the difference between SIXTY_FOUR_BIT and SIXTY_FOUR_BIT_LONG) were failing to pass 'cd test; make test_bn'. Run SHA-256/-512 tests through EVP... EVP_Digest is size_t-fied, clean up test programs accordingly. #include is required at least on HP-UX and IRIX. And what's with HP-UX offering 14 for NAME_MAX? WinCE should always be compiled as UNICODE, even debugging version... Adapt rc4-amd64.pl for Win64/AMD64 assembler. Win64 placeholder targets. This is merely naming suggestion. As we know Win64 comes in two flavors, IA-64/Itanium and AMD64/Opteron. The suggestion is to refer to former as WIN64I and latter - WIN64A VC-NT was taken away by mistake, putting it back... Various IA-64 assembler fix-ups. Build-n-link new IA-64 modules on Linux and HP-UX. TABLE update. Minor HP-UX make update. IA-64-based HP-UX favor .so extension for shared libraries. Old .sl extension works just fine, but it .so which is default. Typos and due casts. As for the latter. It's "safe" to cast as below, because "wrong" casts will either be optimized away or never performed. Some compilers are just too whiny. DEC C doesn't like long long... Some compilers are just too whiny. Nothing makes Microsoft compiler stop complaining about loss of precision, but explicit cast. Make SHA-256/-512 optional. Note that no-sha switches off *all* SHA. 'apps/openssl dgst -help' update and minor apps/speed.c update. Minor 64-bit md32_common.h update and minor unsignification of digests. Stricter boundary condition check in HMAC_Init_ex. Make bio_ok.c 64-bit savvy. Typos, typos... Make bio_ok.c Microsoft compiler savvy. Zero key-length for HMAC is apparently OK. Add framework for yet another assembler module dubbed "cpuid." Idea is to have a placeholder to small routines, which can be written only in assembler. In IA-32 case this includes processor capability identification and access to Time-Stamp Counter. As discussed earlier OPENSSL_ia32cap is introduced to control recently added SSE2 code pathes (see docs/crypto/OPENSSL_ia32cap.pod). For the moment the code is operational on ELF platforms only. I haven't checked it yet, but I have all reasons to believe that Windows build should fail to link too. I'll be looking into it shortly... This is so to say "damage control" for jumbo "cpuid" patch, see http://cvs.openssl.org/chngview?cn=12493. Now all platform should be operational, while SSE2 code pathes get engaged on ELF platforms only. DLLEntryPoint is a collective name, not what linker looks for. However, if we explicitly intruct the linker to set entry point, then we become obliged to initialize run-time library. Instead we can pick name run-time will call and such name is DllMain. Note that this applies to both "native" Win32 environment and Cygwin:-) Deprecate cpp and gaswin targets. New coff fills in for gaswin, but cpp is going out... Clean-up GAS targets: get rid of "cpp" stuff and replace it with "purified" COFF and a.out targets [similar to ELF targets]. You might notice some rudementary support for shared mingw builds under cygwin. It works (it produces cryptoeay32.dll and ssleay32.dll with everything exported by name), but it's primarily for testing/debugging purposes, at least for now... OpenBSD fix-up for new a.out targets. OpenBSD .s.o rule is busted... Cygwin fix-up for shared build. VIA C3 processor extends IA-32 instruction set with instuctions performing AES encryption in hardware, as well as one accessing hardware RNG. As you surely imagine this engine access this extended instruction set. Well, only AES for the moment, support for RNG is to be added later on... PR: 889 Submitted by: Michal Ludvig Minor clean-up to make Microsoft compiler shut up. Avoid a.out name table pollition. If they ask for 386, keep it as 386 as possible... Padlock engine update to fix a typo in MSC assembler and to address potential corruption problem if user manages to inter-leave aligined and misaligned requests [as well as some MSC-specific tweaks]. Make aes_ctr.c 64-bit savvy. Minor VIA Padlock engine update: eliminate -Wunused warning when *not* compiling the engine and inline memcpy in performance critical pathes. crypto/perlasm update primarily to unify Netware modules. Once it's verified x86*_nw.pl will be deleted. In addition this update implements initseg on several additional [in addition to ELF] platforms. Functions registered with initseg are supposed to be called prior main(). Fix compiler warnings in crypto/evp/bio_ok.c as pointed out by Geoff. OPENSSL_ia32cap final touches. Note that OPENSSL_ia32cap is no longer a symbol, but a macro expanded as (*(OPENSSL_ia32cap_loc())). The latter is the only one to be exported to application. Proper support for OpenBSD-i386 shared build, including assember modules! "Proper" means "compiles and passes test." Versioning is broken (I think). TABLE OpenBSD-i386 update x86 assembler updates: more instructions, new OPENSSL_instrument_halt [for DJGPP]... Make VIA Padlock engine more platform friendly and eliminate compiler warning. sha256_block advances the input pointer double as fast sometimes. Fix the bug and test that it's actually gone. PR: 950 SHA1 asm Pentium tune-up. Performance loss is not as bad anymore. Fix Solaris 10_x86 shared build. -Bsymbolic is required to avoid "remaining relocations" in assembler modules. The latter seems to be new behaviour, elder as/ld managed to resolve this relocations as internal. It's possible to address this problem differently, but I settle for -Bsymbolic... PR: 546 As was shown by Marc Bevand reordering of couple of load operations results in even higher performance gain of 3.3x:-) At least on Opteron... RC4 tune-up for Intel P4 core, both 32- and 64-bit ones. As it's apparently impossible to compose blended code with would perform satisfactory on all x86 and x86_64 cores, an extra RC4_CHAR code-path is introduced and P4 core is detected at run-time. This way we keep original performance on non-P4 implementations and turbo-charge P4 performance by factor of 2.8x (on 32-bit core). linux-x86_64 didn't link after EM64T RC4 tune-up... RC4 IA-64 assembler implementation. Engage RC4 IA-64 assembler module. Summarize recent RC4 tune-ups. perlasm/x86[ms|nasm] update to accomodate updated RC4 assembler module. Final touches to rc4/asm/rc4-596.pl, +52% better performance on AMD core. sha1_block_asm_data_order can't hash if message crosses 2GB boundary. Add 0.9.7 specific comments to RC4 assembler modules. I've introduced a bug to i386 RC4 assembler, which would emerge with certain mix of calls to RC4 routine not covered by rc4test.c. It's fixed now. In addition this patch inadvertently fixes minor performance problem: in 0.9.7 context P4 was performing 12% slower than the original implementation... Fix rc4-ia64.S to pass more exhaustive regression tests. Extend RC4 test. SHA1 assembler for IA-64. Engage SHA1 IA64 assembler on IA64 platforms. Solaris x86 perlasm update. Refine PowerPC platform support. AES x86 assembler implementation. Eliminate copies of TeN and TdN, use those found in assembler module. x86 perlasm update to accomodate aes-586.pl. Engage AES x86 assembler module on ELF platforms. Engage AES x86 assembler module for COFF and a.out targets. Eliminate redundant memcpy of IV material. Performance improvement varies from platform to platform and can be as large as 20%. Remove yet another redundant memcpy. Not at least performance critical, essentially cosmetic modification... Remove CPU detect for IRIX targets. Performance gain is less than 1%, it makes more sense to strive for broader binary compatibility... As new major IRIX release is highly unlikely to appear [and break following], I change from -notall to -none synonym in irix rules to improve backward compatibility with IRIX 5.x. PR: 987 Minor cygwin update. PR: 949 Oops-kind typos in aes-ia64.S... AES-CFB[18] 2x optimization. Well, I bet nobody cares about AES-CFB1 performance, but anyway... Minor AES x86 assembler tune-up. Commentary update for AES IA-64 assembler module. Remove naming conflict between variable and label. Fix Win32 test-suit. Make whiny compilers stop complaining about missing prototype. Borrow #include from e_os.h. DJGPP update. PR: 989 Submitted by: Doug Kaufman Permit "monolithic" AES assembler implementations, i.e. such which would replace *whole* aes_core.c, not only AES_[de|en]crypt routines. DJGPP documentation note update. FAQ update to mention no-sha0 as possible workaround for Tru64 compiler bug. Well, no-options seem to be busted in HEAD currently, which should/will be fixed one way or another (see PR#989 for a possible alternative). O_NOFOLLOW is not appropriate when opening /dev/* entries on Solaris. PR: 998 Fix an "oops" typo! Well, it was a debugging left-over... "Monolithic" x86 assembler replacement for aes_core.c. Up to +15% better performance on recent microarchitectures. Rely on e_os.h to appropriately define str[n]casecmp in non-POSIX environments. INSTALL.DJGPP sync. PR: 989 Don't zap AES CBC IV, when decrypting truncated content in place. Reserve for AES CBC assembler implementation... Fix a typo in a.out assembler modules. Throw in AES CBC assembler, up to +40% on aes-128-cbc benchmark. Bug-fix in CBC encrypt tail processing and commentary section update. linux-parisc update. PR: 990 Submitted by: Mike Frysinger linux-arm target update. PR: 991 Improve ECB performance (48+14*rounds -> 18+13*rounds) and reserve for hand-coded zero-copy AES_cbc_encrypt. Default to AES u32 being unsinged int and not long. This improves cache locality on 64-bit platforms (and fixes IA64 assembler-empowered build:-). The choice is guarded by newly introduced AES_LONG macro, which needs to be defined only on 16-bit platforms which we don't support (not that I know of). Meaning that one could as well skip long option altogether. Fold a bunch of linux and *BSD targets into [linux|BSD]-generic[32|64]. Idea is to provide unified "fall-down" case for all rare platforms out there. ./config is free to enable some optimizations, such as endianness specification, specific -mcpu flags... ./Configure to respect $thread_cflag variable. FreeBSD 5 refuses to #include . Fix compiler warning after http://cvs.openssl.org/chngview?cn=12843. Please BSD make... Respect the fact that most interactive shells don't restore stty settings and make it work in non-interactive mode... Address run-time linker problems: LD_PRELOAD issue on multi-ABI platforms and SafeDllSearchMode in Windows. Shut whiny make's up. Drop redundant -lc from a number of rules in Makefile.shared. It's perfectly safe [compiler driver adds it] and in some situation even perfectly appropriate [mixing -pthread and -lc on FreeBSD can have lethal effect on apps/openssl]. I'd say we should get rid of more, but I remove those I can test myself... Mention no-sse2 option in INSTALL note. Make util/shlib_wrap.sh [Open]BSD-friendly. Make Makefile.shared BSD make-friendly, remove more redundant -lc, set up OBJECT_MODE for AIX. Reliable BSD-x86-elf detection in ./config. This patch was "ignited" by OpenBSD 3>=4 support. They've switched to ELF and GNU binutils, but kept BSD make... And I took the opportunity to unify other targets to this common least denominator... Remove unused assembler modules. Avoid re-build avalanches with HP-UX make. Cygwin to use DSO_FLFCN and mingw to use DSO_WIN32. Make bn/asm/x86_64-gcc.c gcc4 savvy. +r is likely to be initially introduced for a reason [like bug in initial gcc port], but proposed =&r is treated correctly by senior 3.2, so we can assume it's safe now. PR: 1031 Some non-GNU compilers (such as Sun C) define __i386. Solaris x86 linker erroneously pads .init segment with zeros instead of nops, which causes SEGV at startup. So I don't align anymore. Extend Solaris x86 support to amd64. +45% RC4 performance boost on Intel EM64T core. Unrolled loop providing further +35% will follow... Harmonize cygwin/mingw and VC targets. Implement OPENSSL_showfatal and make it Win32 GUI and service aware [meaning that it will detect in which context application is running and either write message to stderr, post a dialog or log an event]. Recognize MSYS/MINGW environment. Minor cryptlib.c update: compiler warnings in OPENSSL_showfatal and OPENSSL_stderr stub. Parameterize do_solaris rules in Makefile.shared. Introduce OPENSSL_NONPIC_relocated to denote relocated DLLs. Fix typos. Zap OPENSSL_EXTERN on symbols, which are not meant to be local to DLL. Final(?) touches to mingw shared support. Addenum to http://cvs.openssl.org/chngview?cn=13054. More cover-ups, removing OPENSSL_GLOBAL/EXTERNS. We can remove more... Final touch to mingw shared. Fix for bug emerged in openvpn conext. Prototype mnemonics in padlock_verify_context for better portability [read support for Solaris assembler]. Mitigate cache-timing attack in CBC mode. This is done by implementing compressed tables (2x compression factor) and by pre-fetching them into processor cache prior every CBC en-/decryption pass. One can argue why just CBC? Well, it's commonly used mode in real-life applications and API allows us to amortize the prefetch costs for larger data chunks... Throw in x86_64 AT&T to MASM assembler converter to facilitate development of dual-ABI Unix/Win64 modules. Avoid aliasing between stack frames and S-boxes. Compress prefetch code. Avoid L1 cache aliasing even between key and S-boxes. Pointer to BN_MONT_CTX could be used uninitialized. Fold rules in test/Makefiles [from stable]. Allow for ./config no-sha0 [from stable]. Cygwin/mingw sync with stable. Remove false positives and resolve some of remaining ones. x86_64 assembler translator update. Rename amd64 modules to x86_64 and update RC4 implementation. Cpuid modules updates. Commentary update. Cygwin doesn't expose Win32 [not "officially"]. Throw in md5-x86_64 assembler. Engage md5-x86_64 assembler module. Cvs missed adapted module itself, here it goes... x86_64 assembler translator update. Commentary update motivating code update in 0.9.7. Fix constants. PR: 1059 x86_64 assembler translator update. Eliminate "statement with no effect" warning when OPENSSL_assert macro is used with constant assertion. Allow for 64-bit cache-line alignments in code segment. Comply with optimization manual (no data should share cache-line with code). Fool-proofing Makefiles +20% performance improvement of P4-specific RC4_CHAR loop. Consolidate BUILDENV [idea is to keep all variables in one place]. Simplify shared rules, link run-path into applications only. Make Makefile.shared quiet again. Further BUILDENV clean-up, 'make depend' is operational again. Further BUILDENV refinement, further fool-proofing of Makefiles and [most importantly] put back dependencies accidentaly eliminated in check-in #13342. Improve shell portability of new rules in Makefile.shared. Move cryptlib.h prior bio.h. Actually it makes sense to include cryptlib.h first everywhere in crypto and skip stdio.h and string.h [because it includes them]. Disclaim 16-bit support. OPENSSL_Applink update. mdc2test is not built by default anymore. Keep disclaming 16-bit support. Engage Applink for VC builds. Engage Applink in mingw. Note that application-side module is not compiled into *our* aplpications. That's because mingw is always consistent with itself. Having library-side code linked into .dll makes it possible to deploy the .dll with user-code compiled with another compiler [which is pretty much the whole point behind Applink]. Don't emit SSE2 instructions unless were asked to. PR: 1073 FAQ update to mention Applink. FAQ to mention no-sse2. Move _WIN32_WINNT definition from command line to e_os.h. The change is inspired by VC6 failure report. In addition abstain from taking screen snapshots when running in NT service context. Default to no-sse2 on selected platforms. Still SEGV trouble in .init segment under Solaris x86... OPENSSL_NO_SHA512 to mask even SHA512_CTX declaration. This is done to make no-sha512 more effective on platforms, which don't support 64-bit integer type of *any* kind. Be more consistent with OPENSSL_NO_SHA256. Platform update from 8-stable. Platform update from 8-stable. Fix typo in ./config. Missing sparcv8.o rule. PR: 1082 Mention more GCC bugs in ./PROBLEMS. "Show" more respect to no-sha* config options. PR: 1086 PSS update [from 0.9.7]. Fix inconsistensy between 8 and HEAD. ./PROBLEMS to mention workarounds for ULTRIX build problems. PR: 1092 Unify BSDi target. New function, DSO_pathbyaddr, to find pathname for loaded shared object by an address within it. Tested on Linux, Solaris, IRIX, Tru64, Darwin, HP-UX, Win32, few BSD flavors... Change mention of Makefile.ssl to Makefile. FAQ to mention no-sha512 as option for compilers without support for 64-bit integer type. Allow BIO_s_file to open and sequentially access files larger than 2GB on affected platforms. PR: 973 "Liberate" dtls from BN dependency. Fix bug in replay/update. Allow for dso load by explicit path on HP-UX. Eliminate gcc -pedantic warnings. Handle wrap-arounds and revive missing assignment. Solaris x86_64 /usr/ccs/bin/as support. Refine ELF detection on BSD platforms. Fix typo in ssl/d1_pkt.c. Solaris-specific Makefile.shared update from 098. TABLE was out-of-sync. no-asm didn't prevent make from compiling assembler modules. Jumbo Makfiles update. HP-UX specific updates to Makefile.org and Makefile.shared. Rename mips3.o to bn-mips3.o [it's better in long run] and adjust the rule to accomodate gcc4, which no longer support SGI as. Typo in bn-mips3 rule. Missed -c in IRIX rules. Darwin specific update for Configure and Makefile.shared. Replace emms with finit in x86cpuid. Omit padding in RC4_KEY on IA-64. The idea behind padding was to reserve room for aligning of the key schedule itself [specific alignment is required for future performance improvements], but OpenSSH "abuses" our API by making copies and restoring RC4_KEY, thus ruining the alignment and making it impossible to recover the key schedule. PR: 1114 Minimum requirement for Solaris x86 was always Pentium. Reflect this in Configure line. TABLE update accomodates other recent ./Configure changes... Minor (final?) Makefiles polish. Unify some SCO targets. Fix typos in apps/apps.c Eliminate dependency on UNICODE macro. Mention hpux64-ia64-cc blowfish failure in PROBLEMS. A report suggests that there're nasm version, which defaults to 16-bit segmenting... Replace _int64 with __int64, which is more widely accepted among Win32 compiler vendors. AES_cbc_encrypt to allow end-user to retain small blocks performance by aligning the key schedule in a specific manner. Typos in commentary section. Pedantic polish to aes-586.pl:-) Decimal printout of a BN is wrong on PPC, it's sparse with very few significant digits. As soon it verifies elsewhere it goes to 0.9.8 and 0.9.7. More elegant solution to "sparse decimal printout on PPC" problem. Trap condition should be 64-bit when it's due. Fix bugs in bug-fix to x509/by_dir.c. PR: 1131 Pull up Win64 support from 0.9.8. CHANGES and TABLE sync with 0.9.8. Latest Intel compiler means every word in "if copying [with memcpy] takes place between objects that overlap, the behavior is undefined." It's hard to comprehend, but it reportedly manages to be case. AES x86_64 assembler implementation. complementary x86_64-xlate.pl update. Commentary section update. ~15% better AES x86_64 assembler. Fix unwind directives in IA-64 assembler modules. This helps symbolic debugging and doesn't affect functionality. Unrolled RC4 IA-64 loop gives 40% improvement over current assembler implementation [as predicted]. This update implements following improvements. Switch to new RC4 IA-64 module. Retire original rc4-ia64.S. MD5 IA-64 assembler implementation. Original copy for reference purposes. This update gets endianness-neutrality right and adds second required entry point, md5_block_asm_data_order. Engage MD5 assembler module. Fix bug [SHA1 IA-64 being disabled] introduced with Stratus VOS update. PR: 1130 Perl stylistic/cosmetic update for aes-x86_64.pl. Typo in version number. Pedantic polish to rc4-ia64.pl. Syncronize BSD-ia64 with other IA64-based platforms. Pedantic polish to md5-ia64.S. Pedantic polish to aes-ia64 and sha512-ia64. SHA-256/-512 x86_64 assembler module. Engage SHA-256/-512 x86_64 assembler module. Eliminate gcc warning in dso_win32.c. Pull up mkdef.pl from 0.9.8. Unify VC-32.pl and VC-CE.pl scripts and update INSTALL.W32. Commentary section update in sha512-x86_64.pl. Fix #if _MSC_VER clause in aes_locl.h Eliminate dependency on 3rd party wcedefs.mak. Implement complementary LoadLibraryA shim under WCE. Type in OSF1 platform name. Eliminate bogus #if WCEPLATFORM!=MS_HPC_PRO [which by the way unconditionally invalidated the whole clause] and replace it with #if _WIN32_WCE>=210. Stick to -DWCE_PLATFORM_$wceplatf, as that's what is apparently set by Visual Studio IDE. Optimize for space on embedded WCE. Keep disclaiming 16-bit support. WCE-specific fix for cryptlib.c. WCE-specific update for VC-32.pl. Abstain from GUI calls in rand_win.c in NT service context. PIC-ify SPARC assembler in alternative manner to eliminate dependency on OPENSSL_PIC macro. WCE update, mostly typos. 3-4 times better RSA/DSA performance on WIN64A target. Well, on AMD64 CPU, EMT64T will hardly exhibit better performance... Final(?) WinCE update. Add support for more recent WCE SDK. Suppress "deprecated" warnings introduced in VC8. Fix Intel assembler warnings. Mention wcecompat update INSTALL.WCE. Fix typo in WCE section in VC-32.pl Pedantic polish to WCE-specific #if clause in ectest.c Eliminate reference to removed platform line. bswapl usage should be masked by I386_ONLY. PR: 1195 Oops-type typo. PR: 1195 Missing space in VC-32.pl. Another missing space in VC-32.pl [from 0.9.8]. Mention BN_sqr failure on x86 platforms in ./RPOBLEMS. PR: 1176 [and others] Proper solution to nasm compilation problems in Borland context. BC-32.pl updates. Refine AIX support. PR: 1198 MD5 x86_64 assembler update. Fix typo: "powepc" vs "powerpc." G-r-r-r-r. PR: 1198 IA-32 BN tune-up. Performance imrpovement varies with platform and keylength, this time larger improvement for shorter keys, and reaches 15%. Both SSE2 and IALU code pathes are improved. "Overload" SunOS 4.x memcmp, which ruins ASN1_OBJECT table lookups. PR: 1196 Submitted by: Russel Ruby Latest MSVCR80 doesn't tolerate unsupported signal numbers, throwing fatal exceptions. Broaden compatibility among Windows SDK versions. Elder versions don't have ULONG_PTR, so we replace it with equally wide SIZE_T. Fix SunOS 4 building issue. PR: 1196 Fix missing applink call. Fix typo. Add reference implementation for bn_[mul|sqr]_mont, new candidates for assembler implementation. Reserve for SMALL_FOOTPRINT bn_asm.c. Currently OPENSSL_SMALL_FOOTPRINT is defined on Windows CE targets. Fix typo in exptest.c. Zap DES_UNROLL when SMALL_FOOTPRINT is in effect. Fix typo in INSTALL.WCE. Mention "no-dso doesn't remove -ldl" in PROBLEMS. PR: 1160 Leave the decision to call/implement bn_sqr_mont to assembler developer. Refine logic in bn_mont.c and eliminate redundant BN_CTX pulls. Throw in Montgomery multiplication assembler for x86_64. x86_64-mont.pl readability improvement. Throw in bn/asm/x86-mont.pl Montgomery multiplication "teaser". Add timestamp to x86-mont.pl. Broaden compatibility amount Win32 headers even further [some don't have SIZE_T]. Fix bug in SMALL_FOOTPRINT path and clarify comment. Make sure x86-mont.pl returns zero even if compiled with no-sse2. Flip saved argument block and tp [required for non-SSE2 path]. Yet another "teaser" Montgomery multiply module, for UltraSPARC. It's not integrated yet, but it's tested and benchmarked [see commentary section for further details]. util/pl/OS2-EMX.pl sync. Add rudimentary aix64-gcc target. Change bn_mul_mont declaration and BN_MONT_CTX. Update CHANGES. Add support for 32-bit ABI to sparcv9a-mont.pl module. Eliminate gcc warning in bn_mont.c. bn_asm.c update. Integrate sparcv9a-mont.pl into UltraSPARC builds. Clarify binary compatibility with HAL/Fujitsu SPARC64 family. Move DES_SPtrans to where it really belongs, dec_enc to be specific. Eliminate ~3.5KB of duplicate code in des-586.pl and reserve for folded loop option, which can give further 3KB code reduction. Fix typos in macos x targets. Eliminate false preprocessor dependencies introduced with VOS support. +20% SHA512 performance improvement on x86. Fix install problems on MacOS X and HP-UX. PR: 1218,1185 Add -install_name in link_a.darwin rule. PR: 1218 Make pshufw optional and update performance table in sha512-sse2.pl [as per http://cvs.openssl.org/chngview?cn=14551]. Disable BIO_s_fd on CE and disable fd:N as password passing option on all _WIN32 [see commentary for clarification]. Reserve for OPENSSL_NO_POSIX_IO macro which is to eliminate references to open/read/write/close. First OPENSSL_NO_POSIX_IO target would be Windows CE. Mask libcrypto references to stat with OPENSSL_NO_POSIX_IO. Get rid of arcane reference to _fmode in apps/apps.h. Binary open is handles properly by bss_file.c, which renders _fmode redundant. Make cygwin work in directories mounted with 'text' attribute. Engage OPENSSL_NO_POSIX_IO on Windows CE. Eliminate dependency on read/write/stat in apps under _WIN32. Eliminate remaining calls to stat in apps/apps.c and unify WIN32_rename for all Windows targets. Eliminate crypto/tmdiff.[ch]. Collect timing procedures in apps/apps.c. It's a bit cruel patch, as it temporarily[!] removes support for couple of esoteric platforms [well, Netware, vxWorks and VMS]. Fix newly introduced typos and warnings in ./apps. x86_64-xlate.pl commentary section update. The typos never stop. Fix one in apps/apps.c. Keep removing references to tmdiff. Revive app_tminterval for VMS. Revive app_tminterval for vxworks. Revive app_tminterval for Netware. First draft for WCE PortSDK support. Once again! It's *draft* which requires more work, i.e. more modifications are due... Eliminate VC compiler warning. Address MASM-specific problems introduced with http://cvs.openssl.org/chngview?cn=14547. Move declaration for optional bn_mul_mont to bn_lcl.h in order to hide it from mkdef.pl. One of Win64 rules lacked bufferoverflowu.lib. Improve cross-compiler portability of applink.c module and mention CRYPTO_malloc_init in FAQ. Tidying up WinCE support. Minor perlasm clean-up. AIX -blibpath is not accumulative, one apparently has to specify even self-obvious /usr/lib:/lib. PR: 1239 Mention PROBLEMS in FAQ. Avoid end-less loop when libcrypto.a is manually deleted, but 'make clean' was not executed. It doesn't excuse user from running 'make clean', it simply avoids process table exhaustion. PR: 1236 Submitted by: Michael Richardson Throw in comment so that one doesn't get tempted to optimize it away. Attempt to resolve sporadic SEGV crashes in bn_sub_words in OpenSSH. I'm baffled why it crashes and does it sporadically... Apply "better safe than sorry" approach after addressing sporadic SEGV in bn_sub_words to the rest of the sparcv8plus.S. Keep shutting up VC8. PR: 1243 Whirlpool hash implementation. The fact that subdirectory and .h file are called whrlpool is not a typo, but a way to keep the names shorter than 8 characters. Remaining TODO list comprises adding OID, EVP, corresponding flag to apps/openssl dgst, benchmark, engage assembler... Add missing Makefile and fix couple of typos in commentary. Remove development leftover from whrlpool/asm/wp-mmx.pl. Add Whirlpool OID. Fix typos in wp-mmx.pl. Adapt Whirlpool API for EVP. Add Whirlpool to EVP. Mention Whirlpool in dgst -help. Whirlpool for x86_64. x86cpuid.pl update. Couple other benchmark comparisons for wp-x86_64.pl. Fix typos in wp-mmx.pl. Support for indirect calls in x86 assembler modules. Initial draft for AES for UltraSPARC assembler. Revoke the option to share AES S-boxes between C and assembler. It wastes space, but gives total flexibility [back]. Engage AES for UltraSPARC in sparcv9 targets. Minor aes-sparcv9.pl optimization. Allow for bn(64,32) on LP64 platforms. Switch 64-bit sparcv9 platforms from bn(64,64) to bn(64,32). This doesn't have impact on performance, because amount of multiplications does not increase with this switch, not on sparcv9 that is. On the contrary, it actually improves performance, because it spares a load of instructions used to chase carries. Not to mention that BN assembler modules can be shared more freely between 32- and 64-bit builts. Add IALU-only bn_mul_mont for SPARCv9. See commentary section for details. sparccpuid module update. To exclude contention for shared FPU on T1, trade 3% of DES performance. Eliminate warning induced by http://cvs.openssl.org/chngview?cn=14690 and keep disclaiming narrower than 32-bit support. We all make typos:-) Fix just introduced ones in bn.h Mention bn(64,64) to bn(64,32) switch on 64-bit SPARCv9 targets in CHANGES. Allow for warning-free passing of -Wl options on config command line. One possible usage is to pass -Wl,-z,-noexecstack on Linux to ensure the stack is marked non-executable. Well, -Wa,--noexecstack works fine too... Make room for Whirlpool assembler in Configure. Engage Whirlpool assembler and mention Whirlpool in CHANGES. Make framework for Whirlpool assembler flexible. Unify sparcv9 assembler naming and build rules among 32- and 64-bit builds. Engage run-time switch between bn_mul_mont_fpu and bn_mul_mont_int. Fix typos in osf1 shared rules. PR: 1248 Submitted by: Nikola Milutinovic Make bio.h resistant to gnu-ish __attribute__ redefenitions. PR: 1252 Put back OPENSSL_SYS_MSDOS definition to revive DJGPP built. PR: 1247 Missing CFLAG in couple of depend: targets. PR: 1247 Submitted by: Doug Kaufman Keep disclaiming 16-bit platform support. For now remove WIN16 references from .h files... Typo in sparcv8cap.c. Eliminate possible mapping leak. As SPARCV9 CPU flavor is [expected to be] detected at run-time, we can afford to relax SPARCV9/8+ compiler command line and produce "unversal" binaries as we used to. Lower PADLOCK_CHUNK till value, which doesn't affect the benchmark results. Well, it's even contrary, 512 was observed to *improve* performance by 5%. Excuse ourselves from treating C7 specially. Minor sparcv9 clean-ups. Fix CFB and OFB modes in eng_padlock.c. Engine was consistent with itself, but not interoperable with the rest of the world. test_padlock script is added mostly for reference. Add DSO_global_lookup_func implementation. See commentary in dso_lib.c for further details. Oops! Remove junk... Fix mapping "leak" in newly introduced win32_globallookup. util/mkerr.pl update to address various mkerr.pl problems [such as failure to handle multi-line comments and endless loop while parsing overloaded gnu-ish __attribute__]. "Relax" prototype and rename DSO_global_lookup_func to DSO_global_lookup. Make b_sock.c IPv6 savvy. Typo in win32_globallookup. ./util update, which covers various issues, but most importantly mkerr.pl and mkdef.pl spinning in endless loop. Fix typo and purify logic in b_sock.c Compile Windows with winsock2.h. But note that we still link with wsock32! This works because wsock32 commonly loads ws2_32 anyway and we [intend to] check upon presense of winsock2-specific API at run-time. Refine login in b_sock.c. SHA-1 for x86_64. Yet another "teaser" Montgomery multiplication module, for PowerPC. SHA1 for PowerPC. Typo in linux-ppc line. PPC assembler distiller update. Minor PPC assembler updates. Futher minor PPC assembler update. Tiny up hpux targets. Tune up AES CFB. Performance improvement varies from 10% to 50% from platform to platform. Its absolute value is within few percents marginal from that of ECB. Minor sha1-ppc.pl update. Add sha512-ppc.pl module. Minor ppc-xlate.pl update. Correct logical error in STRICT_ALIGNMENT check and remove copy of eay licence, as module is practically rewritten from scratch [well, even original submission was obviously "almost, but not quite, entirely unlike" any other eay *_cfb.c module, not to mention new functions]. Reimplement AES_ofb128_encrypt. Sync aes.h with http://cvs.openssl.org/chngview?cn=15336. Fix obvious typo. Mitigate cache-collision timing attack on last round. Mitigate the hazard of cache-collision timing attack on last round. Well, prefetch could have been moved closer to Td4 references. Something for later consideration... Mitigate the hazard of cache-collision timing attack on last round. The only chance for T[ed]4 to get evicted in this module is when its cache "overlaps" with last 128 bits of key schedule. Prepare playground for AES experimental code. Typos(?) in HEAD/crypto/evp/p_lib.c. Unsigned vs signed comparison warning. Fix compiler warnings. Add option for "compact" rounds to aes_x86core.c. "Compact" rounds are those referencing compact, 256-byte, S-boxes. Reimplement outer rounds as "compact" in x86 assembler. This has rather strong impact on decrypt performance, 20-25%. One probably should consider switching between slower and faster routines depending on how much data we were asked to process. Next generation aes-586.pl featuring AES_[en|de]crypt, accessing exclusively 256 byte S-box. AES_cbc_encrypt needs further work as it should also use slow routines when processing smaller amount of data. perlasm/x86unix.pl update. Engage assembler in solaris64-x86_64-cc. Real Bourne shell doesn't interpret ==, but =. Switch to compact S-box when generating AES key schedule. Switch to compact S-box when generating AES key schedule. Agressively prefetch S-box in SSE codepatch, relax alignment requirement, check for SSE bit instead of MMX, as pshufw was introduces in PIII, minor optimization, typos... Revised AES_cbc_encrypt in x86 assembler module. +20% tune-up for Power5. Fix bug in x86unix.pl introduced in latest update. PR: 1380 Fix bug in aes-586.pl. Rewrite sha1-586.pl. Improve 386 portability of aes-586.pl. Remove x86ms.pl and reimplement x86*.pl. As x86ms.pl is out, remove do_masm.bat and mention to it in INSTALL.W32. Race condition in ms/uplink.c. PR: 1382 Build error on non-unix. PR: 1390 Re-implement md32_common.h [make it simpler!] and eliminate code rendered redundant as result. Linking errors on IA64 and typo in aes-ia64.S. Support for .asciz directive in perlasm modules. Synchronize SHA1 assembler with md32_common.h update. VIA-specific Montgomery multiplication routine. Further synchronizations with md32_common.h update. bn/asm/ppc.pl to use ppc-xlate.pl. Further synchronizations with md32_common.h update, consistent naming for low-level SHA block routines. Typo in perlasm/x86asm.pl. Fix bug in big-endian path and optimize it for size. Temporary fix for sha256 IA64 assembler. Gcc over-optimizes PadLock AES CFB codepath, tell it not to. Avoid application relink on every make invocation. Align data payload for better performance. Rudimentary support for cross-compiling. Make c_rehash more platform neutral and make it work in mixed environment, such as MSYS with "native" Win32 perl. Allow for mingw cross-compile configuration. Switch Win32/64 targets to Winsock2. Updates to ISNTALL.W32 cover even recent mingw modifications. Fix mingw warnings. OPENSSL_ia32cap.pod update. Yet another mingw warning. Harmonize dll naming in mingw builds. Further mingw build procedure updates. Minor portability update to c_rehash. sha512-ppc.pl mutli-thread safety fix. Non-SSE2 path to bn_mul_mont. But it's disabled, because it currently doesn't give performance improvement. This is "informational" commit. Its mere purpose is to expose "modulo factor" in inner loops. Modulo-schedule loops in sparcv9a-mont.pl. Overall improvement factor over 0.9.8 is up to 3x on USI&II cores and up to 80% - on USIII&IV. Minor optimizations based on intruction level profiler feedback. Clarify HAL SPARC64 support situation in sparcv9a-mont.pl. Camellia portability fixes. Fix bugs in Camellia CBC routine. Improve Camellia code readability. Eliminate redundant variable in Camellia CBC routine. Montgomery multiplication routine for Alpha. Minor, +10%, tune-up for x86_64-mont.pl. alpha-mont.pl: gcc portability fix and make-rule. Engage alpha-mont module. Actually verified on Tru64 only. Eliminate 64-bit alignment limitation in sparcv9a-mont. x86-mont.pl sse2 tune-up and integer-only squaring procedure. Make sha.h more "portable." Oops! New prototype code creeped through... Fix for "strange errors" exposed by ccgost engine. The fix is two extra insructions in sqradd loop at line #503. Minor performance improvements to x86-mont.pl. Move eng_padlock.c to ./engines. Allow opensslwrap.sh to access engines from build tree. Minor clean-up in crypto/engine. Minor clean-up in crypto/bn/asm. Montgomery multiplication for MIPS III/IV. Not engaged. #include in digest headers. opensslwrap.sh to respect $OPENSSL_ENGINES. Montgomery multiplication for ARMv4. Make armv4t-mont module backward binary compatible with armv4 and rename it accordingly. SHA1 for ARMv4 and Thumb. Minor optimization for sha1-armv4 module. AES for ARMv4. Minor touch to aes-armv4.pl. Minimize aes_core.c footprint when AES_[en|de]crypt is implemented in assembler. sparcv9a-mont was modified to handle 32-bit aligned input, but check for 64-bit alignment was not removed. nasm fixes. Various PowerPC config updates. Remove obsolete comment. Two extra instructions in RC4 character loop give 80% performance improvement on Core2. I still need to detect Core2 and choose this path... link warnings caused by nasm modules. Fixes for aix-shared rules. aix[64]-cc config lines update. Allow shared builds for aix[64]-gcc targets. Reserve for assembler implementation of RC4_set_key and implement x86 one. Update x86cpuid.pl to correctly detect shared cache and to support new RC4_set_key. RC4_set_key for x86_64 and Core2 optimization. PR: 1447 Reimplement rc4-586.pl, relicense rc4-x86_64.pl. s390x assembler pack. Engage s390x assembler modules. s390x optimizations. Bug in apps/dgst.c. Typo in s390x_asm. Typo in commit #16187. rll does not seem to be available on legacy s390. Revert irrelevant changes from commit #16191. Fix s390x bugs and correct performance coefficients. Fine reading of manual suggests that km can return non-normal completion code. Fix bug introduced in cn#16195. SHA for sparcv9. Engage SHA for sparcv9. Detect UltraSPARC T1 in ./config. Commentary updates to SHA for sparcv9. Mention Core2 in sha1-x86_64. Make sha*-ia64 modules alignment neutral. As all assembler modules are alignment neutral, allow C to pass unaligned content. x86_64 assembler updates. Profiling revealed that OPENSSL_cleanse consumes *more* CPU time than sha1_block_data_order when hashing short messages. Move OPENSSL_cleanse to "cpuid" assembler module and gain 2x. Add alphacpuid.s Fix linking error after adding alphacpuid.s. Throw in ppccpuid module. Initial draft of AES for PPC. sparccpuid.s update. ppc-xlate.pl update. x86cpuid fixes. PR: 1526 Typo in x509_txt.c. --enable-auto-image-base in cygwin build. PR: 1517 Submitted by: vinschen at redhat.com Typo in aes-ppc.pl. Padlock engine fails to compile with -O0 -fPIC. OPENSSL_IMPLEMENT_GLOBAL caused more grief than it's worth (it's used twice in legacy code). I'd rather just remove it along with legacy interface, but it's probably not as appropriate as I'd like. Reimplement the macro. SHA256 for ARMv4. AES_set_[en|de]crypt_key for s390x. s390x gas can't handle .align 128. AES_set_[en|de]crypt_key for ARMv4. Eliminate conditional final subtraction in Montgomery multiplication. Commentary updates and minor optimization for bn_mont.c. Privatize BN_*_no_branch. Eliminate conditional final subtraction in Montgomery assembler modules. SPARC Solaris and Linux assemblers treat .align directive differently. PR: 1547 Make some shortcuts in sparcv9cap.c. Trouble is that di_walk_node result is inconsistent among CPU generations. Typo in Linux part of sparcv9cap.c PR: 1532 bn_asm for s390x. Optimize OPENSSL_cleanse. CHANGES update from 098-stable. Typo in x86_64-mont.pl. PR: 1549 Flush output in x86_64cpuid.pl. Latest bn_mont.c modification broke ECDSA test. I've got math wrong, which is fixed now. Fix build problem on Tru64. Typo in str_lib.c PR: 1177 bn_mul_recursive doesn't handle all cases correctly, which results in BN_mul failures at certain key-length mixes. PR: 1427 EVP_*_cfb1 was broken. PR: 1318 Add _x86_64_AES_[en|de]crypt_compact. Various minor updates to AES assembler modules. gas -g doesn't tolerate unpadded .bytes in code segment. shlib_wrap.sh update. _x86_64_AES_[en|de]crypt_compact: size optimization and aggressive T[ed]4 prefetch. Minor optimization in AES_set_encryption_key for x86_64. Lppc_AES_[en|de]crypt_compact: size optimization. Complete synchronization of aes-x86_64 with aes-586. x86*cpuid update. md32_common.h update. Allow for option to skip hardware support. Configure update from 098. x86 perlasm updates. ia64cpuid update. AES for IA64 update. Respect ISO aliasing rules. PR: 1296 Make ppccpuid AIX friendly. As for inline vs. __inline. The original code implies that most compilers understand inline, while WIN32 ones insist on __inline. Well, there are other compilers that insist on __inline. At the same time it turned out that most compilers understand both __inline and inline. I could find only one that doesn't understand __inline, Sun C. In other words it seems that __inline as preferred choice provides better coverage... Make preprocessor logic more fail-safe. Buglet fixes and minor optimization in aes-x86_86 assembler. Typo in ppccpuid.pl. Proper support for shared build under MacOS X. MacOS X update. Typos in ./config. PR: 1563 Workaround MSVC6 compiler bug. Make x86_64 modules work under Win64/x64. IRIX and Tru64 platform updates. shlib_wrap update, IRIX section. shlib_wrap commentary update. Make room for Camellia assembler. Make naming more consistent. Improve cache locality in linux64-sparcv9. aes_ige suffered SIGBUS on RISC platforms. Add darwin64-x86_64-cc target. Unify RC4 settings among darwin platforms. Compress and more aggressively constify ec_curve.c [the latter is achieved by minimizing link relocations]. Offer darwin64-x86_64-cc as option. Constify seed and md2. Add sha512_block implementation optimized for small register bank. On x86 it gives same performance, while code size shrinks >10 times. SHA256/512 for x86. SHA512 for ARMv4. Commentary updates. More Intel cc fix-ups. Engage new x86 assembler modules. Remove sha512-sse2.pl. Make bn2dec work on "SIXTY_FOUR_BIT" platforms. PR: 1456 BSD run-time linkers apparently demand RPATH on .so objects. PR: 1381 Minor fix in link_[oa].hpux. It's inappropraite to override application signal, nor is it appropriate to shut down Winsock unless we know it won't be used [and we never do]. PR: 1439 Minor sha[256|512]-586 performance tweaks. Remove pq_compat.h. Mention SHA2 in openssl.pod. PR: 1575 Mention aes in enc.pod. PR: 1529 Remove excessive whitespaces from bio.h Minimize stack utilization in probable_prime. Eliminate redundant make rule. Wire DES weak_keys to read-only segment. Constify obj_dat.[ch], as well as minimize linker relocations. Wire RC4 key_table to read-only segment. Minor formatting fixes in crypto/sha/asm. Addenum to "Constify obj_dat.[ch]." Fix indentation in d1_both.c. Clarify commentary in sha512-sparcv9.pl. Make sha512-armv4.pl byte-order neutral. 10% performance tweak in 64-bit mode. ARMv4 assembler pack. Minor ARMv4 update. Move -march=armv4t to ./config. Yet another ARM update. It appears to be more appropriate to make developers responsible for -march choice. Switch to RFC-compliant version encoding in DTLS. DTLS RFC4347 requires client to use rame random field in reply to HelloVerifyRequest. DTLS RFC4347 says HelloVerifyRequest resets Finished MAC. Make ChangeCipherSpec compliant with DTLS RFC4347. Basic idea behind explicit IV is to make it unpredictable for attacker. Until now it was xor between CBC residue and 1st block from last datagram, or in other words still predictable. Oops! This was erroneously left out commit #16632. Switch to bn-s390x (it's faster on keys longer than 512 bits) and mention s390x assembler pack in CHANAGES. Prohibit RC4 in DTLS. Make it possible to link VC static lib with either /MT or /MD application. PR: 1230 Addendum to commit #16651. size_t-fy crypto/buffer. Addendum to commit #16654. Make DTLS1 record layer MAC calculation RFC compliant. Respect cookie length set by app_gen_cookie_cb. Synchronize CHANGES between 0.9.8 and HEAD. DTLS fixes from 0.9.8-stable. Fix warnings in d1_both.c [from 0.9.8-stable]. Bunch of constifications. Make ssl compile [from 098-stable, bug is masked by default]. Don't let DTLS ChangeCipherSpec increment handshake sequence number. PR: 1587 Commit #16325 fixed one thing but broke DH with certain moduli. Combat [bogus] relocations in some assember modules. Synchronize x86nasm.pl with x86unix.pl. Structure symbol decorations, optimize label handling... Some assembler are allergic to lea reg,BYTE PTR[...]. gmp engine was non-operational. x86 perlasm overhaul. Disable support for Metrowerks assembler. Assembler itself is broken, specifically it incorrectly encodes EA offsets between 128 and 255. Mac OS X x86 assembler support. Engage x86 assembler in Mac OS X build. Source readability fix, which incidentally works around XLC compiler bug. ppc-xlate.pl update. New Montgomery multiplication module, ppc64-mont.pl. Reference, non-optimized implementation. This is essentially informational commit. This is also informational commit exposing loop modulo scheduling "factor." Final (for this commit series) optimized version and with commentary section. perlasm/x86*.pl updates. NASM has recently changed name of win32 pre-compiled binary. PR: 1627 x86gas.pl update. Last dso_dlfcn.c check-in said "Use Dl_info only on systems where it is known to exist. It does not exist on AIX 4.3.3, AIX 5.1, SCO 5, or Cygwin" and disabled it on banch of systems it's known to exists, such as FreeBSD, Solaris, 64-bit HP-UX, MacOS X. Get it straight. Make AES_T[ed] private to aes-586 module. Make aes-x86_64 work with debug Win64 build. engine/ccgost Win32 portability fixes. Compensate for BSDi shell bug. Cygwin compatibility fix to apps/ocsp.c. Fix unsigned/signed warnings in ssl. Automate assembler support in mk1mf even further. Unify x86 perlasm make rules. rc4-x86_64 portability fix. Make all x86_64 modules independent on current working directory. Allow to specify filename on sha1-ia64.pl command line. Automate assembler support for Win64 targets (more work is needed). Unify ppc assembler make rules. crypto/rc5/Makefile was erroneously omitted from last perlasm unification. Also remove obsolete and now misleading comments. rc5/asm/rc5-586.pl was erroneously omitted from last perlasm unification. ppc64-mont optimization. Micro-profiling assisted "optimization" for Power6. Essentially it's so to say educational commit. Reordering instructions doesn't improve performance much, rather exhibits Power6 limitations. Ad-hockery for Platform SDK ml64. Support for NASM>=2 in Win64/x64 build. Make x86_64-mont.pl work with debug Win64 build. Fix fast reduction on NIST curves (as well BN_NIST_ADD_ONE macro). PR: 1593 Do BN_nist_mod_384 by the book, as cheating doesn't work. Other functions will be revised too. PR: 1593 Clarifying comment. Fix remaining BN_nist_mod_*. PR: 1593 Resolve __DECC warning and keep disclaiming support for 16-bit platforms. Takanori Yanagisawa has shown how to correctly use pre-computed values. So in a sense this commit reverts few latest ones fixing bugs in original code and improving it, most notably adding 64-bit support [though not in BN_nist_mod_224 yet]. PR: 1593 Compensate inline assembler in sha512.c for gcc 2.7.2 compiler bug. PR: 1667 Add 64-bit support to BN_nist_mod_244 and engage BN_nist_mod_* on 64-bit platforms. Depict future Win64/x64 development. Reaffirm that NASM is the only supported assembler for Win32 build. x86nasm.pl update: use pre-defined macros and allow for /safeseh link. x86masm.pl cosmetics. des-596.pl update: short-circuit reference to DES_SPtrans. x86_64cpuid.pl cosmetics: harmonize $dir treatment with other modules. x86masm.pl: harmonize functions' alignment. Remove junk argument to function_begin in sha/asm/*-586.pl. PR: 1681 mem_dbg.c: avoid compiler warnings. PR: 1693 Submitted by: Stefan Neis x86_64-xlate.pl: implement indirect jump/calls, support for Win64 SEH. perlasm update: implement dataseg directive. Split ms/uplink.pl to corresponding platform versions. sha1-armv4-large.pl performance improvement. On PXA255 it gives +10% on 8KB block, +60% on 1KB, +160% on 256B... sha1-armv4-large cosmetics. AIX build updates. DTLS didn't handle alerts correctly. PR: 1632 dtls1_write_bytes consumers expect amount of bytes written per call, not overall. PR: 1604 Winsock handles SO_RCVTIMEO in unique manner... PR: 1648 Fix yesterday typos in bss_dgram.c. Fix EC_KEY_check_key. Remove redundant BN_ucmp, fix boundary condition in BN_nist_mod_224 and reimplement BN_nist_mod_521. Optimize bn_correct_top. Fix argument order in BN_nnmod call and implement rigorous boundary condition check. x86_64-xlate.pl update: refine SEH support. Camellia update. Quoting camellia.c: Harmonize Camellia API with version 1.x. Fix crash in BN_rshift. PR: 1663 Minor clean-up in bn_lib.c: constification and optimization. ec2_mult.c readability update. Fix typo in ./config. .cvsignore update: ignore all flavors of shared objects. randfile.c: .rnd can become orphaned on VMS. size_t-fy AES, Camellia and RC4. size_t-fy EVP_CIPHER. Note that being size_t-fied it doesn't require underlying cipher to be size_t-fied, it allows for size_t, signed and unsigned long. It maintains source and even binary compatibility. Fix warnings after commit#17578. Fix SHA512 and optimize BN for mingw64. Fix bss_log.c on Windows. Minor perlasm updates. Add initial support for mingw64. PR: 1693 Submitted by: Alon Bar-Lev Revert commit #17603, it should have been part of #17617. x86_64-xlate.pl to support MacOS X and mingw64. x86_64 assembler pack to comply with updated styling x86_64-xlate.pl rules. Update make rules for x86_64 assembler pack. Configure update: clean-ups and most notably engage x86_64 assembler on MacOS X. x86_64-xlate.pl update, engage x86_64 assembler in mingw64. Add Camellia assembler x86 and x86_64 modules. no-asm didn't exclude Camellia assembler. Bring C bn_mul_mont template closer to assembler. SEED to support OPENSSL_SMALL_FOOTPRINT: ~2x size decrease on x86. 128-bit block cipher modes consolidation. As consolidated functions rely on indirect call to block functions, they are not as fast as non-consolidated routines. However, performance loss(*) is within measurement error and consolidation advantages are considered to outweigh it. SEGV in AES_cbc_encrypt in aes-x86_64 assembler module. PR: 1801 Submitted by: Huang Ying perlasm/x86* update: support for 3 and 4 argument instructions. x86_64-xlate.pl: fix masm hexadecimal constants. x86_64 assembler pack: add support for Win64 SEH. cmll-x86_64.pl: bug fix and size optimization of Win64 SEH section. make depend to work with cross-gcc, compensate for msys glitch. PR: 1753 Submitted by: Alon Bar-Lev This _WIN32-specific patch makes it possible to "wrap" OpenSSL in another .DLL, in particular static build. The issue has been discussed in RT#1230 and later on openssl-dev, and mutually exclusive approaches were suggested. This completes compromise solution suggested in RT#1230. PR: 1230 Incidentally http://cvs.openssl.org/chngview?cn=17710 also made it possible to build the library without -D_CRT_NONSTDC_NO_DEPRECATE. This commit expands it even to apps catalog and actually omits the macro in question from Configure. Optimize #undef DES_UNROLL for size. cmll-x86_64.pl: Win64 SEH section to handle pushf/popf in CBC routine. Optimize CAST for size on 64-bit platforms. For reference, CAST_LONG being unsigned long must be attributed to 16-bit support. As we don't support 16-bit platoforms anymore, there is no reason to waste twice required space on CAST S-boxes (16KB vs. 8KB) or key schedule. crypto/modes: make modes.h selfsufficient and rename block_f to block128_t. Engage crypto/modes. Patch the omission from prvious commit #17716. Windows-specific addenum to "engage crypto/modes" commit #17716. Revisit RT#1801 and complete fix. cmll-x86_64.pl: fix bug in cbc tail processing and comply with Win64 ABI spec. Add modes/cts128.c, Ciphertext Stealing implementation. x86_64-xlate.pl: support for binary constants, such as 0b1010101. Fix "possible loss of data" Win64 compiler warnings. bn_lib.c: [re-]fix Win64 compiler warning. Styling update to makefiles: $() to denote make substitutions and $${} - shell ones. Styling update to makefiles: eliminate redundant pipes. Makefile.shared: improve portability of commit#17753. Add UltraSPARC VIS-powered SHA1 block procedure. Reserve for "multilib" suffix, the one allowing to perform multi-ABI installations. It's not enabled in Makefiles yet. s390x assembler pack update. sha1-sparcv9a.pl: fix bug in commentary section. linux-s390x failed link after assembler pack update. s390x-mont.pl: optimize prologue. RC4 for s390x. rc4-s390x.pl: allow for older assembler and optimize character loop. Make SPARC assembler Pirify-friendly (Purify can't cope with certain PIC constructs). Excuse myself from integrating sha1-sparcv9a.pl into build system, but make it Purify-friendly... Make SPARC assembler modules *really* Purify-friendly. aes-390x.pl: commentary update. Camellia update: make it respect NO_[INLINE_]ASM and typo in assembler. Expand OPENSS_ia32cap to 64 bits. Handle push/pop %rbx in epi/prologue (this is Win64 SEH thing). AESNI perlasm update. Addenum to commit#18074: Expand OPENSSL_ia32cap to 64 bits. Engage nasm optimizations in Win64 build. Improve readability of bio/b_sock.c Minor shaX-s390x.pl update. e_padlock: add support for x86_64 gcc. Intel AES-NI engine. aesni-x86.pl: fix typos. aesni-x86.pl: fix another typo and add test script. Update test/test_padlock script. v3_alt.c: otherName parsing fix. AES-NI engine jumbo update. aesni-x86_64.pl: resolve LNK1223 error. eng_aesni.c: fix assembler declarations. ec_mult.c: fix C4334 win64 compiler warning. cryptlib.c: eliminate dependency on _strtoui64, older Windows CRT don't have it. Engage cmll-x86_64.pl in Win64 build and make it compile correctly. eng_aesni.c: win32 fix. Make CAPI engine UNICODE aware (it didn't work on Win64). Make it possible to compile CAPI engine under mingw64. Avoid double dialogs in OpenSSLDie on Windows. libeay.num: add ENGINE_load_aesni. cryptlib.c: refine logic in OpenSSLDie (addenum to commit#18118). e_padlock.c: fix typo (missing #endif) and switch to __builtin_alloca (with introduction of 64-bit support alloca must be declared and there is no standard way of doing that, switching to __bultin_alloca is considered appropriate because code explicitly targets gcc anyway). x86_64-xlate.pl: small commentary update. x86_64cpuid.pl: refine shared cache detection logic. x86cpuid.pl: sync OPENSSL_ia32_cpuid with x86_64cpuid.pl. x86[_64]cpuid.pl: further refine shared cache detection. sha1-x86* assembler update: F_40_59 and Atom-specific optimizations. cmll-x86_64.pl: small buglet in CBC subroutine. PR: 2035 Combat gcc 4.4.1 aliasing rules. aesni-x86.pl: eliminate development comments. b_sock.c: fix compiler warning. bss_dgram.c: more elegant solution to PR#2069. Use socklen_t heuristic from b_sock.c, don't assume that caller always passes pointer to buffer large enough to hold sockaddr_storage. PR: 2069 x86masm.pl: eliminate linker "multiple sections found with different attributes" warning. x86_64-xlate.pl: new gas requires sign extention in lea instruction. This resolves md5-x86_64.pl and sha1-x86_64.pl bugs, but without modifying the code. PR: 2094,2095 sha512.c: there apparently is ILP32 PowerPC platform, where it is safe to inline 64-bit assembler instructions. Normally it's inappropriate, because signalling doesn't preserve upper halves of general purpose registers. Meaning that it's only safe if signals are blocked for the time "wide" code executes. PR: 1998 SHA1 assembler show off: minor performance updates and new modules for forgotten CPUs. Add sha512-parisc.pl. OPENSSL_ia32cap.pod update. util/pl/VC-32.pl: bufferoverflowu.lib only when actually needed and eliminate duplicate code. PR: 2086 cms-test.pl: use EXE_EXT. PR: 2107 bss_dgram.c: re-fix BIO_CTRL_DGRAM_GET_PEER. PR: 2110 ppc64-mont.pl: adapt for 32-bit and engage for all builds. ppccap.c: tidy up. ppc64-mont.pl: missing predicate in commentary. Switch to new uplink assembler. Throw in more PA-RISC assembler. Update sha512-parisc.pl and add make rules. PA-RISC assembler: missing symbol and typos. Deploy multilib config-line parameter. It was added in February to allow for kind of installation suggested in ticket #2003 from August. What it effectively does now, is arrange pre-configured default $libdir value. Note that it also fixes ENGINESDIR, i.e. harmonizes it with install path. ppccap.c: fix compiler warning and perform sanity check outside signal masking. ppc64-mont.pl: clarify comment and fix spelling. Adapt mingw config for newer mingw environment. Note modified conditional compilation in e_capi.c. PR: 2113 b_sock.c: correct indirect calls on WinSock platforms. PR: 2130 Submitted by: Eugeny Gostyukhin Add Montgomery multiplication module for IA-64. ppc64-mont.pl: commentary update. Fix compilation on older Linux. Linux didn't always have sockaddr_storage, not to mention that first sockaddr_storage had __ss_family, not ss_family. In other words it makes more sense to avoid sockaddr_storage... sendto is reportedly picky about destination socket address length. PR: 2114 Submitted by: Robin Seggelmann http://cvs.openssl.org/chngview?cn=19053 made me wonder if bind() and connect() are as finicky as sendto() when it comes to socket address length. As it turned out they are, therefore the fix. Note that you can't reproduce the problem on Linux, it was failing on Solaris, FreeBSD, most likely on more... ia64-mont.pl: addp4 is not needed when referring to stack (this is 32-bit HP-UX thing). ia64-mont.pl: add shorter vector support ("shorter" refers to 512 bits and less). bn_lcl.h: add MIPS III-specific BN_UMULT_LOHI as alternative to porting crypto/bn/asm/mips3.s from IRIX. Performance improvement is not as impressive as with complete assembler, but still... it's almost 2.5x [on R5000]. Minor updates to ppccap.c and ppccpuid.pl. apps/speed.c: limit loop counters to 2^31 in order to avoid overflows in performance calculations. For the moment there is only one code fast enough to suffer from this: Intel AES-NI engine. PR: 2096 s390x assembler update: add support for run-time facility detection. rand_win.c: handle GetTickCount wrap-around. x86_64-xlate.pl: refine sign extension logic when handling lea. PR: 2094,2095 Enable PA-RISC assembler in Configure (feedback from PA-RISC 2.0 is still needed). rand_win.c: fix time limit logic. OPENSSL_cleanse to accept zero length parameter [matching C implementation]. pariscid.pl: OPENSSL_cleanse to compile on PA-RISC 2.0W and to accept zero length parameter. ia64cpuid.S: OPENSSL_cleanse to accept zero length parameter. parisc-mont.pl: PA-RISC 2.0 code path optimization based on intruction- level profiling data resulted in almost 50% performance improvement. PA-RISC 1.1 is also reordered in same manner, mostly to be consistent, as no gain was observed, not on PA-7100LC. Add assigned OIDs, as well as "anonymous" ones for AES counter mode. Add AES counter mode to EVP. Reserve for option to implement AES counter in assembler. Fix s390x-specific HOST_l2c|c2l. ppccap.c: portability fix. Initial version of Galois Counter Mode implementation. Interface is still subject to change... gcm128.c: add option for streamed GHASH, simple benchmark, minor naming change. Add GHASH x86 assembler. Add GHASH x86_64 assembler. ghash-ia64.pl: new file, GHASH for Itanium. ghash-x86_64.pl: minimize stack frame usage. ghash-x86.pl: modulo-scheduling MMX loop in respect to input vector results in up to 10% performance improvement. Fix UPLINK typo. e_capi.c: fix typo. GHASH assembler: new ghash-sparcv9.pl module and saner descriptions. bss_file.c: fix MSC 6.0 warning. rand_win.c: fix logical bug in readscreen. dso_dlfcn.c: fix compile failure on Tru64. ARMv4 assembler: fix compilation failure. Fix is actually unconfirmed, but I can't think of any other cause for failure cryptlib.c: allow application to override OPENSSL_isservice. PR: 2194 alpha-mont.pl: comply with stack alignment requirements. sparccpuid.S: some assembler is allergic to apostrophes in comments. sha1-alpha.pl: engage it in build. Add ghash-alpha.pl assembler module. ctr129.c: fix typo, simplify ctr128_inc and fix "n=0" bug. sha1-alpha.pl: addenum till commit #19547. perlasm/x86*: add support to SSE>2 and pclmulqdq. x86_64-xlate.pl provides correct solution to problem addressed in committ #19244. AESNI engine: add counter mode. cts128.c: add support for NIST "Ciphertext Stealing" proposal. gcm128.c: commentary and formatting updates. AESNI engine: update test_aesni. aes-ppc.pl: 10% performance improvement on Power6. [co]fb128.c: fix "n=0" bug. gcm128.c and assembler modules: change argument order for gcm_ghash_4bit. ghash-x86*.pl: fix performance numbers for Core2, as it turned out previous ones were "tainted" by variable clock frequency. x86_64cpuid.pl: ml64 is allergic to db on label line. md5-ia64.S: fix assembler warning. bss_file.c: reserve for option to encode file name with UTF-8. Take gcm128.c and ghash assembler modules into the build loop. Add ghash-parisc.pl. bss_file.c: refine UTF-8 logic on Windows. Add ghash-armv4.pl. "Jumbo" update for crypto/modes: - introduce common modes_lcl.h; - ctr128.c: implement additional CRYPTO_ctr128_encrypt_ctr32 interface; - gcm128.c: add omitted ARM initialization, remove ctx.ctr; Revert previous Linux-specific/centric commit#19629. If it really has to be done, it's definitely not the way to do it. So far answer to the question was to ./config -Wa,--noexecstack (adopted by RedHat). x86_64-xlate.pl: refine some regexp's and add support for OWORD/QWORD PTR. x86asm.pl: consistency imrovements. GCM "jumbo" update: - gcm128.c: support for Intel PCLMULQDQ, readability improvements; - asm/ghash-x86.pl: splitted vanilla, MMX, PCLMULQDQ subroutines; - asm/ghash-x86_64.pl: add PCLMULQDQ implementations. ghash-x86[_64].pl: add due credit. rc4-x86_64.pl: "Westmere" optimization. gcm128.c: commentary update. ghash-x86.pl: MMX optimization (+20-40%) and commentary update. gcm128.c: P.-M. Hager has tipped about possibility to fold reductions in gcm_ghash_4bit. Taking the idea a step further I've added extra 256+16 bytes of per-key storage, so that one can speak about 3rd variant in addition to "256B" and "4KB": "528B" one. Commonly it should be ~50% faster than "256B" implementation or ~25% slower than "4KB" one. Configure: update mingw config-lines. x86_64-xlate.pl: refine mingw support and regexps, update commentary. VC-32.pl: unconditionally generate symbols.pdb. x86 perlasm: add support for 16-bit values. ghash-x86.pl: "528B" variant of gcm_ghash_4bit_mmx gives 20-40% improvement. ghash-x86.pl: commentary updates. ghash-x86_64.pl: "528B" variant delivers further >30% improvement. VC-32.pl: fix /Fd name generation. PR: 2284 SPARCv9 assembler pack: refine CPU detection on Linux, fix for "unaligned opcodes detected in executable segment" error. crypto/sparc*: eliminate _sparcv9_rdwrasi. ghash-sparcv9.pl: fix Makefile rule and add performance data for T1. ghash-armv4.pl: excuse myself from implementing "528B" flavour. sparcv9cap.c: reiterate CPU detection logic. PROBLEMS: MacOS X is not necessarily a problem anymore. rand_nw.c: compensate for gcc bug (using %edx instead of %eax at -O3). PR: 2296 crypto/*/Makefile: unify "catch-all" assembler make rules and harmonize ARM assembler modules. armv4-mont.pl: addenum to previous commit#19749. Harmonize s390x assembler modules with "catch-all" rules from commit#19749. Rework framework for assembler support for AES counter mode and add AES_ctr32_encrypt to aes-s390x.pl. gcm128.c: API modification and readability improvements, add ghash benchmark to apps/speed.c. INSTALL.W32: mention _OPENSSL_isservice(). PR: 2194 Configure: fix aes_ctr.o regexp. ARM assembler pack: reschedule instructions for dual-issue pipeline. Modest improvement coefficients mean that code already had some parallelism and there was not very much room for improvement. Special thanks to Ted Krovetz for benchmarking the code with such patience. sha1-armv4-large.pl: add performance data for Cortex A8 core. aes-s390x.pl: revisit buffer allocation and add performance data. Makefile.shared: update link_o.dawrin rule. PR: 2306 Makefile.shared: debugging line slipped through in previous commit. Configure: suppress $multilib with non-system $prefix. PR: 2307 Makefile.shared: link_o.darwin comment update. aesni-x86[_64].pl: fine-tune, add CCM subroutine, add performance data. perlasm/x86asm.pl: move aesni and pclmulqdq opcodes to aesni-x86.pl and ghash-x86.pl. aesni-x86_64.pl: fix typos. perlasm/x86_64-xlate.pl: extend SSE>2 to ml64. aes-x86_64.pl: remove redundant instructions. eng_aesni.c: switch to CRYPTO_ctr128_encrypt_ctr32. modes/Makefile: update clean rule. ghash-ia64.pl: excuse myself from implementing "528B" variant. rc4-s390x.pl: harmonize build rule with other similar rules. sha1-alpha.pl: commentary update. ms/: update do_win64*.bat and remove redundant mingw32.bat. Replace alphacpuid.s with alphacpuid.pl to ensure it makes to release tar-balls. PR: 2309 aes-x86_64.pl: commit#19797 was overzealous, partially reverse. alphacpuid.pl: fix brown-bag bug. md32_common.h: modify MD32_REG_T pre-processing logic [triggered by clang]. gcm128.c: add CRYPTO_gcm128_[en|de]crypt_ctr32. rc5_locl.h: make inline assembler clang-friendly. sha1-armv4-large.pl: reschedule instructions for dual-issue pipeline. crypto/modes/Makefile: fix typo in ghash-parisc.s rule. Makefile.share: fix brown-bag typo in link_o.darwin. gcm128.c: fix typo in CRYPTO_gcm128_encrypt_ctr32 name. engine/Makefile: harmonize engine install rule for .dylib extension on MacOS X. PR: 2319 util/cygwin.sh: maintainer's update. sparcv9cap.c: disengange Solaris-specific CPU detection routine in favour of unified procedure relying on SIGILL. PR: 2321 ghash-ia64.pl: 50% performance improvement of gcm_ghash_4bit. modes/asm/ghash-*.pl: switch to [more reproducible] performance results collected with 'apps/openssl speed ghash'. Add ghash-s390x.pl. crypto/bn/asm/s390x.S: drop redundant instructions. crypto/ppc[cpuid|cap]: call CPU detection once and detect AltiVec. Configure: remove redundant -DMD32_REG_T=int. sha1-armv4-large.pl: more readable input pickup. Alpha assembler pack: adapt for Linux. PR: 2335 VC-32.pl: default to nasm if neither nasm or nasmw is is found at the moment. PR: 2338 s390x assembler pack: extend OPENSSL_s390xcap_P to 128 bits. ghash-s390x.pl: reschedule instructions for better performance. sha1-mips.pl, mips-mont.pl: unify MIPS assembler modules in respect to ABI and binutils. Add unified mips.pl, which will replace mips3.s. MIPS assembler pack: enable it in Configure, add SHA2 module, fix make rules, update commentary... sha512-mips.pl: add missing byte swap for little-endians. x86_64-xlate.pl: fix LNK4078 and LNK4210 link warnings. PR 2356 sha512-mips.pl: fix "little-endian" typos. Add aes-mips.pl assembler module. sha512-mips.pl: add missing 64-bit byte swap. Configure: update mips[32|64]_asm lines. s390x.S: fix typo in bn_mul_words. PR: 2380 INSTALL.W32: document trouble with symlinks under MSYS. PR: 2377 s390x assembler pack: adapt for -m31 build, see commentary in Configure for more details. TABLE update. Configure: make -mno-cygwin optional on mingw platforms. PR: 2381 bss_file.c: refine UTF8 logic. PR: 2382 apps/x590.c: harmonize usage of STDout and out_err. PR: 2323 e_capi.c: change from ANSI to TCHAR domain. This makes it compilable on Windows CE/Mobile, yet keeps it normal Windows loop. PR: 2350 e_capi.c: rearrange #include-s to improve portability. PR: 2394 gcm128.c: fix bug in OPENSSL_SMALL_FOOTPRINT decrypt. PR: 2432 Submitted by: Michael Heyman gcm128.c: allow multiple calls to CRYPTO_gcm128_aad. gcm128.c: add boundary condition checks. ccm128.c: initial draft. ccm128.c: initialize ctx->block (what I was smoking?). xts128.c: initial draft. x86gas.pl: make data_short work on legacy systems. gcm128.c: make it work with no-sse2. Configure: engage assembler in Android target. dso_dlfcn.c: make it work on Tru64 4.0. PR: 2316 s390x assembler pack: tune-up and support for new z196 hardware. xts128.c: minor optimization. ghash-x86.pl: optimize for Sandy Bridge. ia64-mont.pl: optimize short-key performance. gcm128.c: tidy up, minor optimization, rearrange gcm128_context. ARM assembler pack: profiler-assisted optimizations and NEON support. ARM assembler pack: add missing arm_arch.h. gcm128.c: fix shadow warnings. ccm128.c: minor optimization and bugfix in CRYPTO_ccm128_[en|de]crypt. Multiple assembler packs: add experimental memory bus instrumentation. ccm128.c: fix STRICT_ALIGNMENT another bug in CRYPTO_ccm128_decrypt. perlasm/x86[nm]asm.pl: make OPENSSL_instrument_bus[2] compile. ccm128.c: fix Win32 compiler warning. perlasm/x86gas.pl: make OPENSSL_instrument_bus[2] compile. xts128.c: minor optimization and clarified prototype. xts128.c: fix bug introduced in commit#20704. Bug affected encryption of vectors whose lenght was not multiples of 16 bytes. ccm128.c: add CRYPTO_ccm128_[en|de]crypt_ccm64 and minor optimization. gcm128.c: minor optimization. bn_gf2m.c: optimized BN_GF2m_mod_inv delivers sometimes 2x of ECDSA sign. Exact improvement coefficients vary from one benchmark and platform to another, e.g. it performs 70%-33% better on ARM, hereafter less for longer keys, and 100%-90% better on x86_64. xts128.c: minor optimizaton. ARM assembler pack. Add bn_GF2m_mul_2x2 implementation (see source code for details and performance data). ARM assembler pack: engage newly introduced armv4-gf2m module. x86 assembler pack: add bn_GF2m_mul_2x2 implementations (see x86-gf2m.pl for details and performance data). IA-64 assembler pack: fix typos and make it work on HP-UX. Optimized bn_nist.c. Performance improvement varies from one benchmark and platform to another. It was measured to deliver 20-30% better performance on x86 platforms and 30-40% on x86_64, on nistp384 benchmark. fips_canister.c: initial support for cross-compiling. "Initial" refers to the two-entry list of verified platforms in #ifndef FIPS_REF_POINT_IS_SAFE_TO_CROSS_COMPILE pre-processor section. fips_canister.c: fix typo. fips_canister.c: pick more neutral macro name. bn_nist.c: fix shadowing warnings. x86_64-xlate.pl: allow "base-less" effective address, add palignr, move pclmulqdq. x86_64 assembler pack: add x86_64-gf2m module. x86gas.pl: add palignr and move pclmulqdq. cms-test.pl: make it work with not-so-latest perl. ppc-xlate.pl: get linux64 declaration right. x86[_64]cpuid.pl: handle new extensions. e_padlock.c: make it compile on MacOS X. x86_64cpuid.pl: allow shared build to work without -Bsymbolic. PR: 2466 x86_64-xlate.pl: add inter-register movq and make x86_64-gfm.s compile on Solaris, MacOS X, elderly gas... x86gas.pl: don't omit .comm OPENSSL_ia32cap_P on MacOS X. aesni-x86_64.pl: make it compile on MacOS X. ec_cvt.c: avoid EC_GFp_nist_method on platforms with bn_mul_mont [see commentary for details]. ec_cvt.c: ARM comparison results were wrong, clarify the background. ppccap.c: addenum to recent EC optimizations. x86_64-gf2m.pl: add Win64 SEH. aesni-x86[_64].pl: optimize for Sandy Bridge and add XTS mode. spacrv9cap.c: addenum to recent EC optimizations. rc4-586.pl: 50% improvement on Core2 and 80% on Westmere. e_padlock.c: last x86_64 commit didn't work with some optimizers. rc4-586.pl: optimize unused code path. e_padlock.c: fix typo. x86_64cpuid.pl: get AVX masking right. rc4-586.pl: optimize even further... rc4-x86_64.pl: major optimization for contemporary Intel CPUs. PPC assembler pack: adhere closer to ABI specs, add PowerOpen traceback data. x86[_64]cpuid.pl: harmonize usage of reserved bits #20 and #30. rc4-x86_64.pl: RC4_options fix-up. rc4-x86_64.pl: fix due credit. aes-ppc.pl: handle unaligned data on page boundaries. sha1-586|x86_64.pl: add SSSE3 and AVX code paths. x86cpuid.pl: last commit broke platforms with perl with 64-bit integer. sha1-586|x86_64.pl: minor portability fix. Various mingw64 fixes. aesni-x86[_64].pl: relax alignment requirement. e_aes.c: integrate AESNI directly into EVP. e_aes.c: fix aes_cfb1_cipher. e_aes.c: fix typo. x86[_64]cpuid.pl: add function accessing rdrand instruction. x86_64cpuid.pl: fix typo. e_aes.c: move AES-NI run-time switch and implement the switch for remaining modes. rc4_skey.c: remove dead/redundant code (it's never compiled) and misleading/obsolete comment. Minor x86_64 perlasm update. rc4-x86_64.pl: commentary update. s390x assembler pack: add s390x-gf2m.pl and harmonize AES_xts_[en|de]crypt. Configure: clean up linux32-s390x line. crypto/bn/Makefile: fix typo. md5-x86_86.pl: remove redundant instructions. rc4-586.pl: add Atom performance results. crypto/sha/asm/sha[1|512]-mips.pl: minor updates. crypto/whrlpool/wp_block.c: harmonize OPENSSL_ia32cap_P. crypto/aes/Makefile: make it work on IRIX. x86_64-xlate.pl: masm-specific update. sha1-x86_64.pl: fix win64-specific typos and add masm support. s390x-gf2m.pl: commentary update (final performance numbers turned to be higher). sha1-x86_64.pl: nasm 2.07 screws up labels if AVX path is compiled. x86_64-xlate.pl: sha1 and md5 warnings made it to nasm 2.09, extend gnu assembler workaround to all assemblers. x86_64-mont.pl: add squaring procedure and improve RSA sign performance by up to 38% (4096-bit benchmark on Core2). evp.h: add flag to distinguish AEAD ciphers and pair of control codes... ssl/t1_enc.c: initial support for AEAD ciphers. ssl/ssl_ciph.c: allow to switch to predefined "composite" cipher/mac combos that can be implemented as AEAD ciphers. perlasm/cbc.pl: fix tail processing bug. PR: 2557 config: detect if assembler supports --noexecstack and pass it down. ms/uplink.c: fix Visual Studio 2010 warning. fips/Makefile: HP-UX-specific update. ARM assembler pack: add platform run-time detection. sha512-sparcv9.pl: minor optimization of sha256. Add RSAX builtin engine. It optimizes RSA1024 sign benchmark. aes-ppc.pl: minor optimization favoring embedded processors (performance of "big" processors is unaffected). fips_canister.c: add support for embedded ppc linux. util/incore: make transition smoother. util/incore: fix brown-bag bug. cryptlib.c: OPENSSL_ia32cap environment variable to interpret ~ as cpuid mask. aes/asm/aesni-*.pl: fix CCM and further optimize it. modes/ccm128.c: minor branch optimization. x86_64-mont.pl: futher optimization resulting in up to 48% improvement (4096-bit RSA sign benchmark on Core2) in comparison to initial version from 2005. Add provisory support for RDRAND instruction. alphacpuid.pl: fix alignment bug. alpha-mont.pl: fix typo. PR: 2577 This commit completes recent modular exponentiation optimizations on x86_64 platform. It targets specifically RSA1024 sign (using ideas from http://eprint.iacr.org/2011/239) and adds more than 10% on most platforms. Overall performance improvement relative to 1.0.0 is ~40% in average, with best result of 54% on Westmere. Incidentally ~40% is average improvement even for longer key lengths. x86_64-xlate.pl: fix movzw. SPARC assembler pack: fix FIPS linking errors. armv4-mont.pl: profiler-assisted optimization gives 8%-14% improvement (more for longer keys) on RSA/DSA. eng_rdrand.c: make it link in './config 386' case. x86_64-mont5.pl: add missing Win64 support. bn_div.c: remove duplicate code by merging BN_div and BN_div_no_branch. Makefile.org: get commit#21249 right. modexp512-x86_64.pl: make it work with ml64. eng_rsax.c: improve portability. Add RC4-MD5 and AESNI-SHA1 "stitched" implementations. util/incore: fix typo. bn_exp.c: improve portability. crypto/bn/bn_gf2m.c: make it work with BN_DEBUG. config: don't add -Wa options with no-asm. Padlock engine: make it independent of inline assembler. engines/asm/e_padlock-x86_64.pl: name it right and fix small bug. Add so called Vector Permutation AES x86[_64] assembler, see http://crypto.stanford.edu/vpaes/ for background information. It's not integrated into build system yet. vpaes-x86[_64]*.pl: fix typo. Allow for dynamic base in Win64 FIPS module. Integrate Vector Permutation AES into build system. sha512-x86_64.pl: +15% better performance on Westmere and incidentally Atom. Other Intel processors +5%, Opteron -2%. sha256-586.pl: minor optimization, +0-2% on all CPUs, +7% on Westmere. Make latest assembler additions (vpaes and e_padlock) work in Windows build. Add bit-sliced AES x86_64 assembler, see http://homes.esat.kuleuven.be/~ekasper/#software for background information. It's not integrated into build system yet. bsaes-x86_64.pl: add due credit. e_padlock-x86.pl: make it work on VIA C3 (which doesn't support SSE2). e_padlock-x86.pl: previous C3-specific fix was incomplete. e_padlock-x86*.pl: Nano-related update. e_padlock-x86_64.pl: fix typo. e_padlock: add CTR mode. e_padlock-x86[_64].pl: SHA fixes, comply with specification and fix bug. e_padlock-x86_64.pl: brown-bag bug in stack pointer handling. e_padlock-x86[_64].pl: protection against prefetch errata. Remove eng_aesni.c as AES-NI support is integrated directly at EVP. aesni-x86[_64].pl: fix bug in CCM code. e_aes.c: fix bug in aesni_gcm_tls_cipher. Add android-x86. Engage bsaes-x86_64.pl, bit-sliced AES. bn_shift.c: minimize reallocations, which allows BN_FLG_STATIC_DATA to be shifted in specific cases. bn_mont.c: simplify BN_from_montgomery_word. x86_64-mont.pl: minor optimization. bn_exp.c: further optimizations using more ideas from http://eprint.iacr.org/2011/239. bn_mont.c: get corner cases right in updated BN_from_montgomery_word. c_allc.c: add aes-xts to loop. [bs|vp]aes-x86[_64].pl: typos and clarifications. bsaes-x86_64.pl: make it work with ml64. x86_64-xlate.pl: make vpaes-x86_64.pl and rc4-md5-x86_64 work with ml64, fix bug in .crt section alignment. PR: 2620, 2624 evp/e_aes.c: fold AES-NI modes that heavily rely on indirect calls (trade 2% small-block performance), engage bit-sliced AES in GCM. engines/.cvsignore: stop whining about e_padlock-*.s. fips_enc.c: assign minimal block size to bad_cipher [to avoid arithmetic exceptions in TLS layer]. fips/*: extend fipsro segmenting to all _MSC_VER builds (including WinCE). fipssyms.h: assign alias to newly introduced bn_gather5. arm_arch.h: add missing pre-defined macro, __ARM_ARCH_5TEJ__. fips_canister.c: more cross-compiler platfroms verified. Remove superseded MIPS assembler modules. vxworks-mips: unify and add assembler. Drain unused MacOS directory. sha1-mips.pl: fix typo. fips/fips_[canister|premain].c: make it work with VC6 and add sentinels even to code segments. armcap.c: auto-setup processor capability vector. fips.c: x86[_64] capability masking. fips.c: remove preprocessor artefact. mk1mk.pl: cleanup engines' handling and make fips build work on WIN64I. x86gas.pl: relax .init segment alignment. config: in cross-compile case interrogate cross-compiler, not host, work around sub-shell limitation. fips_canister.c: harmonize fingerprinting for all Windows, CE or not. cryptlib.c: remove stdio dependency in Windows fipscanister.lib. e_aes.c: prevent potential DoS in aes_gcm_tls_cipher. e_aes.c: fold even aesni_ccm_cipher. bsaes-x86_64.pl: add decryption procedure (with unoptimized reference InvMixColumns). bsaes-x86_64.pl: optimize InvMixColumns. bn_exp.c: fix corner case in new constant-time code. bsaes-x86_64.pl: add CBC decrypt and engage it in e_aes.c. ppc.pl: fix bug in bn_mul_comba4. PR: 2636 Submitted by: Charles Bryant x86cpuid.pl: don't punish "last-year" OSes on "this-year" CPUs. PR: 2633 armv4cpuid.S, armv4-gf2m.pl: make newest code compilable by older assembler. e_aes.c: fold aesni_xts_cipher and [most importantly] fix aes_xts_cipher's return value after custom flag was rightly reverted. fipsld, incore: switch to new cross-compile support. fips_premain.c: fix warning about _exit on MacOS X. fips_canister.c: add cross-compiler support for iOS (it applies even to MacOS X, because it's easier to handle it this way). Configure: allow ./config to pass compiler flags with white spaces. Configure: initial support for iOS. config: KERNEL_BITS envrionment variable to control choice between 32- and 64-bit darwin builds. config: KERNEL_BITS envrionment variable to control choice between 32- and 64-bit Solaris builds. Configure: harmonize darwin64-x86_64-cc line with assembler pack. x86cpuid.pl: compensate for imaginary virtual machines. arm_arch.h: allow to specify __ARM_ARCH__ elsewhere. bsaes-x86_64.pl: add bsaes_xts_[en|de]crypt. Makefile.org: proper libclean on MacOS X. engines/: get rid of cvs warnings on MacOS X, proper clean in ccgost. Configure, x86gas.pl: fix linker warnings in 32-bit Darwin build. cryptlib.c, etc.: fix linker warnings in 64-bit Darwin build. e_aes.c: additional sanity check in aes_xts_cipher. rc4test.c: commit#21684 broke x86_64 shared Linux build. This is temporary solution so that one can build rc4test... bn_nist.c: fix strict-aliasing compiler warning. bsaes-x86_64.pl: add Win64 SEH and "hadrware" calls to aes-x86_64.pl. Configure, e_aes.c: allow for XTS assembler implementation. Configure: reimplement commit#21695. bsaes-x86_64.pl: fix buffer overrun in tail processing. bn/asm/mips.pl: fix typos. x86-mont.pl: fix bug in integer-only squaring path. PR: 2648 perlasm/x86gas.pl: give a hand old assemblers assembling loop instruction. modexp512-x86_64.pl: Solaris protability fix. vpaes-x86.pl: portability fix. PR: 2657 vpaes-x86.pl: revert previous commit and solve the problem through x86masm.pl. PR: 2657 apps/speed.c: Cygwin alarm() fails sometimes. PR: 2655 apps/speed.c: fix typo in last commit. update CHANGES. bn_nist.c: harmonize buf in BN_nist_mod_256 with other mod functions. cmac.c: optimize make_kn and move zero_iv to const segment. aes-sparcv9.pl: clean up regexp PR: 2685 asn1/t_x509.c: fix serial number print, harmonize with a_int.c. PR: 2675 Submitted by: Annie Yousar ecdsa.pod: typo. PR: 2678 Submitted by: Annie Yousar speed.c: typo in pkey_print_message. PR: 2681 Submitted by: Annie Yousar doc/apps: formatting fixes. PR: 2683 Submitted by: Annie Yousar ec_pmeth.c: fix typo in commentary. PR: 2677 Submitted by: Annue Yousar Sanitize usage of functions. It's important that characters are passed zero-extended, not sign-extended. PR: 2682 aes-ppc.pl, sha512-ppc.pl: comply even with Embedded ABI specification (most restrictive about r2 and r13 usage). sha512-sparcv9.pl: work around V8+ warning. cryptlib.c: make even non-Windows builds "strtoull-agnostic". Fix OPNESSL vs. OPENSSL typos. PR: 2613 Submitted by: Leena Heino cryptlib.c: sscanf warning. x86_64-xlate.pl: proper solution for RT#2620. ghash-x86.pl: engage original MMX version in no-sse2 builds. hpux-parisc2-*: engage assembler. bn_nist.c: make new optimized code dependent on BN_LLONG. apps/s_cb.c: recognized latest TLS version. seed.c: incredibly enough seed.c can fail to compile on Solaris with certain flags, because SS is defined after inclusion of , in Configure: I remove adding of -D_XPG4_2 -D__EXTENSIONS__ in sctp builds for following reasons: x86cpuid.pl: fix processor capability detection on pre-586. Add bit-sliced AES for ARM NEON. This initial version is effectively reference implementation, it does not interface to OpenSSL yet. bsaes-armv7.pl: change preferred contact. Configure: make no-whirlpool work. x86_64-xlate.pl: remove old kludge. PR: 2435,2440 ssl/t1_enc.c: pay attention to EVP_CIPH_FLAG_CUSTOM_CIPHER. ghash-x86.pl: omit unreferenced rem_8bit from no-sse2 build. bsaes-armv7.pl: optmize Sbox and key conversion. bsaes-x86_64.pl: optimize key conversion. vpaes-x86_64.pl: out-of-date Apple assembler fails to calculate distance between local labels. PR: 2762 eng_all.c: revert previous "disable Padlock" commit, which was unjustified. e_padlock-x86[_64].pl: better understanding of prefetch errata and proper workaround. ans1/tasn_prn.c: avoid bool in variable names. PR: 2776 perlasm/x86masm.pl: fix last fix. sha512-armv4.pl: optimize NEON code path by utilizing vbsl, bitwise select. modes/gcm128.c: fix self-test. bn/bn_gf2m.c: make new BN_GF2m_mod_inv work with BN_DEBUG_RAND. util/cygwin.sh update. PR: 2761 Submitted by: Corinna Vinschen vpaes-x86[_64].pl: handle zero length in vpaes_cbc_encrypt. PR: 2775 modes_lcl.h: make it work on i386. PR: 2780 CHANGES: harmonize with 1.0.0 and 1.0.1. ssl/ssl_ciph.c: interim solution for assertion in d1_pkt.c(444). aes-s390x.pl: make it more foolproof [inspired by 1.0.1]. aes-armv4.pl: make it more foolproof [inspired by aes-s390x.pl in 1.0.1]. aes-s390x.pl: fix crash in AES_set_decrypt_key in linux32-s390x build. ghash-s390x.pl: fix typo [that can induce SEGV in 31-bit build]. e_aes_cbc_hmac_sha1.c: handle zero-length payload and engage empty frag countermeasure. s3_srvr.c: fix typo. PR: 2538 Minor compatibility fixes. PR: 2790 Submitted by: Alexei Khlebnikov OPENSSL_NO_SOCK fixes. PR: 2791 Submitted by: Ben Noordhuis C64x+ assembler pack. linux-c64xplus build is *not* tested nor can it be tested, because kernel is not in shape to handle it *yet*. The code is committed mostly to stimulate the kernel development. e_rc4_hmac_md5.c: oops, can't use rc4_hmac_md5_cipher on legacy Intel CPUs. e_rc4_hmac_md5.c: harmonize zero-length fragment handling with e_aes_cbc_hmac_sha1.c (mostly for aesthetic reasons). Makefile.org: clear yet another environment variable. PR: 2793 e_rc4_hmac_md5.c: last commit was inappropriate for non-x86[_64] platforms. PR: 2792 objxref.pl: improve portability. s23_clnt.c: ensure interoperability by maitaining client "version capability" vector contiguous. PR: 2802 CHANGES: fix typos and clarify. CHANGES: clarify. ppccpuid.pl: branch hints in OPENSSL_cleanse impact small block performance of digest algorithms, mosty SHA, on Power7. Mystery of century, why SHA, why slower algorithm are affected more... PR: 2794 Submitted by: Ashley Lai perlasm: fix symptom-less bugs, missing semicolons and 'my' declarations. ppccap.c: assume no features under 32-bit AIX kernel. s2_clnt.c: compensate for compiler bug. sha256-586.pl optimization. sha256-586.pl: tune away regression on Nehalem core and incidentally improve performance on Atom and P4. aesni-x86_64.pl: make it possibel to use in Linux kernel. sha512-x86_64.pl: >5% better performance. sha256-586.pl: full unroll to deliver additional ~16%, add Sandy Bridge- specific code path. Revert random changes from commit#22606. b_sock.c: make getsockopt work in cases when optlen is 64-bit value. bss_dgram.c: make getsockopt work in cases when optlen is 64-bit value. bss_dgram.c: add BIO_CTRL_DGRAM_SET_DONT_FRAG. x86[_64] assembly pack: update benchmark results. sha256-586.pl: squeeze some more, most notably ~10% on Nehalem. sha256-586.pl: add AVX and XOP code paths. sha256t.c: make sure unrolled loop is tested. sha256-586.pl: fix linking error. sha512-x86_64.pl: fix typo. sha512-x86_64.pl: add SIMD code paths. sha512-x86_64.pl: fix typo. x86_64 assembly pack: make it possible to compile with Perl located on path with spaces. sha256-586.pl: fix typos. bss_dgram.c: fix typos in Windows code. crypto/bn/*.h: move PTR_SIZE_INT to private header. bn_nist.c: compensate for VC bug [with optimization off!]. x86gas.pl: treat OPENSSL_ia32cap_P accordingly to .hidden status. sha1-586.pl: let masm compile AVX code. sha512-586.pl: optimize SSE2 code path, +5-7% on most CPUs, +13% on AMD K8. wp-mmx.pl: ~10% performance improvement. rc5.h: stop wasting space on 64-bit platforms [breaks binary compatibility!]. sha1-s390x.pl: lingering comment update. sha256-armv4.pl: 4% performance improvement. sha512-ia64.pl: 15-20% performance improvement. sha512-s390x.pl: lingering comment update. wp-x86_64.pl: ~10% performance improvement. test_aesni: harmonize with AES-NI support at EVP layer. mk1mf.pl: replace chop to make it work in mixture of perls for Windows. sha1-[586|x86_64].pl: shave off one instruction from body_40_59, it's 2% less instructions in SIMD code paths, so 2% improvement in average:-) sha512-x86_64.pl: minimum gas requirement for AMD XOP. sha512-x86_64.pl: revert previous change and solve the problem through perlasm/x86_64-xlate.pl instead. gcm128.c: fix AAD-only case with AAD length not divisible by 16. ./Configure: libcrypto.a can grow to many GB because of ar bug. gosthash.c: use memmove in circle_xor8, as input pointers can be equal. bss_dgram.c: fix compilation failure and warning on Windows with contemporary SDK. MIPS assembly pack: assign default value to $flavour. Configure: add mips-mont to MIPS32 builds. sha1-armv4-large.pl: comply with ABI. Add linux-x32 target. Harmonize CHANGES in HEAD. TABLE update addendum to commit#22775. x86cpuid.pl: hide symbols [backport from x86_64]. bn_lcl.h: gcc removed support for "h" constraint, which broke inline assembler. sha512-armv4.pl: optimize for Snapdragon S4. bsaes-armv7.pl: minor performance squeeze on Snapdragon S4. bsaes-armv7.pl: even closer shave. bsaes-armv7.pl: closest shave. While 0.3 cpb improvement on S4 appears insignificant, it's actually 4 cycles less for 14 instructions sequence! e_aes.c: uninitialized variable in aes_ccm_init_key. sha512-sparcv9.pl: fix binutils compilation error. aes-mips.pl: interleave load and integer instructions for better performance. MIPS assembly pack: add MIPS[32|64]R2 code. Configure: add MIPS targets. MIPS assembly pack: add support for SmartMIPS ASE. Configure: allow for compiler options starting with double dash. config: detect linux-mips* targets. sparcv9cap.c: add SPARC-T4 feature detection. Add md5-sparcv9.pl. md5-sparcv9.pl: more accurate performance result. sparc_arch.h: add assembler helpers (and make it work on Solaris). md5-sparcv9.pl: add hardware SPARC T4 support. sha[1|512]-sparcv9.pl: add hardware SPARC T4 support. Add SPARC T4 AES support. aest4-sparcv9.pl: split it to AES-specific and reusable part. Add SPARC T4 Camellia support. perlasm/sparcv9_modes.pl: "cooperative" optimizations based on suggestions from David Miller. [aes|cmll]t4-sparcv9.pl: addendum to previous sparcv9_modes.pl commit. [md5|sha1|sha512]-sparcv9.pl: "cooperative" optimizations based on suggestions from David Miller. md5-sparcv9.pl: avoid %asi modifications, improve short input performance by 30-20%. sparcv9_modes.pl: membars are reported as must-have. aix[64]-cc: get MT support right (gcc targets are not affected). Add VIS3 Montgomery multiplication. Add VIS3-capable sparcv9-gf2m module. linux-pcc: make it more robust and recognize KERNEL_BITS variable. ghash-sparcv9.pl: add VIS3 code path. perlasm/sparcv9_modes.pl: fix typo in IV save code and switch to less aggressive ASI. [aes|cmll]t4-sparcv9.pl: unify argument handling. SPARCv9 assembly pack: harmonize ABI handling (so that it's handled in one place at a time, by pre-processor in .S case and perl - in .s). test_t4: cover even Camellia. util/pl/VC-32.pl: make fipscanister.lib universally usable. util/fipslink.pl: allow for single-step link. e_os.h: skip redundant headers in fipscanister build. util/fipslink.pl: fix typo. util/fipslink.pl: further adjustments. e_os.h: keep stdin redifinitions to "normal" Windows. mk1mf.pl: correct flags. ghash-sparcv9.pl: 22% improvement on T4. e_camillia.c: remove copy-n-paste artifact, EVP_CIPH_FLAG_FIPS, and leave comment about CTR mode. cbc128.c: fix strict aliasing warning. crypto/modes: even more strict aliasing fixes [and fix bug in cbc128.c from previous cbc128.c commit]. bn_word.c: fix overflow bug in BN_add_word. ppccap.c: restrict features on AIX 5. ppccap.c: fix typo. aes-586.pl: Atom-specific optimization, +44/29%, minor improvement on others. vpaes-x86.pl: minor performance squeeze. aes-x86_64.pl: Atom-specific optimizations, +10%. vpaes-x86_64.pl: minor performance squeeze. Support for SPARC T4 MONT[MUL|SQR] instructions. perlasm/sparcv9_modes.pl: addendum to commit#22966. Extend OPENSSL_ia32cap_P with extra word to accomodate AVX2 capability. cryptlib.c: revert typo. x86_64-gcc.c: resore early clobber constraint. AES for SPARC T4: add XTS, reorder subroutines to improve TLB locality. Update support for Intel compiler: add linux-x86_64-icc and fix problems. C64x+ assembly pack: improve EABI support. aes-s390x.pl: harmonize software-only code path [and minor optimization]. aesni-x86_64.pl: CTR face lift, +25% on Bulldozer. cryptlib.c: fix logical error. ghash-sparcv9.pl: shave off one more xmulx, improve T3 performance by 7%. aes-s390x.pl: fix XTS bugs in z196-specific code path. fips/fipsld: improve cross-compile support. d1_lib.c,bss_dgram.c: eliminate dependency on _ftime. VC-32.pl: fix typo. util/pl/VC-32.pl: refresh, switch to ws2, add crypt32, fix typo (based on suggestions from Pierre Delaage). util/pl/VC-32.pl fix typo. dso/dso_win32.c: fix compiler warning. engine/cchost: fix bugs. engines/e_capi.c: fix typo. engines/cchost/gost_crypt.c: fix typo. gost_crypt.c: more intuitive ceiling. .gitignore adjustments sha512-ppc.pl: add PPC32 code, >2x improvement on in-order cores. engines/ccgost: add test case. gost_crypt.c: add assertions. More .gitignore adjustments. Improve WINCE support. gost2814789t.c: portability fixes. sha512-ppc.pl: minimize stack frame. bn/asm/mips.pl: hardwire local call to bn_div_words. Configure: update linux-mips* lines. TABLE update. x86_64 assembly pack: make Windows build more robust. x86_64 assembly pack: keep making Windows build more robust. ssl/s3_cbc.c: uint64_t portability fix. ssl/s3_cbc.c: md_state alignment portability fix. s3/s3_cbc.c: allow for compilations with NO_SHA256|512. (cherry picked from commit d5371324d978e4096bf99b9d0fe71b2cb65d9dc8) ssl/*: remove SSL3_RECORD->orig_len to restore binary compatibility. e_aes_cbc_hmac_sha1.c: address the CBC decrypt timing issues. e_aes_cbc_hmac_sha1.c: cleanse temporary copy of HMAC secret. (cherry picked from commit 529d27ea472fc2c7ba9190a15a58cb84012d4ec6) ssl/*: revert "remove SSL_RECORD->orig_len" and merge "fix IV". e_aes_cbc_hmac_sha1.c: align calculated MAC at cache line. s3_cbc.c: fix warning [in Windows build]. s3_cbc.c: get rid of expensive divisions. s3_cbc.c: make CBC_MAC_ROTATE_IN_PLACE universal. sparccpuid.S: work around emulator bug on T1. bn_nist.c: work around clang 3.0 bug. sha512-x86_64.pl: add AVX2 code path. [aesni-]sha1-x86_64.pl: code refresh. ghash-x86[_64].pl: code refresh. sha1-586.pl: code refresh. sha256-586.pl: code refresh. x86_64-gf2m.pl: add missing Windows build fix for #2963. x86_64-gf2m.pl: fix typo. x86cpuid.pl: make it work with older CPUs. ghash-x86_64.pl: fix length handling bug. evptests.txt: additional GCM test vectors. e_aes_cbc_hmac_sha1.c: fix rare bad record mac on AES-NI plaforms. ghash-x86_64.pl: minor optimization. aesni-x86_64.pl: optimize CTR even further. ghash-x86_64.pl: add AVX code path. aesni-x86_64.pl: optimize CTR even further. aesni-x86_64.pl: fix typo and optimize small block performance. Add AES-NI GCM stitch. des_enc.m4: add missing #include. Add support for SPARC T4 DES opcode. evptests.txt: add XTS test vectors dest4-sparcv9.pl: add clarification comment. gcm128.c: fix linking problems in 32-bit Windows build. e_aes.c: reserve for future extensions. aesni-x86_64.pl: optimize CBC decrypt. cryptlib.c: fix typo in OPENSSL_showfatal. crypto/modes/modes_lcl.h: let STRICT_ALIGNMENT be on ARMv7. Fix Windows linking error in GOST test case. bsaes-armv7.pl: take it into build loop. bsaes-armv7.pl: add bsaes_cbc_encrypt and bsaes_ctr32_encrypt_blocks. aesni-x86_64.pl: minor CTR performance improvement. x86_64-xlate.pl: minor size/performance improvement. Add AES-SHA256 stitch. vpaes-x86[_64].pl: minor Atom-specific optimization. sha512-x86_64.pl: +16% optimization for Atom. aesni-sha1-x86_64.pl: Atom-specific optimization. aesni-x86_64.pl: optimize XTS. crypto/bn/bn_exp.c: SPARC portability fix. x86cpuid.pl: fix extended feature flags detection. ghash-x86_64.pl: add Haswell performance data. sha[256|512]-586.pl: add more SIMD code paths. sha512-x86_64.pl: upcoming-Atom-specific optimization. sha1-x86_64.pl: add AVX2+BMI code path. aesni-sha256-x86_64.pl: harmonize with latest sha512-x86_64.pl. aesni-sha1-x86_64.pl: update performance data. PA-RISC assembler pack: switch to bve in 64-bit builds. Optimize SPARC T4 MONTMUL support. SPARC T4 DES support: fix typo. aesni-sha256-x86_64.pl: fix typo in Windows SEH. x86_64-xlate.pl: Windows fixes. bn/bn_exp.c: Solaris-specific fix, T4 MONTMUL relies on alloca. config: fix executable format detection on latest FreeBSD. bn/bn_exp.c: harmonize. bn/asm/x86_86-mont.pl: optimize reduction for Intel Core family. Add RSAZ assembly modules. Take RSAZ modules into build loop, add glue and engage. Remove RSAX engine, superseded by RSAZ module. sha512-586.pl: fix typo. bn/asm/rsaz-avx2.pl: Windows-specific fix. crypto/sha/asm/sha*-x86_64.pl: comply with Win64 ABI. crypto/bn/asm/rsax-x86_64.pl: make it work on Darwin. crypto/evp/e_aes.c: fix logical pre-processor bug and formatting. crypto/bn/asm/x86_64-mont.pl: minor optimization. crypto/modes/asm/aesni-gcm-x86_64.pl: minor optimization. bsaes-armv7.pl: remove byte order dependency and minor optimization. bsaes-armv7.pl: remove partial register operations in CTR subroutine. Add support for Cygwin-x86_64. crypto/armcap.c: fix typo in rdtsc subroutine. aes-armv4.pl, bsaes-armv7.pl: add Linux kernel and Thumb2 support. aes/asm/*-armv*.pl: compensate for inconsistencies in tool-chains. evp/e_aes_cbc_hmac_sha256.c: enable is on all AES-NI platforms, not only on AVX. x86_64 assembly pack: add multi-block AES-NI, SHA1 and SHA256. Configire: take multi-block modules into build loop. evp/e_aes_cbc_hmac_sha*.c: multi-block glue code. x86_64-xlate.pl: fix jrcxz in nasm case. rsaz-x86_64.pl: add MULX/ADCX/ADOX code path. bn/asm/x86_64-mont*.pl: add MULX/ADCX/ADOX code path. perlasm/sparcv9_modes.pl: make it work even with seasoned perl. evp/e_des3.c: fix typo with potential integer overflow on 32-bit platforms. aes/asm/bsaes-*.pl: improve decrypt performance. sha/asm/sha*-mb-x86_64.pl: commentary update. evp/evp.h: add multi-block contstants and parameter type. evp/e_aes_cbc_hmac_sha*.c: harmonize names, fix bugs. ssl/s3_pkt.c: add initial multi-block encrypt. Configure: recognize experimental-multiblock. bn/bn_exp.c: prefer MULX/AD*X over AVX2. bn/asm/rsax-avx2.pl: minor optimization [for Decoded ICache]. aes/asm/bsaes-x86_64.pl: fix Windows-specific bug in XTS. evp/e_aes_cbc_hmac_sha*.c: limit multi-block fragmentation to 1KB. MIPS assembly pack: get rid of deprecated instructions. Initial aarch64 bits. bn/asm/*x86_64*.pl: correct assembler requirement for ad*x. PPC assembly pack: add .size directives. PPC assembly pack: make new .size directives profiler-friendly. bn/asm/x86_64-mont.pl: minor optimization [for Decoded ICache]. engines/e_aep.c: make it BN_ULONG-size and endian "neutral". sha/asm/sha1-ppc.pl: add little-endian support. perlasm/ppc-xlate.pl: add .quad directive sha/asm/sha512-ppc.pl: add little-endian support. aes/asm/aes-ppc.pl: add little-endian support. perlas/ppc-xlate.pl: fix typo. sha/asm/sha512-ppc.pl: fix typo. modes/asm/ghash-alpha.pl: make it work with older assembler. engines/ccgost/gost89.h: make word32 defintion unconditional. modes/asm/ghash-alpha.pl: make it work with older assembler for real. Makfile.org: make FIPS build work with BSD make. Make Makefiles OSF-make-friendly. modes/asm/ghash-alpha.pl: fix typo. srp/srp_grps.h: make it Compaq C-friendly. Configure: add linux-ppc64le target. Add Vector Permutation AES for PPC. Take vpaes-ppc module into loop. ppc64-mont.pl: eliminate dependency on GPRs' upper halves. vpaes-ppc.pl: fix bug in IV handling and comply with ABI. bn/asm/rsaz-x86_64.pl: fix prototype. crypto/bn/rsaz*: fix licensing note. crypto/bn/asm/rsaz-x86_64.pl: make it work on Win64. bn/asm/x86_64-mont5.pl: comply with Win64 ABI. Configure: remove vpaes-ppc from aix targets. aes/asm/vpaes-ppc.pl: comply with ABI. perlasm/ppc-xlate.pl: improve linux64le support. perlasm/ppc-xlate.pl: add support for AltiVec/VMX and VSX. bn/asm/armv4-mont.pl: add NEON code path. bn/asm/x86_64-mont5.pl: add MULX/AD*X code path. x86_64-xlate.pl: minor update. PPC assembly pack: improve AIX support (enable vpaes-ppc). sha512.c: fullfull implicit API contract in SHA512_Transform. PPC assembly pack update addendum. evp/e_[aes|camellia].c: fix typo in CBC subroutine. sha1-x86_64.pl: harmonize Win64 SE handlers for SIMD code pathes. (and ensure stack alignment in the process) ARM assembly pack: make it work with older toolchain. FAQ: why SIGILL? sparcv9cap.c: omit random detection. aesni-sha1-x86_64.pl: add stiched decrypt procedure, but keep it disabled, too little gain... Add some Atom-specific optimization. ssl/t1_enc.c: optimize PRF (suggested by Intel). aesni-sha1-x86_64.pl: refine Atom-specific optimization. (and update performance data, and fix typo) sha/asm/sha256-armv4.pl: add NEON code path. (and shave off cycle even from integer-only code) aes/asm/vpaes-ppc.pl: add little-endian support. PPC assembly pack: relax 64-bit requirement for little-endian support. bn/asm/x86_64-mont5.pl: fix compilation error on Solaris. crypto/sha/asm/sha1-x86_64.pl update: crypto/aes/asm/aesni-x86[_64].pl update, up to 14% improvement on Atom Silvermont. On other CPUs one can observe 1% loss on some algorithms. modes/asm/ghash-s390x.pl: +15% performance improvement on z10. s3_pkt.c: move ssl3_release_write_buffer to ssl3_write_bytes. [aesni|sha*]-mb-x86_64.pl: add data prefetching. evp/e_aes_cbc_hmac_sha*.c: additional CTRL to query buffer requirements. ssl/s3_pkt.c: move multi-block processing to ssl3_write_bytes. e_aes_cbc_hmac_sha[1|256].c: fix compiler warning. ghash-x86[_64].pl: ~15% improvement on Atom Silvermont (other processors unaffected). evp/e_aes_cbc_hmac_sha*.c: improve cache locality. aes/asm/aesni-x86_64.pl: further optimization for Atom Silvermont. x86[_64]cpuid.pl: add low-level RDSEED. ssl/s3_pkt.c: detect RAND_bytes error in multi-block. aes/asm/aesni-x86[_64].pl: minor Atom-specific performance tweak. config: recognize ARMv8/AArch64 target. x509/by_dir.c: fix run-away pointer (and potential SEGV) when adding duplicates in add_cert_dir. BC-32.pl: refresh Borland C support. ms/do_win64a.bat: forward to NUL, not NUL:. aes/asm/vpaes-ppc.pl: fix traceback info. ssl/t1_enc.c: check EVP_MD_CTX_copy return value. Configure: blended processor target in solaris-x86-cc. sha/asm/sha512-x86_64.pl: fix compilation error on Solaris. sha/asm/sha256-586.pl: don't try to compile SIMD with no-sse2. des/asm/des-586.pl: shortcut reference to DES_SPtrans. rc4/asm/rc4-586.pl: allow for 386-only build. perlasm/x86gas.pl: limit special OPENSSL_ia32cap_P treatment to ELF. perlasm/x86asm.pl: recognize elf-1 denoting old ELF platforms. Configure: mark unixware target as elf-1. Makefile.org: fix syntax error on Solaris. bss_dgram.c,d1_lib.c: make it compile with mingw. test/Makefile: allow emulated test (e.g. under wine). dh_check.c: check BN_CTX_get's return value. SPARC T4 assembly pack: treat zero input length in CBC. engines/ccgost/gosthash.c: simplify and avoid SEGV. vpaes-[x86_64|ppc].pl: fix typo, which for some reason triggers rkhunter. crypto/modes/gcm128.c: more strict aliasing fixes. aes/asm/bsaes-x86_64.pl: Atom-specific optimization. bn/asm/armv4-gf2m.pl, modes/asm/ghash-armv4.pl: faster multiplication algorithm suggested in following paper: crypto/armcap.c: detect ARMv8 capabilities [in 32-bit build]. sha/asm/sha1-armv4-large.pl: add NEON and ARMv8 code paths. sha/asm/sha256-armv4.pl: add ARMv8 code path. C64x+ assembly pack: make it work with older toolchain. C64x+ assembply pack: add RC4 module. md5/asm/md5-[586|x86_64].pl: +15% on Atom. Add "teaser" AES module for PowerISA 2.07. Add "teaser" AES module for ARMv8. aesv8-armx.pl: optimize by adding 128-bit code paths. aesv8-armx.pl: fix typo. vpaes-ppc.pl: comply with ABI. aesp8-ppc.pl: add optimized CBC decrypt. aesp8-ppc.pl: optimize CBC decrypt even further. aesv8-armx.pl: add CTR implementation. Add linux-aarch64 taget. Add SHA for ARMv8. linux-aarch64: engage SHA modules. Engage ARMv8 AES support. sha[1|256]-armv4: harmonize with arm_arch.h. armv4cpuid.S: switch to CNTVCT tick counter. Engage POWER8 AES support. evp/e_aes.c: populate HWAES_* to remaning modes. evp/e_aes.c: add erroneously omitted break; aesp8-ppc.pl: fix typos. aesv8-armx.pl update: Add GHASH for ARMv8 Crypto Extension. Engage GHASH for ARMv8. sha[1|512]-armv8.pl: get instruction endianness right. ARM assembly pack: get ARMv7 instruction endianness right. aesni-mb-x86_64.pl: add Win64 SEH. Add support for Intel SHA extension. ghash-x86_64.pl: optimize for upcoming Atom. Enable multi-block support by default. Facilitate back-porting of AESNI and SHA modules. Fix SEH and stack handling in Win64 build. sha1-x86_64.pl: add missing rex prefix in shaext. aesni-sha256-x86_64.pl: add missing rex in shaext. evp/e_aes_cbc_sha[1|256].c: fix -DPEDANTIC build. aesp8-ppc.pl: add CTR mode. aesni-sha[1|256]-x86_64.pl: fix logical error and MacOS X build. ARMv8 assembly pack: add Cortex performance numbers. aesv8-armx.pl: inclrease interleave factor. x86_64 assembly pack: allow clang to compile AVX code. x86_64 assembly pack: addendum to last clang commit. aesv8-armx.pl: rigid input verification in key setup. aesp8-ppc.pl: rigid input verification in key setup. bn_exp.c: move check for AD*X to rsaz-avx2.pl. bn/asm/rsaz-avx2.pl: fix occasional failures. x86_64 assembly pack: refine clang detection. sha512-x86_64.pl: fix linking problem under Windows. Add SHA256/512 for PowerISA 2.07. Engage SHA256/512 for PowerISA 2.07. perlasm/ppc-xlate.pl update. bn_exp.c: fix x86_64-specific crash with one-word modulus. e_os.h: limit _MSC_VER trickery to older compilers. apps/speed.c: add multi-block benchmark. s3_pkt.c: fix typo. sha512-x86_64.pl: fix typo. sha[1|512]-x86_64.pl: fix logical errors with $shaext=0. apps/speed.c: fix compiler warnings in multiblock_speed(). Please Clang's sanitizer. Please Clang's sanitizer, addendum. x86_64 assembly pack: improve masm support. Add GHASH for PowerISA 2.07. Engage GHASH for PowerISA 2.07. Revert "Engage GHASH for PowerISA 2.07." Revert "Add GHASH for PowerISA 2.07." Add GHASH for PowerISA 2.0.7. Engage GHASH for PowerISA 2.0.7. sha1-ppc.pl: shave off one cycle from BODY_20_39 and improve performance by 10% on POWER[78]. CHANGES: mention new platforms. sha1-mb-x86_64.pl: fix typo. crypto/evp/e_aes_cbc_hmac_sha[1|256].c: fix compiler warnings. sha1-mb-x86_64.pl: add commentary. bn/asm/rsaz-*.pl: allow spaces in Perl path name. apps/speed.c: add -misalign command-line argument. x86[_64] assembly pack: add Silvermont performance data. md5-x86_64.pl: work around warning. Configure: add configuration for crypto/ec/asm extensions. perlasm/x86_64-xlate.pl: handle inter-bank movd. Reserve option to use BN_mod_exp_mont_consttime in ECDSA. Add ECP_NISTZ256 by Shay Gueron, Intel Corp. Configure: engage ECP_NISTZ256. crypto/bn/asm/x86_64-mont*.pl: add missing clang detection. Harmonize Tru64 and Linux make rules. crypto/ecp_nistz256.c: harmonize error codes. crypto/rsa/rsa_chk.c: harmonize error codes. CHANGES: mention ECP_NISTZ256. e_os.h: allow inline functions to be compiled by legacy compilers. crypto/bn/bn_nist.c: work around MSC ARM compiler bug. crypto/bn/bn_nist.c: bring original failing code back for reference. e_os.h: refine inline override logic (to address warnings in debug build). crypto/cast/asm/cast-586.pl: +5% on PIII and remove obsolete readme. aesni-x86_64.pl: make ECB subroutine Windows ABI compliant. Add missing credit. Configure: add ios64 target. ecp_nistz256 update. md32_common.h: address compiler warning in HOST_c2l. ec/asm/ecp_nistz256-x86_64.pl: fix inconsistency in path handling. armv4cpuid.S: fix compilation error in pre-ARMv7 build. ecp_nistz256-x86_64.pl: fix occasional failures. Remove inconsistency in ARM support. This facilitates "universal" builds, ones that target multiple architectures, e.g. ARMv5 through ARMv7. See commentary in Configure for details. CHANGES: mention "universal" ARM support. Revert "CHANGES: mention "universal" ARM support." CHANGES: mention "universal" ARM support. Fix irix-cc build. Fix for CVE-2014-3570 (with minor bn_asm.c revamp). Add Broadwell performance results. Annie Yousar (1): RT2679: Fix error if keysize too short Ard Biesheuvel (1): Added support for ARM/NEON based bit sliced AES in XTS mode Ben Laurie (617): Add strictness, fix variable substition bugs. Autodetect FreeBSD 3. Typo. Fix option listing. Require Perl 5. This is not a bug in NT Perl, its a bug in Configure. Deal with generated files. Make Configure work again after eliminating files. Add prototypes. Make Montgomery stuff explicitly for that purpose. Fix incorrect DER encoding of SETs and all knock-ons from that. Fix pem/err ordering. Fix name delete problem. Document recent changes. Fix tests for ssleay -> openssl. Don't confuse matters by using the wrong library. Fix reference counting. Pass on BIO_CTRL_FLUSH. Submitted by: Arne Ansper Remove the bugfix that was really a bug. Submitted by: Arne Ansper Only free if it ain't NULL. Free the right thing. Make the world a safer place (if people object to this kind of change, speak up soon - I intend to do a lot of it!). Fix export tests. Fix numeric -newkey args. Contributed by: Bodo Moeller <3moeller at informatik.uni-hamburg.de> Send the right CAs to the client. Fix DH key generation. Contributed by: Anonymous Accept NULL in *_free. Get rid of redundant files. Sort openssl functions by name. Fix comment. Add prototype, fix parameter passing bug. More prototypes. More prototypes. More prototypes. More prototypes. More prototypes. More prototypes. Generate an error on an invalid directory. Remove pointless MD5 hash. Contributed by: Anonymous Oops. Missing NULL frees. Correct Linux 1 recognition. Contributed by: Ulf M??ller Fix major cockup with short keys in CAST-128. Dispose of generated programs. Ignore auto-generated programs. Spelling mistake. Finally lay dependencies to rest (I hope!). This time, get it right. Correct bracketing error. Minor constification. Make sure people know when they need to rebuild the Makefile. Reduce header dependencies. Declare correctly on FreeBSD. Update dependencies. Oops. One header too many. Update dependencies. Add dependencies. Update dependencies. Break circular dependency between pem and err. More pissing about to get pem.h to behave properly. Squeeze a bit more speed out of MD5 assembler. Yet more pissing about to get PEM built at the right moment. Clear error we don't care about. Typo in arguments. Diagnose errors. Process extensions when they are there. Slightly improved diagnostics. Minor tweaks to keep Perl 5.001 happy. More exactitude with function arguments. Update dependencies. Tidy up asm stuff. Actually use BN when selected! Some cleanup. Whoops, missed one. In the absence of feedback either way, commit the fix that looks right for wrong keylength with export null ciphers. Add support for 3DES CBCM mode. Fix ghastly DES declarations, and all consequential warnings. Update dependencies. Finally(?) fix DES stuff. Add OAEP. Fix case of new functions in error files. Generate errors when public/private key check is done. Fix a warning. Fix warning. Add support for new TLS export ciphersuites. Undo a couple of kludges. More stuff for new TLS ciphersuites. Add syslogging BIO. Fix more warnings. Add reliable BIO. Code for reliable BIO. Fix clearly untested "clever" hack. Perhaps if I do a tiny bit of docco, others may follow? Update dependencies. Experiment with doxygen documentation. doxygen configuration file. More truth in declarations. Add functions to add certs to stacks, used for CA file/path stuff in servers. Supper's cooking. Permit null ciphers. Fix export ciphersuites, again. Put the dependencies back. Fix names of cert stack functions. Disable new TLS1 ciphersuites. Fix a typo. Always make links. Linux MIPS support. Fix DWP when only given three parameters. Fix perl assembler. Don't make links on Windoze. Don't make links in INSTALL doc - also, work first time! Make links no longer needed. test. Correct English. Go faster. Fix quad checksum bug. Remake cert links when the app is built. Use the right compiler for ctx_size. This is now generated, it seems. Solaris shared library support. Allow bsdi-gcc - see if it gets anyone anywhere. Update dependencies. Fail if test fails. Fix security hole. Fix Alpha assembler, remove redundant file. Linux PPC support. Don't shadow. Update dependencies. Don't shadow. Install signal handler if we are using sigaction. Rid the world of more evil casts. Adjust renegotiation slightly. Rid the world of yet more evil casts. gcc claims this is a shadow, though I can't find what it is shadowing... Add type-safe STACKs and SETs. Typo. Just use an ANSI declaration, instead. Add new experimental ciphersuites. Bring naming into line with RFC. Fix some warnings. Contributed by Anonymous. Another STACK bites the dust. Massive constification. Update dependencies. Fix const declarations. const correctness. Update dependencies. Fix DES export ciphersuites. Remove some unnecessary(?) casting. Reverse unexplained change. Work with -pedantic! Don't shadow. Another safe stack. Another stack. Another stack. Update dependencies. Yet another stack. Some more stack stuff. Add other people who've done stackification. Bodo didn't do that. Make -pedantic work again. Avoid shadowing, and a bit of constification while I'm at it. Update dependencies. Get rid of the cast. Add actual testing to bntest... Get rid of casts. Convert void *. Switch to new version numbering scheme. Prepare for a beta release. Revert. On seconds thoughts, the version number shoud _never_ decrease. Don't include top-level CVS directory. Prepare for final(?) beta. Move to beta 3. Here we go: prepare to roll 0.9.3. Move on to 0.9.4. Update dependencies. Prepare to release 0.9.3a Oops! And carry on with development... More safe stack. Another safe stack. Another safe stack. Another stack. Yet another stack. More stack. Stack. stack. Stack. Move stack implementations to more natural places. stack. Evil cast extermination. stack Make samples compile. More evil cast removal. Some constification and stacks that slipped through the cracks (how?). Aha! That's how pkcs12 got missed from stackification. const/type fixes. Survive pedanticism. Make "make test" fail if bntest fails an internal selfcheck. I keep forgetting to fix this: update the IV! Most important! Oops. Get rid of now incorrect comment. Fix warnings. Don't shadow. Make it compile under -pedantic. More diagnostics. Fix warnings. Fix warnings. Correct warnings. Fix warnings. Fix warnings. Don't return stuff from void functions. Constification. Fix (spurious) warnings. Fix warning. Update dependencies. Make salting the default. Fail gracefully if the input is not salted. Make NO_RSA compile with pedantic. Fix shadow. Correct time in seconds instead of minutes. Fix signed/unsigned warnings. Add support for Compaq Atalla crypto accelerator. Reflect API changes. Get rid of evil cast. Typo. Declare memset. Get definition of ssize_t. Allow UTCTIME objects to be retrieved. Check for imminent cert expiry. Typesafety thought police. Typesafety Thought Police Part 2. Typesafety Thought Police part 3. Typesafe Thought Police part 4. Typesafety Thought Police part 5. Typesafety Thought Police last part. Yet more typesafety. EVP constification. Use up-to-date functions. Don't let top go below zero! max -> dmax in bn_check_top. Use the passed buffer in ERR_error_string! Diagnose EOF on memory BIOs (or you just get mysterious errors with no error message). Add demo state machine. Distinguish between assertions and conditions that should cause death. Handle WANT_READ more correctly (thanks to Bodo). Ignore executable. Document an old change. Always return a value. Make this stuff compile. Make Rijndael work! Those long flights have some good points. Better handling of EVP names, add EVP to speed. Oops! Read a full buffer instead of some spurious number from elswhere. Fix warnings. Fix a warning. Can't remember why this was needed? BN assembler is no longer option on x86. Make depend. Improve the state machine. Rijdael CBC mode and partial undebugged SSL support. Fix warning. Delete a redundant line. Fix a memory leak (there's another around here somewhere, though). PR: Fix warning. Update nCipher header with more liberal licence. Constification. Remove unnecessary casts. Correct const-ness. Speed test decrypt EVP operations. Don't update argc, argv for decrypt flag! Use & instead of % - worth about 4% for 8 byte blocks. Handle the common case first (where input size is a multiple of block size). Worth around 5% for encrypt. Slows down decrypt slightly, but I expect to regain that later. A better compromise between encrypt and decrypt (but why isn't it as fast for encrypt?). Clean up EVP macros, rename DES EDE3 modes correctly, temporary support for OpenBSD /dev/crypto (this will be revamped later when the appropriate machinery is available). ANSIfication. Only set the verify callback if there's one to set! Make EVPs allocate context memory, thus making them extensible. Rationalise DES's keyschedules. Really add the EVP and all of the DES changes. Remove //. Remove old unused stuff. Document DES changes better. Make /dev/crypto work with new EVP structures. This ghastly hack prevents CVS wars over Kerberos (which is disabled by default). Header bloat reduction for EVP_PKEY. Get rid of the stuff we, err, got rid of. Reinstate accidentally deleted code. Remove extra whitespace. Sorry. Parameter correction for CIOFSESSION. Fix memory leak. Start to reduce some of the header bloat. Move CIPHER_CTX cleanups to _Final routines instead of _Init, which avoids problems with leaks and uninitialised structures. Add first cut symmetric crypto support. Add EVP test program. Add AES tests. Add RC4 support to OpenBSD. More tests. Add digests. Test digests. Fix SSL memory leak. Make MD functions take EVP_MD_CTX * instead of void *, add copy() function. Redo type-safety fix. Now need sha.h for some reason. Remove duplication. Look up MD5 by name. Add a cleanup function for MDs. Fix warning. Fixes. Don't clean up stuff twice. Fix warning. Add paralellism to speed - note that this currently causes a weird memory leak. If verify fails, say why. Improve back compatibility. Security fix. Return value could be undefined. Add client_cert_cb prototype. Prototype info function. Constification, missing declaration, update dependencies. Fix memory leak. Stupid apps should die, not fail silently. Other errors are possible. Constification, add config to /dev/crypto. Make no config file not an error. Move /dev/crypto config to ctrl. Support old DES APIs by default. Fix warnings. Fix warnings. Handle read errors. Fix warnings, makefile cockup. Security fixes brought forward from 0.9.7. Correct asm exclusions. Fix warning. Old-style callbacks can be NULL! Constification. Blow away Makefile.ssl. Don't debug. Make tags target useful. Take account of Makefile.ssl removal. Give everything prototypes (well, everything that's actually used). Get rid of irritating noise. Simplicate and add lightness. Consistency. If input is bad, we still need to clear the buffer. Add prototypes. Add debug target, remove cast, note possible bug. Flag changes in Configure and config, too. make depend. Add DTLS support. Add prototype. Redundant changes. There must be an explicit way to build the .o! Propagate BUILDENV into subdirectories. Fix warnings. Brought forward from 0.9.8 - 64 bit warning fixes and fussy compiler fixes. Fix warning. Make D-H safer, include well-known primes. Generate primes, too. Fix warnings. Make things static that should be. Declare stuff in headers that should be. Fix warnings. Forward port of IGE mode. Fix various warnings. Add RFC 3779 support. Fix warning. Don't die if the value is NULL (Coverity CID 98). Make sure we detect corruption. Die if serial number is invalid. Return an error if the serial number is badly formed. (Coverity ID 116). Missing return on error. Coverity ID 115. Don't free a NULL. Coverity ID 112. Fix buffer overrun. Coverity ID 106. Handle bad content type. Coverity ID 99. Resource leak. Free memory. Coverity ID 62. Avoid overrun. Coverity ID 60. Don't use a negative number as a length. Coverity ID 57. Missing config file. Don't dereference NULL argument. Coverity ID 52. Errors should actually be errors. Fix duplicate error number. Don't copy from a nonexistent next. Coverity ID 47. If you're going to check for negative, use an signed integer! Coverity ID 122. Yet another resource leak. Coverity ID 123. AES IGE mode speedup. More IGE speedup. Inline function declarations have to be prototypes. Fix warning. Typo? Why did this work, anyway? make errors. The other half of make errors. Fix dependencies. Make depend. New release. 0.9.8f. Fix warnings. Fix buffer overflow. Missing headers. LHASH revamp. make depend. Memory saving patch. Only include windows headers when under windows. More type-checking. Fix warning. Ignoring errors in makedepend can hide problems. Add missing DTLS1_BAD_VER (hope I got the value right). Type-checked (and modern C compliant) OBJ_bsearch. Type-safe OBJ_bsearch_ex. Add XMPP STARTTLS support. Set comparison function in v3_add_canonize(). Fix warning a different way. Constification. Add JPAKE. Fix warning. size_tification. More size_tification. Fix warning. Fix warnings. Fix asserts. Fix incorrect dependency. Formatting. Only one of these needs to be signed. J-PAKE is not experimental in HEAD. Ignore saved Makefile. Aftermath of a clashing size_t fix (now only format changes). Ignore generated ASM. Integrate J-PAKE and TLS-PSK. Increase PSK buffer size. Fix memory leaks. Missing return values (Coverity ID 204). Check for NULL before use (Coverity ID 203). Return error if DH_new() fails (Coverity ID 150). *** empty log message *** Back out pointless change. pval must always be set when pk7_cb() does anything (Coverity ID 146). !a && !a->b is clearly wrong! Changed to !a || !a->b (Coverity ID 145). Remove misleading dead code. Constify. (Coverity ID 142) Handle the unlikely event that BIO_get_mem_data() returns -ve. Deal with the unlikely event that EVP_MD_CTX_size() returns an error. (Coverity ID 140). Check scalar->d before we use it (in BN_num_bits()). (Coverity ID 129) Remove dead code. (Coverity ID 2) Die earlier if we have no hash function. Reverse incorrect earlier fix. Die earlier if hash is NULL. (Coverity IDs 137 & 138). Make sure a bad parameter to RSA_verify_PKCS1_PSS() doesn't lead to a crash. (Coverity ID 135). If we're going to return errors (no matter how stupid), then we should test for them! Apparently s->ctx could be NULL at this point (see earlier test). (Coverity ID 148). Apparently s->ctx could be NULL. (Coverity ID 147). Document dead code. Calculate offset correctly. (Coverity ID 233) srvr_ecdh cannot be NULL at this point (Coverity ID 232). Add missing entry. Allow CC to be overridden. Use new common flags and fix resulting warnings. Fix memory leak. Use the right length (reported by Quanhong Wang). Don't ask for -iv for ciphers that need no IV. Print IPv6 all 0s correctly (Rob Austein). Autogeneration seems to have changed slightly. Fix warnings. Fix warnings (note that gcc 4.2 has a bug that makes one of its warnings hard to fix without major surgery). Missing declarations, no assembler in PEDANTIC. Non-executable stack in asm. Fix warnings. Missing prototype. Sign mismatch. Add Next Protocol Negotiation. Fix warnings. NPN tests. Fixes to NPN from Adam Langley. Fix warning. Constify. Fix warning. Add SRP support. Note SRP support. Fix Tom Wu's email. Missing SRP files. Fix some warnings caused by __owur. Temporarily (I hope) remove the more aspirational __owur annotations. Add DTLS-SRTP. Add TLS exporter. Make it possible to set a time for verification. Back out redundant verification time change. Fix warning. Padlock engine doesn't build (the asm parts are not built for some reason), so remove for now. Remove redundant TLS exporter. Padlock doesn't build. I don't even know what it is. Fix warning. Build on FreeBSD with gcc 4.6. RFC 5878 support. Version skew reduction: trivia (I hope). Parse authz correctly. Fix memory leak. Rearrange and test authz extension. Fix memory leak. Call OCSP Stapling callback after ciphersuite has been chosen, so the right response is stapled. Also change SSL_get_certificate() so it returns the certificate actually sent. See http://rt.openssl.org/Ticket/Display.html?id=2836. Fix gcc 4.8 warning (strict aliasing violation). Remove unused static function. More strict aliasing fix. Fix OCSP checking. Tabification. Remove accidental duplication. Update ignores. Make openssl verify return errors. Improve my 64-bit debug target. Document -pubkey. Documentation improvements by Chris Palmer (Google). Fix warning. Add some missing files, make paths absolute. Correct EVP_PKEY_verifyrecover to EVP_PKEY_verify_recover (RT 2955). Fix some clang warnings. Make "make depend" work on MacOS out of the box. Can't check a size_t for < 0. Remove extraneous brackets (clang doesn't like them). Build/test cleanly on MacOS. Remove kludge to use RC4 asm. Merge branch 'master' of openssl.net:openssl Merge branch 'master' of openssl.net:openssl Fix warnings. Add and use a constant-time memcmp. Make CBC decoding constant time. Don't crash when processing a zero-length, TLS >= 1.1 record. Update DTLS code to match CBC decoding in TLS. Oops. Add missing file. (cherry picked from commit 014265eb02e26f35c8db58e2ccbf100b0b2f0072) make depend. Fix ignored return value warnings. Missing files target. Ignore MINFO. Add reallyclean target. Spelling. Add dependency on destination directory. Spelling. Remove empty command. Include correctly. Inherit CFLAGS when plaform is "auto". Preserve the C compiler. Remove pointless diagnostic. Use "copy" instead of "auto". Take the first definition of a variable. Allow variables to be overridden on the command line. Override local vars for MINFO build. Missing MINFO generation. Handle assembler files. Don't make CPUID stuff twice. Only copy headers if they've changed. Merge branch 'master' of openssl.net:openssl Actually comment out the cpuid asm! Remove unused variable. Ignore mk1mf.pl output directories. Use CFLAG for LFLAGS instead of the nonexistent CFLAGS. Fix warnings. Get closer to a working single Makefile with test support. More progress towards working tests. Make OCSP test work. Make PKCS#7 test work. Make RSA test work. Make S/MIME test work. Make session ID test work. Avoid collisions. Show start/end of tests. Add new asm target. Fix test_ss. Merge, go back to copy-if-different. Helper scripts for one makefile build. Make executable. Missing file. Missing semicolon. Use original alltests target for definitive test list. Make sure all tests are actually run, plus some fixups for things that turn out to be made somewhere by existing Makefiles. Ugly hack to avoid recompiling the same thing multiple times in parallel. Tests pass! Missing prototypes. Remove added ;. Add aesni-sha256-x86_64. Ignore one-makefile stuff. s/rsaz_eligible/rsaz_avx2_eligible/. Support new rsaz asm stuff. Note non-export of CC. Clarify FIXME. Add a no-opt 64-bit target. Fix compile errors. Correctly test for no-ec. Clean up layout. s/recommend/recommended/ Make it build. More cleanup. Const fix. Constification. More diagnostics for invalid OIDs. Merge remote-tracking branch 'trevp/pemfix' into trev-pem-fix Mix time into the pool to avoid repetition of the Android duplicated PID problem. Show useful errors. Produce PEM we would consume. Support new asm files. Constification. Add clang debug target. Remove unused variable. PBKDF2 should be efficient. Contributed by Christian Heimes . Fix whitespace, new-style comments. Fix warnings. Build on MacOS. Fix warning. Merge branch 'sct-viewer-master' of https://github.com/robstradling/openssl into sct-viewer Reverse export of o_time.h. Make i2r_sctlist static. Move gmtime functions to crypto.h. Fix warning. Fix double frees. Fix use after free. More warnings. Make it build/run. Fixup for ancient compilers. Merge branch 'mbland-heartbeat-test' Don't allocate more than is needed in BUF_strndup(). Implement BUF_strnlen() and use it instead of strlen(). Remove redundant test. Check length first in BUF_strnlen(). Merge branch 'heartbeat-test' of git://github.com/mbland/openssl Only copy opensslconf.h at init time. Make it build. Add option to run all prime tests. Zero prime doits. Constify and reduce coprime random bits to allow for multiplier. Tidy up, don't exceed the number of requested bits. Credit to Felix. Merge branch 'erbridge-probable_primes' Constification - mostly originally from Chromium. More constification. Make depend. Fix possible buffer overrun. Reduce casting nastiness. Reduce casting nastiness. Don't clean up uninitialised EVP_CIPHER_CTX on error (CID 483259). Fix single makefile. Billy Brumley (1): "EC_POINT_invert" was checking "dbl" function pointer instead of "invert". Bjoern Zeeb (1): RT671: export(i2s|s2i|i2v|v2i)_ASN1_(IA5|BIT)STRING Bodo Moeller (15): Fix overly lenient comparisons: Sync CHANGES and NEWS files. Move the change note for partial chain verification: this is code from the main branch (http://cvs.openssl.org/chngview?cn=19322) later added to the 1.0.2 branch (http://cvs.openssl.org/chngview?cn=23113), and thus not a change "between 1.0.2 and 1.1.0". Move change note for SSL_OP_SAFARI_ECDHE_ECDSA_BUG. (This went into 1.0.2 too, so it's not actually a change between 1.0.x and 1.1.0.) Simplify and fix ec_GFp_simple_points_make_affine (which didn't always handle value 0 correctly). Sync with current 1.0.2 CHANGES file. Sync with clean-up 1.0.2 CHANGES file. (If a change is already present in 1.0.1f or 1.0.1h, don't list it again under changes between 1.0.1h and 1.0.2.) Update $default_depflags to match current defaults. Further improve/fix ec_GFp_simple_points_make_affine (ecp_smpl.c) and group_order_tests (ectest.c). Also fix the EC_POINTs_mul documentation (ec.h). DTLS 1.2 support has been added to 1.0.2. Support TLS_FALLBACK_SCSV. Add TLS_FALLBACK_SCSV documentation, and move s_client -fallback_scsv handling out of #ifndef OPENSSL_NO_DTLS1 section. Fix SSL_R naming inconsistency. When processing ClientHello.cipher_suites, don't ignore cipher suites listed after TLS_FALLBACK_SCSV. Fix and improve SSL_MODE_SEND_FALLBACK_SCSV documentation. Bodo M??ller (1699): Added comments to des_enc_{read,write} functions warning about their cryptographic weakness (IV reuse). New option "-showcerts" for s_client Avoid EADDRINUSE for s_server. Be more optimistic about the availability of termios for ~ECHO, because sgtty emulation tends to fail on various systems. Submitted by: Reviewed by: PR: New "open issue" (ERR_...). Tiny comment to improve code comprehensibility. Submitted by: Reviewed by: PR: Preprocessor file to allow testenc to test only those ciphers that are available. Submitted by: Reviewed by: PR: Bugfix: s_client occasionally would sleep in select() when it should have checked SSL_pending() first. Submitted by: Reviewed by: PR: Submitted by: Reviewed by: PR: Obsoleted by new openssl command "list-cipher-commands". Submitted by: Reviewed by: PR: Don#t auto-generate crypto/pem/pem.h -- a fixed file is fine for it. Submitted by: Reviewed by: PR: Some tiny fixes. Make Windows compilers happy. Cleaning up Ben's clean-ups :-) /* Just some comments. */ Removed extra semicolons. New "Configure" entry (Solaris with debug info) Fixed some race conditions. Submitted by: Reviewed by: PR: Don't return 0 from ssl2_read when a packet with empty payload is received. CVS confusion? Submitted by: Reviewed by: PR: Change #include filenames from to . Submitted by: Reviewed by: PR: Submitted by: Reviewed by: PR: Submitted by: Reviewed by: PR: "make depend" Submitted by: Reviewed by: PR: Submitted by: Reviewed by: PR: Submitted by: Reviewed by: PR: Submitted by: Reviewed by: PR: C indentation style definition for Emacs. Avoid "incomprehensible" errors when required definitions are missing. Restore ERRC definitions that are needed to compile the library. Removed superfluous reference to ERRC. "perl util/mkerr.pl -static -recurse -rebuild" because the previous codebase apparently was inconsistent. And crypto/Makefile.ssl *does* need an ERRC .. Submitted by: Reviewed by: PR: Some instructions for how to handle the => transition. Fix header files so that any one can be included first. cryptall.h is not needed for anything and cannot even be #include-d without producing error messages. Submitted by: Reviewed by: PR: Removed traces of cryptall.h, and did a "make depend". Comment changed. Fixed a typo. A new comment. Install various scripts to $(OPENSSLDIR)/misc instead of $(INSTALLTOP)/bin. A faster (and more general, and better documented) replacement for mklink.sh. Use util/mklink.pl instead of util/mklink.sh. Typo fixed. Fix make target "install". Obey $(PERL) when running util/mklink.pl. Pass PERL to sub-Makefiles during "make links". New Configure options "threads" and "no-threads". For Solaris and Linux, "threads" (with proper compiler options) is the default. Submitted by: Reviewed by: PR: Submitted by: Reviewed by: PR: Support INSTALL_PREFIX for packagers. ignore Makefile.save Superseded by mklink.pl. Remove extra brace. Hopefully improved compatibility with earlier versions of Perl5. New function SSL_CTX_set_session_id_context. Broken line that was too long. Use correct error macro so that error messages make sense. Add "static" to function definition Point out the "rehashing skipped" is not a problem. Support verify_depth from the SSL API without need for user-defined callbacks. New function SSL_CTX_use_certificate_chain_file. Entry for resolved error macro confusion. Annotate a bug. Some comments. Restored path names that were changed by a previous "Configure" run. (Rather than changing the files in places, we really should use .in files.) Submitted by: Reviewed by: PR: This was an unused derivate of an old version of s_client.c that had been changed so that it almost could be used under Windows. No one asked to keep it (and no one volunteered to bring it into useable state), so away with it. Submitted by: Reviewed by: PR: Use "const char *" instead of "char *" for filenames passed to functions. Move variable definitions into the blocks where they are really needed, so that warnings about unused variables don't appear if those blocks are removed by the C preprocessor. Some tiny changes to the source code to make future diffs smaller when restructuring the cert_st handling (removed unnused parts, and the like). Submitted by: Reviewed by: PR: Makefile.save was missing here. Submitted by: Reviewed by: PR: One comment was in the wrong line ... some others are new. Submitted by: Reviewed by: PR: Create a duplicate of the SSL_CTX's CERT in SSL_new instead of copying pointers. The cert_st handling is changed by this in various ways. Submitted by: Reviewed by: PR: No actual change, but the cert_st member of struct ssl_session_st is now called sess_cert instead of just cert. This is in preparation of further changes: Probably often when s->session->sess_cert is used, we should use s->cert instead; s->session->sess_cert should be a new structure containing only the stuff that is for just one connection (e.g. the peer's certificate, which the SSL client implementations currently store in s->session->[sess_]cert, which is a very confusing thing to do). Submitted by: Reviewed by: PR: New entry debug-solaris-usparc-gcc, as debug-solaris-sparc-gcc no longer applies to usparc systems. Submitted by: Reviewed by: PR: Moved some variable declarations inside blocks where they are needed so that warnings about unused variables (for certain -D... constellations) are avoided; this corresponds to the earlier change for SHA1. Submitted by: Reviewed by: PR: The various character predicates (isspace and the like) may not be used with negative char values, so I've added casts to unsigned char. Maybe what really should be done is change all those arrays and pointers to type unsigned char [] or unsigned char *, respectively; but using plain char with those predicates is just wrong, so something had to be done. Submitted by: Reviewed by: PR: Changed a comment. Submitted by: Reviewed by: PR: Make SSL library a little more fool-proof by not requiring any longer that SSL_set_{accept,connect}_state be called before SSL_{accept,connect} may be used. Submitted by: Reviewed by: PR: And I thought I could spell ... but in caps really everything looks the same. Submitted by: Reviewed by: PR: Clarify comment. Submitted by: Reviewed by: PR: argc counting bug fixed. Submitted by: Tomas Hulek Reviewed by: PR: Comment. Submitted by: Reviewed by: PR: First tiny changes in preparation of changing of "sess_cert" handling. Also I've subsituted real tabs for 8-spaces sequences in some lines so that things don't look that weird with a tab-width of 4. Spacing in comment corrected. For solaris-usparc configurations, avoid problems with GNU as, which cannot handle all opcodes we need. New structure type SESS_CERT used instead of CERT inside SSL_SESSION. While modifying the sources, I found some inconsistencies on the use of s->cert vs. s->session->sess_cert; I don't know if those could really have caused problems, but possibly this is a proper bug-fix and not just a clean-up. Some tiny clean-ups related to the cert_st / sess_cert_st change. Don't use reserved name "_encrypt" for parameters; instead I've picked "enc", because that's what's in the prototypes. ("_encrypt" is reserved only as an external name, but still using it in an application doesn't look like good style to me -- and it certainly isn't if the point is just avoiding shadowing, which is apparently why the previous name "encrypt" was changed.) Add release dates to the "CHANGES" file, because that's an obvious place to look for them. Change cast in function calls to that which is, I think, the right one for those functions (is it?). Delete a wish. *** empty log message *** Introduce and use function typedef pem_password_cb so that we don't call those functions without having a parameter list declaration. (There are various similar cases left ...) Fix cryptlib.c. Submitted by: Reviewed by: PR: Various bugfixes: Uses locking for some more of the stuff that is not thread-safe (where thread-safe counterparts are not available on all platforms), and don't memcpy to NULL-pointers Submitted by: Anonymous Reviewed by: Bodo Moeller Avoid compiler warnings for x86. A comment. Comment. Return 0 for an error, 1 for no error from read_options; that's what the calling code seems to expect. Update. Bugfix (set shutdown only when we should). Submitted by: Oleg Girko Comment. e_os* corrections. e_os2.h is used for things that must be visible when external applications use (certain parts of) OpenSSL. Use e_os2.h, not e_os.h in exported header file des.h. Get rid of another cast. Update dependencies. OPENSSL_EXTERN, OPENSSL_GLOBAL OPENSSL_EXTERN Use OPENSSL_GLOBAL, OPENSSL_EXTERN instead of GLOBAL and EXTERN. Don't run "make depend" automatically. Marked probable bug, pointed out by Anonymous. Added a comment pointing out the behaviour of "openssl x509 -conf ...", which cost me some time to find out about. Change type of various DES function arguments from des_cblock (meaning pointer to char) to des_cblock * (meaning pointer to array with 8 char elements), which allows the compiler to do more typechecking. (The changed argument types were of type des_cblock * back in SSLeay, and a lot of ugly casts were used then to turn them into pointers to elements; but it can be done without those casts.) DES changes. Typo. Keep text lines less than 80 characters wide. Clarification. Rename "openssl x509" option "-config" to "-extfile", because it doesn't have a default value like the "-config" options of other openssl subprograms. gcc (in some versions) doesn't like the const_des_cblock typedef. So omit it for now :-( Additional, more descriptive error message for rejection of a session ID because of missing session ID context (so that application programmers are directly pointed to what they should do differently). Make MD5 work on Alpha, and fix a bug. Submitted by: Andy Polyakov Substitute spaces for tab. If we couldn't handle "-showcerts" (which happens with the current SSL2 implementation), show at least the server certificate. Get rid of some unnecessary casts and add a necessary one. For Solaris with old gcc versions (that don't understand -mcpu=ultrasparc), don't silently step to solaris-sparc-gcc, which would unnecessarily use less efficient assembler code. Instead, use new configuration variant solaris-usparc-oldgcc; this also means that someone who reads the output of ./config will notice that it may be advantegeous to upgrade gcc. Bugfix: GCCVAR contains two lines ("Reading specs ..." and the actual version), so we need echo $GCCVAR | sed ... instead of echo "$GCCVAR" | sed ... to process it as intended. Convert gcc version detection (for solaris-usparc-gcc) into a form better suited for finding what went wrong in case that some compiler versions create an output we can't parse. Note that the numbering scheme used to be different. Add -mv8 to solaris-usparc-oldgcc. Change self-description (mklink.pl is not just faster than the last released version of mklink.sh -- the latter couldn't even handle the ../../include/openssl case). Some solaris-usparc MD5 fixes. Don't install e_os.h in include/openssl, use it only as a local include file. Add a kludge :-( There were problems with putting e_os.h just into the top directory, because the test programs are compiled within test/ in the "standard" case in in their original directories in the makefile.one case; and in the latter symlinks may not be available. It was a very bad idea to use #include "../e_os.h" -- when this occurs in cryptlib.h (which is often included as "../cryptlib.h"), then the question remains relative to which directory this is to be interpreted. gcc went one further directory up, as intended; but makedepend thinks differently, and so probably do some C compilers. So the ../ must go away; thus e_os.h goes back into include/openssl (but I now use #include "openssl/e_os.h" instead of to make the point) -- and we have another huge bunch of dependency changes. Argh. Older versions of SINIX C development system inherited a bug from SGI' cc; enable workaround. Submitted by: Martin Kraemer Remove traces of bad idea :-) We need e_os.h here. Avoid memory hole when we don't like the session proposed by the client Let ssl_get_prev_session reliably work in multi-threaded settings. Comment about bug. Detect linux-mips. Don't use NULL-pointer :-/ Final version for 0.9.3. Update for 0.9.3. Last minute VMS updates for 0.9.3. Submitted by: Richard Levitte Temporary workaround for IRIX64 build. Submitted by: Andy Polyakov Add closing parenthesis to usage output. Set #!... path to Perl in apps/der_chop automatically. Circument egcs bug. Submitted by: Andy Polyakov I386_ONLY is defined in opensslconf.h, so we need to include it. Submitted by: John Keith der_chop is now generated from der_chop.in. Ignore directories created by "make -f makefile.one". Change function call according to current API. *** empty log message *** Updated some demos. Submitted by: Sean O Riordain Updated C++ SSL demos. Submitted (a month ago) by: Wade Scholine Include . sco5-gcc configuration. Some assembler-related clean-ups. Pass INSTALL_PREFIX to subdirectories of crypto BSD/OS 4.x support (bsdi-elf-gcc) Adjust bsdi-elf-gcc to look more like FreeBSD-elf, linux-elf and the like. Complain about deficiency of internal_verify. "BTW, I no longer have a wish for this. This was solved in other ways." Mats Nilsson , <4.1.19990531095211.040bf2e0 at berit.xware.se> to More consistency. more typesafe stacks ... Labels longer than eight characters might cause problems. "linux-sparc64-gcc" configuration Submitted by: Ray Miller remove conflict indicator ... Update. More general definition for S_ISDIR (needed not only for VMS but also for NeXT). "linux-sparc" configuration. linux-sparc Comments added. Use only -O, not -O3 for NeXTstep: mkdir -p is not fully portable (according to Marc Crispin, NeXTstep creates a directory called -p); now mkdir-p.pl does its job. Mention mkdir-p.pl. Introduce "BIO pairs", which (when finished) will relay data so that the SSL library can be used for applications that have to handle all the actual I/O themselves. Don't mix real tabs with tabs expanded as 8 spaces -- that's a pain to read when using 4-space tabs. treat init properly Use the same path to perl in all #! lines in util. Use locking in a way that makes more sense. Fix for BIO pairs. Don't make assumptions on what the path looks like. Use mkdir-p.pl more efficiently. "request" added. Some pre-POSIX systems don't have unistd.h (but e.g. lib.c). Allow configuring the name of that header file. Mention unistd.h. DES CBC change looks dubious to me. "make update" (added to top Makefile, and applied). Unify DES library: ncbc_enc.c wasn't used, but its content was almost duplicated in cbc_enc.c (without IV updating) and in des_enc.c Update dependencies. des_cbc_encrypt / des_ncbc_encrypt issue. Delete unnecessary newlines in TABLE Oops, I forgot to add the dependency "TABLE: Configure". Repair PEM_write_PrivateKey and PEM_write_bio_PrivateKey. tiny optical change Another ... Avoid warnings. Avoid warning. Try to detect NeXT 3.3 (working Configure entry for this still missing) hpux-cc (HPUX 9.x) does not work with BN_LLONG (floating point exceptions). NeXT 3.3 can handle -O3 (3.0 can't). Don't use unquoted whitespace in "case" case. Changes for BSD/OS 4. BIO pairs. "make update" Avoid some warnings (on silly compilers). Bugfix. Provide fallback configurations for all hpux... configurations (problems with BN_LLONG have been reported both for hpux-cc and for hpux10-gcc). rc4_locl.h and bf_locl.h incorrectly defined _HEADER_...; opensslconf.h always expects HEADER_... (no leading underscore). Comment adjusted to reality. long obsolete Obsolete. Don't try to use zero-byte buffers. Some people don't have /dev/fd/0 on Solaris, so use - instead. Don't access configuration files outside the source tree. Use same name in the definition as in the header file declaration :-/ (the extra "get" makes the name quite long, but otherwise it'd sound as if you could request something rather than obtain information about what the peer did). New function CRYPTO_num_locks. "make update" Clarification. "make update" Perl variable names are case-sensitive ... Make some debug-... configurations more useful for debugging. Don't use inline assembler when configured for "no-asm". Avoid some memory holes, one of which was pointed out by "Chad C. Mulligan" . Close another memory hole. Memory leak checks. Update TABLE. configuration change for debugging The Mingw32 configuration entry was missing one colon (found by "Zot O'Connor" ). Also, Windows probably does not need the warning about multi-threading. Fix comments. Submitted by: Anonymous With mingw32, use "long long" rather than "_int64" (the latter does not work, at least the package mentioned in INSTALL.W32 does not know about it). Don't use ...-oldgcc for egcs compiler. New functions SSL[_CTX]_{set,get}_mode; the initial set of mode flags is SSL_MODE_ENABLE_PARTIAL_WRITE, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER. typo typo make debug-solaris-[u]sparc-gcc more useful Disable asserts for standard configurations. avoid confliction definitions of NDEBUG improve readability of #if conditions (ELF, if defined, supersedes BSDI [which we don't really define if ELF is defined, but who knows]) Updated to reflect recent "Configure" modification. Don't confuse mk1mf.pl by combining multiple options into one. Mention modification to Configure. remove editing artifacts Provide CFLAGS and PLATFORM information on Windows platforms. Fix memory checking. New function RSA_check_key, openssl rsa -check New function RSA_check_key. typo correct error handling Looks like another memory leak ... typo in string fix memory leak in s3_clnt.c cosmetic changes Judging from various messages on the OpenSSL mailing lists, HP-UX 10 with cc (but not gcc) seems to work well with BN_LLONG; but -O4 is too much. Fix option processing. Submitted by: Sam Tetherow "make clean" has to delete date.h Add optional (compile-time configurable) time to CRYPTO_mem_leaks output. This is much more helpful than the counter when doing tests with the library interactively. Have CRYPTO_MDEBUG_TIME automatically set CRYPTO_MDEBUG, and make it the default for some debugging configurations. New compile time option -DCRYPTO_MDEBUG_THREAD. SSL_MODE_ENABLE_PARTIAL_WRITE and SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER work as intended, both for SSLv2 and TLS. "make TABLE" (to follow recent Configure change) Auto-generated file -- this should not be under version control (and the other */asm/*.cpp files are not) slight clean-up avoid -DPLATFORM=\"...\" and -DCFLAGS=\"...\" command lines, use new file buildinf.h instead. Additional user data argument to pem_password_cb function type and to lots of PEM_... functions. Submitted by: Damien Miller additional argument for key_callback Torture weak compilers less by not automatically including x509.h where it is not needed. date.h no longer to be deleted by "make clean" ignore r586unix.cpp Don't include x509.h when we just need asn1.h summary of Andy's changes to Configure -DPLATFORM and -DCFLAGS command line arguments are no longer used. change CFLAGS to those given in Configure Use correct CFLAG definition for makefile.one builds. close files. Always use buildinf.h, which now includes the mk1mfinf.h data. Using different files caused problems because the dependencies in the Makefiles produced by mk1mf.pl were for the standard case, i.e. mentioned buildinf.h and not mk1mfinf.h. correct error signalling for opendir() failure by request: let BN_dup(NULL) just return NULL don't prematurely shut down socket -- use SSL_shutdown SSL_shutdown was done too early. The SSL_CTX's cert structure is not relevant for the SSL (because now SSL_new makes a copy). avoid cast fix previous modification -- if ssl->cert is NULL, don't follow the pointer. generate error message avoid some NO_ problems Revert previous change -- it was an accident. automatically use no-mdc2 if no-des is requested. Revert erroneous change. comment 0.9.4 won't be completed in July ... improve clarity of instructions Add a wish. New function DSA_dup_DH, and fixes for bugs that were found while implementing and using it. DSA_dup_DH. Dont' assume that something starting with '-' is a filename -- "openssl gendsa -help" now prints the usage summary, not error messages that now file -help was found. fix the bug change formatting a bit add some more entries for 0.9.4 New option "-crlf" to s_client and s_server which tells them to convert LFs into CRLFs when forwarding data from stdin to the TLS connection. This is necessary for properly talking HTTP. Because of the code freeze this change is by default disabled for now; without -DAPPS_CRLF, the code is exactly as before. 0.9.4 more consistent formatting add comments Comments. spelling Provide fixed seed for parameter generation to speed up -dhe1024. -crlf option. BIO_write and BIO_read could, in theory, return -2. Updates. Prototypes and constant declarations for non-copying reads and writes for BIO pairs (which is totally untested as of now, so I don't yet commit the actual source code, but reserve the numbers to avoid conflicts). Fix typo. Submitted by: Lidong Zhou Remove -DWINDOWS in debug configuration. Disable the text about foo.h => openssl/foo.h. Everyone should have got it by now. Return 0 for succesful exit when -noout is used. Really undo the base64 change so that make test survives Fix horrible (and hard to track down) bug in ssl23_get_client_hello: In case of a restart, v[0] and v[1] were incorrectly initialised. This was interpreted by ssl3_get_client_key_exchange as an RSA decryption failure (don't ask me why) and caused it to create a _random_ master key instead (even weirder), which obviously led to incorrect input to ssl3_generate_master_secret and thus caused "block cipher pad is wrong" error messages from ssl3_enc for the client's Finished message. Arrgh. Handle "#if 0" correctly (I hope) Use closesocket macro consistently, not close directly, for easier portability. Submitted by: Lennart B??ng -no_dhe option for ssltest.c Fix server behaviour when facing backwards-compatible client hellos. Make previous bugfix actually work use explicit constant 11 just once Reinitialize global variables when necessary (for monolith application). Reinitialize conf to NULL whenver ca application is started. Submitted by: Lennart Bang Non-copying interface to BIO pairs. It's still totally untested ... some more patches for avoiding problems with non-automatic variables Re-enable message about transition => because various programs are not updated that often and hence still expect header files names without the openssl/ prefix. Truncate message about "new" include filenames typo Use non-copying BIO interface in ssltest.c. "make update" Repair another bug in s23_get_client_hello: tls1 did not survive to restarts, so get rid of it. Fix yet another bug for client hello handling. Set s->version correctly for "natural" SSL 3.0 client hello Add some debug-solaris-...-cc configurations. typo in a comment Update dependencies. Document -startdate and -enddate in usage summary. Keep line lengths < 80 characters. typo Fix typo that I introduced when reformatting lines. Use a temporary file, not a pipe, for BN test because there are some broken bc's around. Bugfix: avoid opening CAfile when it's NULL. Honor BUFSIZZ definition in s_server, don't use tiny 32 byte buffer (which leads to truncation of client cipher list). Fix typo in error message. new control code BIO_C_RESET_READ_REQUEST "make update" Pass $(RANLIB) when doing "make install" in subdirectories; rsaref needs ist. Use of DEVRANDOM must be #ifdef'ed (the #ifdef was commented out between SSLeay 0.8.1b and 0.9.0b with no apparent reason). If we *want* an error when DEVRANDOM is not defined (it always is with the current e_os.h) we should use #error. Respect PEX_LIBS and EX_LIBS when building binaries (needed for RSAREF builds) Improve support for running everything as a monolithic application. Update Borland C++ builder support. Report an error from X509_STORE_load_locations when X509_LOOKUP_load_file or X509_LOOKUP_add_dir failed. Various randomness handling bugfixes and improvements -- some utilities that should have used RANDFILE did not, and -rand handling was broken except in genrsa. New file app_rand.c with some functionality used in various openssl applications. Don't be overly paranoid. Warn about RANDFILE being overwritten. Make md_rand.c more robust. Always hash the pid in the first iteration in ssleay_rand_bytes, don't try to detect fork()s by looking at getpid(). The reason is that threads sharing the same memory can have different PIDs; it's inefficient to run RAND_seed each time a different thread calls RAND_bytes. Avoid some warnings. Undo silly change. Avoid deadlock. Store verify_result with sessions to avoid potential security hole. Restore traditional SSL_get_session behaviour so that s_client and s_server don't leak tons of memory. Add functions des_set_key_checked, des_set_key_unchecked. Never use des_set_key (it depends on the global variable des_check_key), but usually des_set_key_unchecked. Only destest.c bothered to look at the return values of des_set_key, but it did not set des_check_key -- if it had done so, most checks would have failed because of wrong parity and because of weak keys. Use des_set_key_unchecked, not des_set_key. Useless files deleted -- they were just copies of files of the same name in the apps/ directory (which were recently changed). Add missing semicolon to make compiler happy, and switch back from MemCheck_start() to CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) because that is what applications should use (MemCheck_start/stop never really worked for applications unless CRYPTO_MDEBUG was defined both when compiling the library and when compiling the application, so probably we should get rid of it). Add a comment. Point out that openssl-bugs is public. Avoid shadowing p to make the compiler happy. - Don't assume that int and size_t have the same representation (and that malloc can be called with an int argument). - Use proper prototypes (with argument list) for various function pointers, avoid casts (however there are still many such cases left in these files). - Avoid collissions in app_info_cmp if sizeof int != sizeof long. - Use CRYPTO_LOCK_MALLOC in mem_dbg.c. fix typos and other little errors ... Rename CRYPTO_add_info => CRYPTO_push_info CRYPTO_remove_info => CRYPTO_pop_info in the hope that these names are more descriptive; and "make update". Correct spelling, and don't abuse grave accent as left quote (which was allowed by old ASCII definitions but is not compatible with ISO 8859-1, ISO 10646 etc.). fix comment Delete NO_PROTO section (which apparently was just a typo for NOPROTO -- if anyone had actually ever needed that they should have fixed this typo) Fix SSL_CTX_add_session: When two SSL_SESSIONs have the same ID, they can sometimes be different memory structures. Don't request client certificate in anonymous ciphersuites except when following the specs is bound to fail. Rename CA.pl to CA.pl.in (no actual changes), and let Configure set the #! line with the path to Perl. Slight code cleanup for handling finished labels. Use prototypes. Use separate arrays for certificate verify and for finished hashes. Use less complicated arrangement for data strutures related to Finished messages. New functions SSL_get_finished, SSL_get_peer_finished. add "UnixWare", treated like "unixware" add V_CRYPTO_MDEBUG_ALL Submitted by: Reviewed by: PR: make no-des and no-rc2 work. apps/openssl.cnf and the documentation say it's "nombstr", but crypto/asn1/a_strnid.c had "nombchar". CA.pl is now generated automatically (using CA.pl.in as input) Use basename instead of complicated sed line. Unify doc/openssl.pod and doc/man/openssl.pod, which were almost the same and now are identical. The next step will be to delete doc/openssl.pod, this is just to see the individual CVS deltas. superseded by doc/man/openssl.pod s_client and s_server now have their own man pages. Clean up some of the SSL server code. The buffer in ss3_read_n cannot actually occur because it is never called with max > n when extend is set. add check for internal error add dependency and auto-generation rule for bn_prime.h (created by bn_prime.pl, which now prints the copyright/license note as found in bn_prime.h) Turn BN_prime_checks into a macro. Note about CRYPTO_malloc_init Use CRYPTO_push_info to find a memory leak in pkcs12.c. note about things still to do with RAND_bytes slightly change usage information Use CRYPTO_push_info to track down memory leak (only the CRYPTO_push_info's in the apps/ directory are included in the CVS commit, not all those I used in crypto/) Avoid shadowing variables, and re-enable seeding with more data than read from DEVRANDOM -- just don't pretend it contains entropy. Avoid some warnings, and run "make update". - Pseudo-seed the PRNG in programs used for "make test" because otherwise BN_rand will fail unless DEVRANDOM works, which causes the programs to dump core because they don't check the return value of BN_rand (and if they did, we still couldn't test anything). In EVP_PKEY_assign[_...], return 0 for an error when they "key" is NULL. Let "make test" survive without DEVRANDOM (and rename a target in test/Makefile.ssl to make it easier to guess the name of the file executed by it) Delete "random" file .rnd in "make clean". Enable memory checking earlier (we correctly free everything except for the BIO through which we print the memory leak list, and the leak printing function ignores this one block). RAND_bytes's return values is 0 for an error, not -1. add "randomness" In ssl3_read_n, set rwstate to SSL_NOTHING when the requested number of bytes could be read. SSL_R_UNSUPPORTED_PROTOCOL (as in s23_clnt.c) for SSL 2 when NO_SSL2 is defined, not SSL_R_UNKNOWN_PROTOCOL. Define WINDOWS. Define WINDOWS for Mingw32 and Cygwin. Rename lst1 to list1 to avoid name conflict on some platforms. Define WINDOWS in all Mingw32 cases. mention manual pages doc/man moved to doc/apps Don't "goto err" in client_master_key because no such label exists; just return -1 as in other error cases. add ERR_print_errors after "end" label. In RAND_write_file, truncate the file to the no. of bytes written (we're now using fopen(..., "rb+") instead of fopen(..., "wb"), so the file is not truncated automatically). Avoid integer overflow in entropy counter. Slightly clarify the RAND_... documentation. change comments update PRNG documentation/comments As ftruncate is not availabe on all platforms, switch back to opening the output file with "wb" to truncate it except on VMS (where the file now keeps its original length because it is opened with "rb+" -- does VMS have ftruncate?) Under VMS, ftruncate should be available The des_xcbc_encrypt apparently always fails. Workaround so that "make test" continues anyway. RAND_pseudo_bytes is good enough for encryption IVs, we should not need RAND_bytes (and we cannot use the latter unless we load a seed file) RAND_load_file(..., -1) now means "read the complete file"; this is what we now use to read $RANDFILE / $HOME/.rnd. (Previously, after 'cat'ting lots of stuff into .rnd only the first MB would be looked at.) Give the correct e-mail address even though the message is not quite serious Document RAND_load_file change. Improve clarity. Avoid a race condition. New manual page. Clarification. Some comments added, and slight code clean-ups. Correct typos that ispell did not find. Small correction. Update references. enable Montgomery test Add a pointer to a paper (is the algorithm in section 4.2 the word-based algorithm we are using?) Update comments to provide a better approximation of reality. typo in a comment A couple of things were reversed for BN_pseudo_rand ... more information on 0.9.5 Make DSA_generate_parameters, and fix a couple of bug (including another problem in the s3_srvr.c state machine). Tiny changes to previous patch (the log message was meant to be "Make DSA_generate_parameters faster"). Make output of "openssl dsaparam 1024" more interesting :-) Documentation for BN_is_prime_fasttest. Reference for SHA-1. Change log entry completed. Pointer to important manual page that should be written. Typo in preprocessor symbol. If n0 == d0, we must alway compute 'rem' "by hand" rndsort{Miller, Rabin} primality test. Tolerate negative numbers in BN_is_prime. Include OpenSSL license. Some 'const's for BNs. Correct spelling as it was done in the source. Use correct, not American spelling. Report progress as in dsatest.c when creating a DHE key. Generate just one error code if iterated SSL_CTX_get() fails. Avoid enabled 'assert()' in production library. Commit patch to bn.h that CVS decided to throw away during 'cvs update', and initialize too_many because memset(..., 0, ...) is not used here. Cosmetic changes. Correction: openssl.c must get the long version of the apps_startup() macro Memory leak. Note about des_ncbc_encrypt. 16 * 8 = 128. 'passwd' tool. Implement MD5-based "apr1" password hash. Update. Corrections. Casts now unnecessary because of changed prototype. Make sure the return value of by_file_ctrl(..., X509_L_FILE_LOAD, ...) aka X509_LOOKUP_load_file(...) is always 0 or 1, not the counter returned from the recently introduced function X509_load_cert_crl_file. X509_STORE_load_locations expects X509_LOOKUP_load_file to return 1 on success, and possibly there's other software that relies on this too. add missing 'static' Avoid potential conflicts between #defines in opensslconf.h and defines when compiling applications, and allow applications to select what #defines to enable -- OPENSSL_EXLUCDE_DEFINES enables the "#define NO_whatever" stuff only, which avoids potential severe confusion caused by "#define _REENTRANT" when opensslconf.h is not the first header file #included. Stay compatible to older Perl5 releases (see diff -r1.11 -r1.12). Change the example to show apr1 with an 8-character salt. Keep variable names consistent with corresponding pre-processor symbols. Allow for higher granularity of entropy estimates by using 'double' instead of 'unsigned' counters. Seed PRNG in MacOS/GetHTTPS.src/GetHTTPS.cpp. Tolerate fragmentation and interleaving in the SSL 3/TLS record layer. ignore Client Hellos when we're in handshake anyway Workaround for irrelevant problem. Move MAC computations for Finished from ssl3_read_bytes into ssl3_get_message, which is more logical (and avoids a bug, in addition to the one that I introduced yesterday :-) and makes Microsoft "fast SGC" less special. MS SGC should still work now without an extra state of its own (it goes directly to SSL3_ST_SR_CLNT_HELLO_C, which is the usual state for reading the body of a Client Hello message), however this should be tested to make sure, and I don't have a MS SGC client. More news. Move ssl3_do_write from s3_pkt.c to s3_both.c. Fix some bugs and document others Workarounds to make broken programs happy (such as s_client and s_server). Avoid filename "test.c" because otherwise "make test" will invoke a default rule built into make. Don't define platform-dependent preprocessor symbols for OPENSSL_THREAD_DEFINES. Do fflush(stdout) when there was an error. Don't use buffered fread() to read from DEVRANDOM, because this will drain the entropy pool. Version 0.9.5beta2-dev (so that the next snapshot will not claim to be 0.9.5beta1). handle entropy estimate correctly Clarification. Use threads for linux-ppc. Ignore files that, well, should be ignored. Fix warnings by using unsigned int where appropriate. In "make clean", delete files created by "make report". Fix off-by-one error :-) Add OpenSSL licen[cs]e. The previous revision should have generated _more_ warnings, not less ... The return value of handshake_func is signed, not unsigned. Use unsigned loop index to make compilers happy More get0 et al. changes. Also provide fgrep targets in CHANGES where the new functions are mentioned. Add a comment. Use standard header file string.h for memset prototype (where "standard" refers to the C language, probably there's also some standard that defines memory.h). Switch to 0.9.6, and finally remove the annoying message about renamed header files. Point to INSTALL.MacOS for MacOS pre X. Check BN_rand return value. 'rand' application for creating pseudo-random files. Document the 'rand' application. 'rand'/'-rand' documentation. Change comment. Use RAND_METHOD for implementing RAND_status. Add missing dependencies. Update comment. Use RAND_pseudo_bytes, not RAND_bytes, for IVs/salts. Use RAND_pseudo_bytes, not RAND_bytes, for IVs/salts. Fix for previous patch: If RAND_pseudo_bytes returns 0, this is not an error. New '-dsaparam' option for 'openssl dhparam', and related fixes. Avoid potential memory leak in code generated by 'openssl dhparam -C'. Use signed type where -1 may be returned. Add an #include. Note about PRNG error message for openssl command line tool. Generate correct error reasons strings for SYSerr. Change output text (ar is not a linker). Read complete seed files given in -rand options. There is no reason to use downcase letters throughout in error reason strings, it's just the default because it's usually ok. Preserve reason strings in automatically build tables. Add missing include (only MONOLITH builds were possible without it). Submitted by: Andrew W. Gray Fix the indentation, and avoid a compiler warning. {NEXT,OPEN}STEP don't have pid_t. spelling Clarification. Manual page installation did not work if INSTALL_PREFIX was a relative path. typo another typo Change to code generated by 'dhparam -C': Always use fixed DH parameters created with 'dhparam -C', don't dynamically create them. This allows using ssltest for approximate performance comparisons: $ time ./ssltest -num 50 -tls1 -cert ../apps/server2.pem \ [-no_dhe|-dhe1024dsa|-dhe1024] (server2.pem contains a 1024 bit RSA key, the default has only 512 bits.) Note that these timings contain both the server's and the client's computations, they are not a good indicator for server workload in different configurations. Mention -ign_eof. Use signed types where necessary, and add missing functionality to make SSL_nread0 work. On NeXT, ssize_t is int, not long (see -- the definition is activated only when _POSIX_SOURCE is defined). Workaround for Windoze weirdness. cleaning up a little Remove Win32 assembler files. They are always rebuilt (with some choice of parameters) when they are needed. Connection timings (using ISO C function clock()). Copy DH key (if available) in addition to the bare parameters in SSL_new. If SSL_OP_SINGLE_DH_USE is set, don't waste time in SSL_[CTX_]set_tmp_dh on computing a DH key that will be ignored anyway. Don't try to test the RSA command if it is not available. Update test suite so that 'make test' succeeds in 'no-rsa' configuration. Update usage info Corrections. Include a timing test that works without RSA. "openssl no-..." commands for avoiding the need to grep "openssl list-standard-commands". Run test_ssl last -- it's the only test that really uses the SSL library in addition to the crypto library. Clarifications for 'no-XXX'. Correction. typo another typo Remove "Makefile.uni" files and some related stuff. This was meant for building individual ciphers separately; but nothing of this is maintained, it does not work because we rely on central configuration by the Configure utility with etc., so the files are only wasting space and time. Use correct function names in SSLerr macros. Insert a comment: This is one of the few files in this directory that is actually used (even though it may not appear so at first sight). SSL_ALLOW_ADH no longer has a meaning. Avoid a warning. Remove CRYPTO_push/pop_info invocations to improve code readability -- I hope all memory leaks that may occur here have already been tracked down. Point out the PRNG usage bug affecting openssl rsa. (Should we point to snapshots, or directly give the one-line patch?) Eliminate memory leaks in mem_dbg.c. Document pseudo-commands. "make update" Update for new hpux-parisc-cc-o4 entry. Explain configuration options more completely. List "no-..." option first because it's the most frequently needed one. NeXT workaround. Comments for SSL_get_peer_cert_chain inconsistency. Fix typo in -clrext option, but add a compatibility hack because 0.9.5a should not break anything that works in 0.9.5. 'entropy >= ENTROPY_NEEDED' should be evaluated while the variables are locked. Entry for ssleay_rand_status locking fix. Extend entry on ERR_print_errors. Avoid memory leak. Clarifications. In theory, TLS v1 ciphersuites are not the same as SSL v3 ciphersuites "make update" for DSO additions. Minor corrections. New function ERR_error_string_n. Ignore lib and Makefile.save. Correction. Warn about truncation also in the case when a single password is read using the password prompt. Stylistic changes: Don't use a macro for the malloc'ed length since it is not constant. Avoid leaking memory in thread_hash (and enable memory leak detection for it). Add missing #include. Fix a memory leak, and don't generate inappropriate error message when PEM_read_bio_X509_REQ fails. Note apps/x509.c bugfixes. When open()ing 'file' in RAND_write_file, don't use O_EXCL. This is superfluous now that we don't have to avoid creating multiple versions of the file on VMS (because older versions are now deleted). typo Add "FIXME" comment, and adjust the indentation. Fix "FIXME" indentation :-) Add required cast. Avoid sprintf. Avoid sprintf, and harmonize indentation. Avoid sprintf. Avoid sprintf Implement SSL_OP_TLS_ROLLBACK_BUG for servers. typo Bugfix: clear error queue after ignoring ssl_verify_cert_chain result. Improve PRNG robustness. Add "FIXME" comment. Move Windows seeding functions into a separate file. They have nothing to do with the particular PRNG (md_rand.c). When compiling with /opt/SUNWspro/SC4.2/bin/cc on Solaris, __svr4__ is not defined, but __SVR4 is. strtoul is not used anywhere. dh and gendh have been obsoleted by dhparam. typo int may be smaller than 32 bits. use consistent indentation No need to abort if c_rehash fails here (e.g. because Perl is not where it is expected). Speed up DH with small generator. Use the equivalent of a sliding window (without precomputation because we're only handling words anyway) in BN_mod_exp_mont_word making it a little faster for very small exponents, and adjust the performance gain estimate in CHANGES according to slightly more thorough measurements. (15% faster than BN_mod_exp_mont for "large" base, 20% faster than BN_mod_exp_mont for small base.) Add entry that Richard forgot. Slightly faster DSA verification (BN_mod_exp2_mont), marginally faster BN_mod_exp for 1024 bit exponents. Accept -F4 option in lower case, which is what the usage information says one should use. Harmonize indentation. Another attempt to allow compiling on SunOS 4.*. Comment for increased code clarity. Comment about bcopy on SunOS 4.x. BN_mod_exp_mont_word entry: Don't give performance gain estimates that appear to be more precise than they really are, especially when they are wrong (2/(1/1.15 + 1) = ca. 1.0698). In longer tests with g=2, DH exchange does not become quite as fast as expected -- maybe it's the different processor, maybe my previous timings were too inaccurate. Use BN_CTX_end when exiting early from BN_mod_exp_mont_word because BN_mod_exp_atalla could be used. This probably fixes a BN_rshift bug. Report "error" (usually just "File exists", which is harmless) when symlink() fails. There are compilers that complain if a variable has the same name as a label. (Reported by Alexei Bakharevski.) In EVP_BytesToKey, replace explicit "8" by "PKCS5_SALT_LEN". typo Using speaking "variable" names in macros so that e.g. grepping for sk_whatever_insert and sk_whatever_set immediately reveals the subtle difference in parameter order. Add OPENSSL_free at the end of CRYPTO_destroy_dynlockid. Avoid unnecessary links and incomplete program file in apps/. In BN_mod_exp_mont_word, avoid one application of BN_MOD_MUL_WORD, and for small 'a' also a couple of calls to BN_mod_mul_montgomery(r, r, r, ...). Actually comment out the parts of BN_MOD_MUL_WORD that I inteded to comment out in the previous commit BSD-style MD5-based password algorithm in 'openssl passwd'. (Still needs to be tested against the original using sample passwords of different length.) Don't dereference NULL pointers. Submitted by: bowe at chip.ma.certco.com Fix code structure (if ... else if ... where both parts may be disabled by preprocessor symbols) Return bignum '0' when BN_rand is asked for a 0 bit random number. Add an early reference to BN_CTX_new so that the usage of BN_CTX_start is easier to grasp. Document -purpose option in usage string. Bugfix: use write locks, not just read locks crypto/err.c bugfix Fix SSL 2.0 rollback checking: The previous implementation of the test was never triggered due to an off-by-one error. Document rollback issues. Update 'openssl passwd' documentation on selection of algorithms. Include SKIP DH parameters with OpenSSL. These have been created by a SHA.1 based procedure, see http://www.skip-vpn.org/spec/numbers.html. (These values are taken from that document, I have not implemented the prime generator.) -N option to diff is not essential, and mentioning it is unnecessarily confusing to people whose diff doesn't implement it. QNX 4 support. Use C syntax, not FORTRAN or whatever that was :-) Undo change from 1.7 to 1.8: Tell CVS to ignore 'lib'. Include MD4 in documentation. -Wall insists that main return an int. Fix for BN_mul_word(a, 0). Avoid abort() throughout the library, except when preprocessor symbols for debugging are defined. Use consistent indentation, Consistency Remove silly test for b->references at the end of BIO_write: If some other thread deletes the BIO that one thread needs for BIO_write, then there's a lot of trouble anyway; there's nothing special about calling the callback. Ignore Makefile.save Increase print buffer (10K instead of just 2K). Mention fix in bio_lib.c. Clarification for SSL_ERROR_ZERO_RETURN Add rsautl. update Add OAEP. Seed the PRNG. typo Changes for QNX: there is no thread support, and the previous configuration only worked with no-asm. 'make update' Fix X509_STORE_CTX_init. Make indentation more consistent. Dump core less often. More indentation consistency: for (), while (), if (), return () usually get a space between keyword and opening paranthesis so that they don't look like function calls, where no space is used. Another round of indentation changes: Position braces consistently, add some whitespace for 'if ()', 'for ()', 'while ()' to distinguish keywords from function names, and finally remove parens around return values (why be stingy with whitespace but fill the source code with an abundance of parentheses that are not needed to structure expressions for readability?). Another superfluous pair of parentheses. See RSA Security's press release at http://www.rsasecurity.com/news/pr/000906-1.html (September 6, 2000): "RSA Security Releases RSA Encryption Algorithm into Public Domain" Get rid of ASN1_UTCTIME_get, which cannot work with time_t return type (on platforms where time_t is a 32 bit value). Use name ...-whatever-solaris2 instead of ...-sun-solaris2 (the middle string describes the architecture). clarification (source/sink BIOs are usually *both* source and sink) New SSL API mode 'SSL_MODE_AUTO_RETRY', which disables the default behaviour that SSL_read may result in SSL_ERROR_WANT_READ. 'make update' Some small clarifications. Clarification. Change spelling back to "behaviour" and "flavour" instead of the American variants. TLS => TLS/SSL SSL => TLS/SSL Rename new BIO_set_shutdown_wr macro to just BIO_shutdown_wr (it's similar to the shutdown(..., SHUT_WR) system call for sockets). Disable buggy code variant in BN_mod_mul_montgomery that was enabled in 0.9.6-beta1 and 0.9.6-beta2 and caused the BN_mont_exp_mont_word() failure (bug report "openssh 2.2.0p1 fails with openssl 0.9.6-beta1"). Document BN_mod_mul_montgomery bug; make disabled code slightly more correct (this does not solve the problem though). Clarification about Montgomery problem Totally remove the supposedly 'faster' variant in BN_mod_mul_montgomery, which calls bn_sqr_recursive without much preparation. Additions for 0.9.6. Avoid protocol rollback. typo Fix SSL_CTX_set_read_ahead macro. Don't modify s->read_ahead in SSL_clear, which is called from accept/connect functions; those should not change the read_ahead setting of the SSL structure. Set s->read_ahead in SSL_new because SSL_clear no longer modifies it. Note read_ahead-flag related fixes. Add BUGS section. Verbose output when installing manual pages so that you see that something is going on (and what). BIO_sock_init() returns 1 for success and -1 for failure, not 0; thus the condition '!BIO_sock_init()' doesn't make sense. Don't ever set 'seeded' if RAND_status() returned 0 (although maybe this static variable should be abolished totally, it was introduced before RAND_status existed). internal_verify now does know about extensions Cert chain verification is useable by now. Whether Steve is still working on 'proper' verification is up to him to decide ... rsautl.c requires RSA. Never call load_dh_param(NULL) because this leads to an illegal fopen(NULL). avoid memory leak handle the case when BN_new returns NULL Handle BN_copy failure after successful BN_new. BN_CTX-related fixes. tmp2 is not used in BN_mod_mul_montgomery. add missing word Point to SSL_set_bio(3) early because that manpage provides information that is essential for using BIO pairs. Additional explanations for SSL_ERROR_WANT_READ/WRITE. Constify bn_dump1 implementation so that it matches the prototype in bn.h Improve usability of 'openssl passwd' by including password verification where it makes sense. Documentation on using the SSL library with non-blocking I/O. tag SSL_peek bugs include 'err' label only when it is actually used Increase permissible ClientKeyExchange message length. Elliptic curves over GF(p), new BIGNUM functions, Montgomery re-implementation. Remove CR at line ends. modular arithmetics Add bn_mod.c (should have happend in the previous commit ...). More BN_mod_... functions. Change submitted files so that they compile (in particular, use BN_CTX_start/get/end instead of accessing ctx->tos). Change submitted files so that they compile (in particular, use BN_CTX_start/get/end instead of accessing ctx->tos). Fix BN_is_... macros. Fix BN_gcd. Analyze BN_mod_inverse. Add BN_kronecker. "make update". Undo previous commit, which was an accident. Add bn_kron.c (BN_kronecker), which I forgot in the previous commit. Add test_kron function, which will contain a test for BN_kronecker. Disable SSL_peek until it is fixed. Comments on SSL_peek deficiencies Correct a bug in BN_kronecker. Note that SSL_peek has been disabled. Timings. Use BN_pseudo_rand instead of BN_rand Improve BN_mod_inverse performance. Make BN_mod_inverse a little faster avoid segmentation fault Implement BN_kronecker test. Expand expspeed.c to make BN_kronecker timings. This caused a segmentation fault in calls to malloc, so I cleaned up bn_lib.c a little so that it is easier to see what is going on. The bug turned out to be an off-by-one error in BN_bin2bn. BN_bin2bn did *not* contain an off-by-one error; I'm still investigating what caused the segementation fault (maybe "make clean; make" will cure it ...). But BN_bin2bn should always reset ret->neg. Fix warnings in expspeed.c (but the segmentation fault remains) add missing braces BN_to_montgomery expects its inputs to be in the interval 0 .. modulus-1, so we have to reduce the random numbers used in test_mont. Fix BN_kronecker so that it works correctly if 'a' is negative (we need the two's complement of BN_lsw then). mark a bug BN_legendre is no longer needed now that OpenSSL has BN_kronecker. BN_sqrt BN_mod_sqrt Handle special cases correctly in exponentation functions. Fix bntest.c problem -- one of the primes got lost bn_modfs.c is no longer needed, a BN_sqrt implementation exists in bn_sqrt.c now Move reduction step from BN_mod_exp to BN_mod_exp_mont_word. Fix BN_mod_exp_simple for a==0 (mod m). Skip useless round in BN_mod_sqrt (1 is always a square, no need to test BN_kronecker for it). BN_mod_exp problems ... Corrections to the comments in BN_mod_inverse. Changes to Lenka's Montgomery implementation. It's "#elif", not "#elsif". BN_mod_exp(r,a,p,m,ctx) should not be called with r == p. But even if this is avoided, there are still segmentation violations (during one of the BN_free()s at the end of test_kron in some cases, in other cases during BN_kronecker, or later in BN_sqrt; choosing a different exponentiation algorithm in bntest.c appears to influence when the SIGSEGV takes place). Remove randomness from the test. These constants give me a segment violation in test_kron on a 32 bit system. Fix BN_rshift, which caused lots of trouble. Fix the recently introduced test that checks if the result is 0 COMP_zlib should always be declared, even if it is not functional. update "make depend" functionality for BN_mod_sqrt timings Don't allow BIGNUMs to become so large that computations with dmax might overflow. include Change error message to "bignum too long" Improve formatting. Discuss http://www.shoup.net/papers/oaep.ps.Z Workaround for broken (or missing) bc. Add a comment. Use bc's "print" feature whenever it is available, not just on certain platforms. Printing "verify ..." should not be counted as a test for the "xxx tests passed" message. Faster BN_mod_sqrt algorithm for p == 5 (8). BN_mod_sqrt documentation/comment Move 'q->neg = 0' to those places where it is needed (just in cases someone uses a negative modulus) Sign-related fixes (and tests). TEST_MUL and TEST_SQR added. Fix some things that look like bugs. Placeholder for SCO bc bug detection Don't throw away bctest's error messages. Use continuation lines in test/bctest as far as it is possible to dermine what the expression should look like. Apparently CVS does not like lines longer than about 2^10 characters. Change/add comments Update. First step towards SSL_peek fix. The BN_mul bug test apparently is no longer needed typo Very few in the "README" is up-to-date The C version of bn_sub_part_words is needed not only in NO_ASM configurations Locking issues. If CONF_get_string returns NULL and we want to tolerate this (e.g., use a default), we have to call ERR_clear_error(). Simplify preprocessor statements. When mentioning features that don't exist in current releases of OpenSSL (such as the new undocumented '-prexit' option to s_client), the FAQ should point out that they don't: The FAQ is not just part of the release, it's current version is also published on the web. undo previous change: '-prexit' is already available in current versions of s_client Obtain lock CRYPTO_LOCK_RSA before creating BN_MONT_CTX structures and setting rsa->_method_mod_{n,p,q}. Comment correction. Import s2_pkt.c wbuf fixes from OpenSSL_0_9_6-stable branch. Add a comment (intended change) Don't hold CRYPTO_LOCK_RSA during time-consuming operations. fix indentation Split a CHANGES entry so that one of the halves matches the corresponding new entry in the OpenSSL_0_9_6-stable branch. Don't access non-existing element buf[256], use buf[255] instead. Fix SSL_peek and SSL_pending. Finish SSL_peek/SSL_pending fixes. Get rid of unused error code. Change prototypes for new CRYPTO_..._mem_ex_functions functions so that they match the function definitions (namely, remove file/line parameters from free_func). Fix C code generate by 'openssl dsaparam -C'. Add a pointer to digest options in the description of -fingerprint. 'char' argument to islower must be converted to 'unsigned char' Add SSLEAY_DIR argument code for SSLeay_version. Add '-d' option for 'openssl version' (included in '-a'). make indentation consistent Last time I asked, no-one appeared to remember if these "NEEDS PATCH" entries are still current or what they are about: Add new items: - 0.9.6a is under development - a couple of illegal includes of should be purged - ex_data sucks Use $(PERL) in place of hard-coded perl Pass ${PERL} down to the Makefile in sub-directory "test" in "make tests" It's silly to use a different default for PERL than in the top Makefile. (The default is never actually used though because the top Makefile passes its value of PERL down to sub-Makefiles.) After discussion with Richard, change the new API for extended memory allocation callbacks so that it is no longer visible to applications that these live at a different call level than conventional memory allocation callbacks. No functional change, but slightly improved code clarity. New -newreq-nodes option to CA.pl. Remove "AVAILABLE PATCH" that has now been applied. When we are waiting for user action, we should say this explicitly. note strncpy problem isspace must be used only on *unsigned* chars New 'openssl ca -status ' and 'openssl ca -updatedb' commands. Disable RegQueryValueEx() call. Problem reported by "Wolfgang Marczy" in a message to openssl-dev (19 Dec 2000 13:40:51 +0100). New '-extfile' option for 'openssl ca'. This allows keeping extensions in a separate configuration file. Fix openssl passwd -1 More on the e_os.h mess ... Use OpenSSL_add_all_algorithms instead of the backwards compatibility alias SSLeay_add_all_algorithms For improved compatibility with 'strange' certificates, add some digest aliases (as found in OpenSSL_add_all_digests). EVP_add_digest_alias additions to SS_library_init Update "OAEP reconsidered" comment update Comment and indentation Remove serial number file during 'make clean'. Include string.h (whis is in all relevant standards) instead of memory.h (which is not). don't dump core Avoid coredumps for CONF_get_...(NULL, ...) platform specific CFLAGS don't belong into this Makefile Integrate my implementation of a countermeasure against Bleichenbacher's DSA attack. With this implementation, the expected number of iterations never exceeds 2. oops -- remove observation code Change comments. (The expected number of iterations in BN_rand_range never exceeds 1.333...). Another comment change. (Previous comment does not apply for range = 11000000... or range = 100000...) add linux-s390 configuration (based on information submitted by Denis Beauchemin ) fix editing error Simplify BN_rand_range use case-insensitive comparison in set_table_opts (similar to how arguments such as -inform/-outform specifications are treated) disable stdin buffering in load_cert Add German SiG root certificates (extracted from the official cert registry file http://www.nrca-ds.de/ftp/pkd.ttp, which contains a total of 288 certificates issued by the RegPT so far) Oops: It's RegTP, not RegPT ... Add uid.{c,o} Memory leak detection bugfixes for multi-threading. Fix BN_[pseudo_]rand: 'mask' must be used even if top=-1. update honour '-no_tmp_rsa' include e_os.h as "openssl/e_os.h" (as elsewhere) undo previous change: "e_os.h" is now the official name for the file to include (but the OpenSSL_0_9_6-stable branche still has inconsistencies) e_os.h problems have been solved in the main branch. EC_set_half and the 'h' component of struct bn_ec_struct are unnecessary. The computations for which h was used can be done more efficiently by using BN_rshift1. increase emailAddress_max New option '-subj arg' for 'openssl req' and 'openssl ca'. This sets the subject name for a new request or supersedes the subject name in a given request. Move ec.h to ec2.h because it is not compatible with what we will use. Add more EC vaporware (empty source code files I missed in my previous commit). Add yet another (still empty) source code file that I forgot. Another file I had forgotten to add. Some declarations that outline what I intend to implement. Change comments. Add EC_GROUP_new_GFp prototype. Add BN_CTX arguments where appropriate. New function declarations. 'is_at_infinity' tests don't need a BN_CTX. Change obj_... generation so that it does not generate rubbish or abort with errors if no name is defined for some object, which was the case for 'pilotAttributeType 27'. Add a few 'const's Implement dispatcher for EC_GROUP and EC_POINT method functions. Fix ERR_R_... problems. In clear_free, clear the complete structure just in case the method misses something. Oops ... extra_data 'mixin'. (This will be used for Lim/Lee precomputation data.) The next bunch of vaporware. Optimized EC_METHODs need specific 'set_curve' and 'free' functions. ..._init functions are method-specific too (they can't do much useful, but they will have to set pointers to NULL) Some actual method functions (not enough yet to use the EC library, though), including EC arithmetics derived from Lenka Fibikova's code (with some additional optimizations). More method functions. More method functions for EC_GFp_simple_method. More 'TODO' items. Let EC_POINT_copy do nothing if dest==src Get rid of '#define ERR_file_name __FILE__', which is unnecessary indirection. (It cannot possibly help to avoid duplicate 'name of file' strings in object files because the preprocessor does not work at object file level.) Order ERR_load_... calls like the stuff in err.h. Integrate ectest.c (which does not yet do anything). Sort openssl.ec, the configuration file for mkerr.pl. Throw out *all* absolute pathnames, not matter what they look like. The filenames we are interested in for Makefile dependencies are always relative. Integrate ec_err.[co]. Constify BN_value_one. avoid compiler warning Hide BN_CTX structure details. Comment Bugfix: previously the serial number file could turn negative because an incompletely initialized ASN1_INTEGER was used. More method functions for elliptic curves, and an ectest.c that actually tests something. Fixes to make 'no-ec' work (it should not turn 'objects' into 'objts' for example) Implement EC_GFp_mont_method. Avoid problems with multi-line NAME sections. add ssl23_peek ssl23_peek Fix ec_GFp_simple_cmp. Consistently use 'void *' for SSL read, peek and write functions. Workaround for solaris64 linking problem (explicit "ar rs" is needed to create a symbol table). Instead of telling both 'make' and the user that ranlib errors can be tolerated, hide the error from 'make'. This gives shorter output both if ranlib fails and if it works. More EC stuff, including EC_POINTs_mul() for simultaneous scalar multiplication of an arbitrary number of points. Remove files from Lenka's EC implementation. comment and error code update Change timing output: We don't have "exponents" here, curves are considered additive use fflush handle negative scalars correctly when doing point multiplication Add functions EC_POINT_mul and EC_GROUP_precompute. The latter does nothing for now, but its existence means that applications can request precomputation when appropriate. Timings are not supposed to be enabled by default ... Forcibly enable memory leak checking during "make test" EC_METHOD based on bn_mont2 (not used in the library) Add various X9.62 OIDs. (GF(2^n) mostly left out.) Rename function EC_GROUP_precompute to EC_GROUP_precompute_mult, which indicate its purpose more clearly. fix memory leak in err.c Use err_clear_data macro typo Fix: return 0 if no error occured. The former ULTRASPARC preprocessor symbol is now called OPENSSL_SYSNAME_ULTRASPARC, so we'd better check for that one More error_data memory leaks error codes are longs, not ints avoid infinite loop Completely remove mont2 stuff. It does not appear to be faster than the current Montgomery code except for very small moduli (somewhere between 192 and 224 bits in a 64-bit Sun environment, and even less than 192 bits on 32 bit systems). Explicitly ignore the exit code of ./bctest. Usually the shell ignores it anyway in command substitution, but Ultrix reportedly aborted the test when bctest returned 1. Update. Table for window sizes. Increase boundaries in EC_window_bits_for_scalar_size table. Tag EC_GFp_{nist,recp}_method as "NOEXIST" because they have not yet been implemented. Update docs. Harmonize CHANGES and STATUS files between the 0.9.6a branch and the trunk to keep diffs small. Add missing '#ifndef OPENSSL_NO_DSA'. Fix bctest, and add a workaround that should solve the problem with FreeBSD's /bin/sh. News for 0.9.6a. For -WWW, fix test for ".." directory references (and avoid warning for index -1). this time *really* fix the /../ check ... avoid buffer overflow This change should be suitable as a workaround for the Solaris x86 compiler bug reported in <01032110293775.22278 at weba3.iname.net> (the '++seq[i]' condition is evaluated as 256 rather than 0 when the previous value is 255). Make sure OPENSSL_SYS_... is defined when we need it. Fix warnings. don't use shell functions Don't use 'tt' uninitialized when reporting an error (we don't have an ASN1_TEMPLATE to complain about at this stage, so errtt == NULL should be OK) Avoid assert() in the library. '||', '&&' and 'test -x' apparently don't work on Ultrix; also 'test' appears to be available as '[' only in 'if' conditions. avoid '||' since Ultrix apparently doesn't understand it binary algorithm for modular inversion code documentation comment update (0.9.6a) Adjust BN_mod_inverse algorithm selection according to experiments on Ultra-Sparcs (both 32-bit and 64-bit compilations) Mention automatically queried EGD sockets (OpenSSL 0.9.7). Add information on 0.9.6a (in a form such that the list can be verified by looking at 'diff -u ../openssl-0.9.6a/CHANGES CHANGES') update from 0.9.6a undo previous change ... update so that changes going into the 0.9.6 tree can be logged fix md_rand.c locking bugs typo bctest changes for Ultrix (don't return 1 from bctest, otherwise make aborts) .rnd issues fix an old entry restore change undone in 1.831 (apparently by accident) increase DEFAULT_BUFFER_SIZE (4K instead of just 1K) Fix Bleichenbacher PKCS #1 1.5 countermeasure. (The attack against SSL 3.1 and TLS 1.0 is impractical anyway, otherwise this would be a security relevant patch.) when checking OAEP, signal just a single kind of 'decoding error' OAEP fix Earlier OpenSSL versions printed prompts to stderr. In the new crypto/ui/, this was changed into tty (which is usually /dev/tty), i.e. the FILE * used for reading passwords from the user. However stdio buffering for read/write streams is not without pitfalls (passwords would be echoed on some systems). To avoid problems, split tty into tty_in and tty_out (which are opened separately). Add directory name to the entry on /crypto/ui/. even use of default engines leaks memory For MSDOS, the tty filename still is "con", not "/dev/tty" ... pay attention to blocksize before attempting decryption Translate into valid C (don't call functions with wrong prototypes). DSA verification should insist that r and s are in the allowed range. Entry for Andy's mips3.s fix. Call ENGINE_cleanup() to avoid memory leak. Engine memory leaks have been fixed by now. Align with 0.9.6-stable CHANGES file, and make some corrections. Precomputation will not necessarily be LIm-Lee precomputation. In version numbers, there is just one "M" nybble. Fix PRNG. comment change For consistency with the terminology used in my SAC2001 paper, avoid the term "simultaneous multiplication" (which -- acording to the paper, at least -- applies only to certain methods which we don't use here) Avoid race condition. avoid warnings add a comment always reject data >= n md_rand.c thread safety Don't preserve existing keys in DH_generate_key. DH key generation should not use a do ... while loop, or bogus DH parameters can be used for launching DOS attacks Undo DH_generate_key() change: s3_srvr.c was using it correctly length of secret exponent is needed only when we create one remove a comma Reinsert typedef'ed names for structs to help those trying to read the sourcecode (including fgrep) More typedef'd struct names as search targets Bugfix: larger message size in ssl3_get_key_exchange() because ServerKeyExchange message may be skipped. add missing link rearrange #includes because trying to include is a bad idea if OPENSSL_OPENBSD_DEV_CRYPTO is not defined Use uniformly chosen witnesses for Miller-Rabin test (by using new BN_pseudo_rand_range function) Rename recently introduced functions for improved code clarity: [DR]SA_up => [DR]SA_up_ref delete redundant ERR_load_CRYPTO_strings() prototype OpenSSL copyright notices ... CHANGES should list all API changes relevant for applications (here: X509_STORE_CTX_init()) changing something requires a write lock, not a read lock Now that we have ERR_unload_strings(), ERR_load_ERR_strings() must always load its strings because they might have been unloaded since the 'init' flag was deleted. typo Solaris does not declare 'strdup' if _XOPEN_SOURCE is defined. -mcpu=i486 vs. -m486 ... Oops, wrong line Oops^2: It was the correct line, but an incorrect change. Renaming DH_up to DH_up_ref does not warrant a CHANGES entry of its own as the functions were only introduced a couple of days ago. Mention DSO_up => DSO_up_ref renaming fix formatting so that the file can be view with any tab-width improve OAEP check Totally get rid of CRYPTO_LOCK_ERR_HASH. Avoid strdup. The various hash #includes in rand_lcl.h *are* needed despite is now used (MD_DIGEST_LENGTH definitions!). No need to include such headers directly in md_rand.c. Fix apps/openssl.c and ssl/ssltest.c so that they use CRYPTO_set_mem_debug_options() instead of CRYPTO_dbg_set_options(), which is the default implementation of the former and should usually not be directly used by applications (at least if we assume that the options accepted by the default implementation will also be meaningful to any other implementations). Delete pointless casts copyright Get rid of hazardous EVP_DigestInit_dbg/EVP_DigestInit case distinction (which does not work well because if CRYPTO_MDEBUG is defined at library compile time, it is not necessarily defined at application compile time; and memory debugging now can be reconfigured at run-time anyway). To get the intended semantics, we could just use the EVP_DigestInit_dbg unconditionally (which uses the caller's __FILE__ and __LINE__ for memory leak debugging), but this would make memory debugging inconsistent. Instead, callers can use CRYPTO_push_info() to track down memory leaks. Get rid of hazardous EVP_DigestInit_dbg/EVP_DigestInit case distinction (which does not work well because if CRYPTO_MDEBUG is defined at library compile time, it is not necessarily defined at application compile time; and memory debugging now can be reconfigured at run-time anyway). To get the intended semantics, we could just use the EVP_DigestInit_dbg unconditionally (which uses the caller's __FILE__ and __LINE__ for memory leak debugging), but this would make memory debugging inconsistent. Instead, callers can use CRYPTO_push_info() to track down memory leaks. typo Update so that progs.h can indeed be automatically generated add AES ciphers exclude disabled message digests avoid warning ('const' discarded) fix memory leak restore previous revision -- memory leak should be fixed in mem.c remove an old comment fix memory leak (I think) While ispell may not like it, "cancelling" may be spelt with two "l"s ex_data situation is no longer that bad update add 'release showstopper' entry avoid "statement not reached" warning add details Get rid of junk (deleted/renamed function) by rebuilding based on 0.9.6 tree. add comment Another demo. Change Makefile so that it works without any additional changes at least on Solaris comments Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't reveal whether illegal block cipher padding was found or a MAC verification error occured. fix ssl3_accept: don't call ssl_init_wbio_buffer() in HelloRequest case make update New function SSL_renegotiate_pending(). New option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION. Bugfix: correct cleanup after sending a HelloRequest Disable session related stuff in SSL_ST_OK case of ssl3_accept if we just sent a HelloRequest. bugfix: handle HelloRequest received during handshake correctly crypto/idea and crypto/rijndael were missing in the list of directories that may have been deleted The 'no-rijndael' option must define OPENSSL_NO_AES because that is what we look for in crypto/evp. avoid everything resembling a magic trigraph ignore binary comment 'openssl speed' does not include AES support yet 'openssl rsa' etc. should include AES support in addition to DES the previous commit accidentily removed 'ret = 1' from the SSL_ST_OK case of ssl3_accept Fix ssl3_get_message handle message fragmentation correctly. make sure .rnd exists Change ssl3_get_message and the functions using it so that complete 'Handshake' protocol structures are kept in memory, including 'msg_type' and 'length'. For consistency, set s->init_num in the 'reuse_message' case (if s23_srvr.c faked the message, s->init_num is 0). The message header for fake SSL 3.0/TLS 1.0 client hellos created from SSL 2.0 client hellos added with the previous commit was totally wrong -- it must start with the message type, not the protocol version. (Not that this particular header is actually used anywhere ...) Add per-SSL 'msg_callback' with 'msg_callback_arg'. Both have per-SSL_CTX defaults. These new values can be set by calling SSL[_CTX]_[callback_]ctrl with codes SSL_CTRL_SET_MSG_CALLBACK and SSL_CTRL_SET_MSG_CALLBACK_ARG. document SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION gcc complained about "write" being shadowed even though the "write" variable name occured just in a function *prototype* -- so rename it New functions SSL[_CTX]_set_msg_callback(). New macros SSL[_CTX]_set_msg_callback_arg(). Call msg_callback with correct length parameter if ssl3_write_bytes had to be called multiple times Fix memory leak. Fix SSL handshake functions and SSL_clear() such that SSL_clear() never resets s->method to s->ctx->method when called from within one of the SSL handshake functions. Assume TLS 1.0 when ClientHello fragment is too short. Consistency with s2_... and s23_... variants (no real functional change) filenames are des_old.[ch], not des.comp* Add '-noemailDN' option to 'openssl ca'. This prevents inclusion of the e-mail address in the DN (i.e., it will go into a certificate extension only). The new configuration file option 'email_in_dn = no' has the same effect. mention des_old.h remove redundant definitions that are also in des.h Like MD_Init, MD now must include a NULL engine pointer in its definition. disable caching in BIO_gethostbyname Consistency fix in BUF_MEM_grow: Initialise to zero when new memory had to be allocated, not just when reusing the existing buffer. Note BUF_MEM_grow() consistency fix. Don't define _REENTRANT here in e_os.h. On systems where we need _REENTRANT if threads support is enabled, the ./Configure entry must define it so that it ends up in CFLAG. clarify cast to 'unsigned long' before using ~ if we need an unsigned long result adjust to OpenSSL_0_9_6-stable version 2001, not 2000 Implement msg_callback for SSL 2.0. more output for SSL 2.0 in our msg_callback msg_callback documentation remove incorrect 'callback' prototype make code a little more similar to what it looked like before the fixes, call ssl2_part_read again to parse error message Order chronologically: move entry for recent s2_clnt.c/s2_srvr.c fixes (nearly) to the top. add changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c the PRNG race conditions were mostly a theoretical issue, remove from NEWS Add unixware-7-gcc as in 0.9.6 branch (except that we need a 'sys_id' field here, which is left empty). information on 0.9.6c-engine synchronise with 0.9.6 stable branch consistency between main branch and stable branch cast to unsigned int, not to int to avoid the warning -- all these values really are unsigned remove obsolete entry Improve EC efficiency. comments etc. use a more interesting test case comment avoid stupid compiler warning wNAFs use does not bring that much performance on Sparcs (where elliptic curves are are relatively faster than on PCs anyway) comment OS/390 support check OPENSSL_NO_... before including header files that might be disabled fix submitted by Andy Schneider (in main branch, hn_ncipher.c is already correct) info on 0.9.6 engine branch For future portability reasons MIT is moving all macros to function calls. This patch allows compilation either way. discuss -name and default_ca more correctly (I hope) Fix: 2.5.29 is "id-ce", not "ld-ce" (sort of a typo in objects.h). crypto/objects stuff fix warnings (one of them was clearly justified) fix BN_rand_range consistency with 0.9.6 stable "CHANGES" remove redundant ERR_load_... declarations oops formatting consistency update FAQ and CHANGES file (0.9.6c has been released) fix EVP_CIPHER_mode macro add automatically generated ERR_load_... prototype Changes that break something should be included in CHANGES to make it easier to fix things. fix 'Configure TABLE' output synchronize with engine-0.9.6 tree add documentation for SSLeay_version(SSLEAY_DIR) and 'openssl version -d' add a sentence previously deleted by accident Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c) if the SSL_R_LENGTH_MISMATCH error is detected. Bugfix: In ssl3_accept, don't use a local variable 'got_new_session' to indicate that a real handshake is taking place (the value will be lost during multiple invocations). Set s->new_session to 2 instead. run test_evp before test_ssl disable broken code Reword CHANGES entry for _old_des_..., as it was a little complicated syntactically. New functions ERR_peek_last_error ERR_peek_last_error_line ERR_peek_last_error_line_data (supersedes ERR_peek_top_error). fix formatting of automatically generated error section sort functions ... Undo previous change, X509_check_issued() was correct. [See Message-ID: <3BB07999.30432AD2 at celocom.com> Date: Tue, 25 Sep 2001 13:33:29 +0100 From: Dr S N Henson To: openssl-dev at openssl.org Subject: Re: Error in v3_purp.c ] add a wish We should implement a countermeasure against the predictable-IV CBC weakness in SSL/TLS add support for named curves new locks some modifications to named curve support ECDSA support EC_GROUP_get_group_by_name() is now called EC_GROUP_new_by_name() don't call OPENSSL_config(), this does not make any sense during "make test" move ECDSA test right after EC test fix memory leak fix '-C' '-C' is still quite broken make it possible to disable memory checking for timings fix indentation bugfix: allocate sufficiently large buffer typo simplifications disable '#ifdef DEBUG' sections disable '#ifdef DEBUG' sections Add 'void *' argument to app_verify_callback. use ERR_peek_last_error() instead of ERR_peek_error() to ignore any other errors that may be left in the error queue use ERR_peek_last_error() instead of ERR_peek_error() '#if OPENSSL_VERSION_NUMBER >= ...' to document the recent change disable '#ifdef DEBUG' code more X9.62 OIDs fix 'ecdsaparam -C' output typo fix printf call fix 'ecdsaparam -C' Rephrase statement on the security of two-key 3DES. reference counting for EC_GROUP structures is not needed (at the moment at least), so remove it add SECG OIDs Add more curves. Submitted by: Nils Larsch fix spacing EC curve stuff asm/mips3.o problems use BIO_nwrite() more properly to demonstrate the general idea of BIO_nwrite0/BIO_nwrite (the previous code was OK for BIO pairs but not in general) Fixes for 'no-hw' combined with 'no-SOME_CIPHER'. Fix dsaparam usage output. add OIDs for WAP/TLS curves fix ssl3_pending Rename 'cray-t90-cc' into 'cray-j90'. Add to 'config'. fix #include position Fix bugs and typos. Add some WTLS curves. New function EC_GROUP_check() (this will probably be implemented differently soon). Fix typo. New function EC_GROUP_check_discriminant(). Restructure implementation of EC_GROUP_check(). fix DH_generate_parameters for general 'generator' fix conditational compilation for OPENSSL_NO_... add missing declaration fix memory leak fix warnings add usage examples fix ECDSA handling harmonize capitalization ECDSA representation bugfixes clean up and synchronize with 0.9.6-stable looks like a typo Implement known-IV countermeasure. fix length field we create when converting SSL 2.0 format into SSL 3.0/TLS 1.0 format (the bug was introduced with message callback support) remove disabled code get rid of some assignments that have become obsolete check return values 'version' is not optional in the encoding 'version' is not optional in the encoding fix usage (no 'key') AlgorithmIdentifier bugs oops new items for 0.9.7 Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not encoded as NULL) with id-dsa-with-sha1. undo nonsense patch (r *is* signed or we have signedness mismatches elsewhere) fix casts disable AES ciphersuites unless explicitly requested improve wNAF generation update fix warning refer to latest draft for AES ciphersuites ensure that, for each strength, RC4 ciphers have least preference in the default ciphersuite list Fix ciphersuite list to enforce low priority for RC4. in SignerInfo, use ecdsa-with-SHA1 OID for ECDSA (not ecPublicKey) Change internals of the EC library so that the functions EC_GROUP_{set_generator,get_generator,get_order,get_cofactor} are implemented directly in crypto/ec/ec_lib.c and not dispatched to methods. make b_print.c consistent with the rest of OpenSSL: disable assert() except for debug builds update fix EVP_dsa_sha macro accept NULL in 'free' functions fix Cygwin (remove extra colons) New functions EC_POINT_point2bn(), EC_POINT_bn2point(), EC_POINT_point2hex(), EC_POINT_hex2point() fix memory leak remove unnecessary calls to EC_POINT_copy() fix for 'make update' move ECC ASN1 that is not specific to ECDSA into crypto/ec/, and make some appropriate changes to the EC library. move ECC ASN1 that is not specific to ECDSA into crypto/ec/, and make some appropriate changes to the EC library. simplify asn1_flag typo New option SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS for disabling CBC vulnerability workaround (included in SSL_OP_ALL). typo Implement handling of EC parameter seeds (new functions EC_GROUP_set_seed(), EC_GROUP_get0_seed(), EC_GROUP_get_seed_len()). always include (we do this in various other header files, so it can't be bad) always include (we do this in various other header files, so it can't be bad) update an entry on EVP changes Make sure buffers are large enough even for weird parameters AES cipher suites are now official (RFC3268) emtpy fragments are not necessary for SSL_eNULL (but noone uses it anyway) fix synopsis remove obsolete comment Replace 'ecdsaparam' commandline utility by 'ecparam' (the same keys can be used for ECC schemes other than ECDSA) and add some new options. Fix bug introduced with revision 1.95 when this filed was modified to use the new X509_CRL_set_issuer_name() function: The CRL issuer should be X509_get_subject_name(x509), not X509_get_issuer_name(x509). update add an explanation and fix a typo fix a typo and clarify harmonize options with those for 'ecparam', remove redudant option '-pub' more detailed instructions for export from US Move zeroing from bn_expand_internal() to bn_expand2() so that it happens reliably, even if the BIGNUM is already sufficiently large. Use SEC1 format for EC private keys. This is not ECDSA specific, so it's now PEM_STRING_ECPRIVATEKEY etc. mention SSL_do_handshake() get rid of OpenSSLDie New error code ERR_R_DISABLED Add more WAP/WTLS elliptic curve OIDs. Binary field arithmetic contributed by Sun Microsystems. The 'OPENSSL_NO_SUN_DIV' default is still subject to change, so I didn't bother to finish the CHANGES entry yet. extend curve list (additional curves over binary fields) add support for elliptic curves over binary fields there is no alternative EC_METHOD for curves over GF(2^m) (yet) ec2_smpt.c must be listed in LIBSRC typos Rename implementations of method functions so that they match the new method names where _GF... suffixes have been removed. move GF2m tests to the end Change BN_mod_sqrt() so that it verifies that the input value is really the square of the return value. update Let BN_rand_range() abort with an error after 100 iterations without success. remove obsoleted disabled code remove obsolete part of comment typo optical changes fix bn_expand2 disable Sun divison algorithm by default use bn_wexpand instead of bn_expand2 (the latter is not needed here, and it does not yet work correctly) fix bn_expand2 oops, undo previous change (was just for testing) oops -- must use EVP_MD_size, not EVP_MD_block_size avoid SIGSEGV use a generic EC_KEY structure (EC keys are not ECDSA specific) Add ECDH support. ECC ciphersuite support ECDH engine support use 0, not NULL add field type to text output don't print seed value as a number (leading zeros must not be removed) fix warnings make update .cvsignore for crypto/ecdh add 0.9.6g information get rid of EVP_PKEY_ECDSA (now we have EVP_PKEY_EC instead) fix comment remove debug messages remove comment fix previous commit (there's no SSLEAY_VERSION_TEXT) Scripts for testing ECC ciphersuites. add 'TODO' items move a TODO from CHANGES to STATUS change how pod2man is handled: explicitly invoke '$PERL' only when needed, call 'pod2man' directly if this works Simplify handling of named curves: get rid of EC_GROUP_new_by_name(), EC_GROUP_new_by_nid() should be enough. This avoids a lot of redundancy. add crypto/ecdh fix manpage fix warnings (CHARSET_EBCDIC) use correct function code in error message 'EC' vs. 'ECDSA' typo ecdsa => ec fix offsets ASN1 for binary curves move EC_GROUP_get_basis_type() from ec_lib.c to ec_asn1.c fix spacing less specific interface for EC_GROUP_get_basis_type change 'usage' formatting don't write beyond buffer don't memset(data,0,...) if data is NULL change API for looking at the internal curve list mention EC_get_builtin_curves() -nameopt fix has been moved to 0.9.7 Let 'openssl req' fail if an argument to '-newkey' is not recognized instead of using RSA as a default. 1. switch from "-newkey ecdsa:..." to "-newkey ec:..." 2. automatically create required sub-directories add URL for Internet Draft make sure 'neg' flag (which does not really matter for GF(2^m), but could cause confusion for ECDSA) is set to zero fix race condition there is no minimum length for session IDs really fix race condition really fix race conditions fix more race conditions synchronize with 0.9.7-stable version of this file change Emacs indentation style to make it easier to insert tabs manually I don't like c-tab-always-indent ... fix warnings, and harmonize indentation remove superfluous code fast reduction for NIST curves clean up new code for NIST primes 'broken' PKCS #8 format does not apply to ECDSA increase permissible message length so that we can handle CertificateVerify for 4096 bit RSA signatures 'covenant HOWTO' (what to do about the Sun covenant if you modify the code) Sun has agreed to removing the covenant language from most files. avoid warnings ('index' shadows global declaration) implement and use new macros BN_get_sign(), BN_set_sign() fix typo avoid Purify warnings print less output (no details unless a test failed) corrections to built-in curves do tests with all built-in curves remove unused old directory crypto/rijndael (superseded by crypto/aes) disable weird assert()s use new BIO_indent() function here as well fix output harmonize with 0.9.7 tree this method does not need field_data1 allocate bio_err before memory debugging is enabled to avoid memory leaks (we can't release it before the CRYPTO_mem_leaks() call!) fix memory leak in memory debuggin code ... use consistent order of function definitions remove redundant functions allocate bio_err before memory debugging is enabled to avoid memory leaks (we can't release it before the CRYPTO_mem_leaks() call!) Make ec_GFp_simple_point_get_affine_coordinates() faster for Montgomery representations. avoid uninitialized memory read add a comment rename some functions to improve consistency Don't compute timings here, we can do this elsewhere. Include X9.62 signature examples. In ECPKParameters_print, output the private key length correctly (length of the order of the group, not length of the actual key, which will be shorter in some cases). typo Typo. document BN_GENCB API by adding an example add something to the '$no_shared_warn' text undo part of a recent change: it's "surname", not "surName" (see X.520 aka ISO/IEC 9594-6) "!Cname surname" has now become redundant ... update error library for EC... changes avoid potential confusion about curves (prime192v1 and prime256v1 are also known as secp192r1 and secp256r1, respectively) fix warnings For ecdsa-with-SHA1, as for id-dsa-with-sha1, omit 'parameters' in AlgorithmIdentifier consistency cofactor is optional in parameter encodings simplify Update PRNG entry: - OpenSSL version differences - Sun /dev/urandom patch information typo SSL_add_dir_cert_subjects_to_stack now exists for WIN32 typo in WIN16 section implement fast point multiplication with precomputation typo comment remove debugging leftovers avoid coredump fix EC_GROUP_copy for EC_GFp_nist_method() first section is now "Changes between 0.9.7a and 0.9.8", not "... 0.9.7 and 0.9.8" comments Allow EC_GROUP objects to share precomputation for improved memory efficiency (EC_PRE_COMP objects are now constant once completed). new lock for EC_PRE_COMP structures make update Remove "+Olibcalls" option from HPUX targets. typo ECPublicKey_set_octet_string and ECPublicKey_get_octet_string behaviour was not quite consistent with the conventions for d2i and i2d functions as far as handling of the 'out' or 'in' pointer is concerned. treat 'out' like i2d functions do; cf. asn1_item_flags_i2d (crypto/asn/tasn_enc.c) include OpenSSL license (in addition to EAY license) year 2003 add Certicom licensing e-mail address use tabs for indentation, not spaces memset problem has been handled - new ECDH_compute_key interface (KDF is no longer a fixed built-in) - bugfix: in ECDH_compute_key, pad x coordinate with leading zeros if necessary fix formatting countermeasure against new Klima-Pokorny-Rosa atack make sure RSA blinding works when the PRNG is not properly seeded; enable it automatically for the built-in engine remove patch ID (which is supposed to appear in patched variants of old OpenSSL releases, but not in new releases) make RSA blinding thread-safe include 'Changes between 0.9.6i and 0.9.6j' fix typo implement PKCS #8 / SEC1 private key format for ECC manpages for 'openssl ec' and 'openssl ecparam' new function EC_GROUP_cmp() (used by EVP_PKEY_cmp()) fix: 0.9.7 is based on 0.9.6h, not on 0.9.6k tolerate extra data at end of client hello for SSL 3.0 add test for secp160r1 add code for kP+lQ timings updates for draft-ietf-tls-ecc-03.txt add OpenSSL license make sure no error is left in the queue that is intentionally ignored fix out-of-bounds check in lock_dbg_cb (was too lose to detect all invalid cases) certain changes have to be listed twice in this file because OpenSSL 0.9.6h forked into 0.9.6i and 0.9.7 ... - update from current 0.9.6-stable CHANGES file - update from current 0.9.7-stable CHANGES file: BIS correction/addition improve wording Change ./Configure so that certain algorithms can be disabled by default. This is now the case for RC5. In addition to RC5, also exclude MDC2 from compilation unless the algorithm is explicitly requested. Take MDC2 patent into account. Fix typo fix potential memory leak when allocation fails It seems that Configure revision 1.404 broke "make depend" by hiding from it which algorithms were disabled. With these new changes, "make depend" will properly take into account algorithms that are skipped. "make depend". This takes into account the algorithms that are now disabled by default (MDC2 and RC5), which until now were skipped by "make links" and yet supposedly required by some of the Makefiles, meaning that the recent snapshots failed to compile. Harmonize with CHANGES as distributed in OpenSSL 0.9.7f. HISTORY section: point out change of default digest This is a collection of those CVS change log entries for the 0.9.7 branch (OpenSSL_0_9_7-stable) that do not appear similarly in 0.9.8-dev (CVS head). first step to melt down ChangeLog.0_9_7-stable_not-in-head :-) bring up-to-date add recent changes; now this file is up-to-date remove some false positives remove extra whitespace; fix link update fix editing error, and remove a false positive remove some more changes that came from HEAD remove some more false positives remove some more false positives Sort out changes in FIPS and other changes, collected in separate files. (Also remove another "make update".) Remove some more entries that are false positives, or have been resolved by recent commits. Use OPENSSL_NO_CAST, not OPENSSL_NO_CAST5 in e_old.c move some more entries into FIPS file make update some more false positives to remove fix SSLerr stuff for DTLS1 code; move some functions from exported header into "ssl_locl.h"; fix silly indentation (a TAB is *not* always 4 spaces) make update remove some functions from exported headers let mkdef.pl know about OPENSSL_NO_DGRAM (which appears in the new file crypto/bio/bss_dgram.c) take OPENSSL_NO_DGRAM into account (via make update) Fix various incorrect error function codes. "PS" to Steve's commit (Port prime utility across from stable branch). util/mk1mf.pl issues have been resolved there's no such thing as Makefile.ssl anymore give EC_GROUP_*_nid functions a more meaningful name EC_GROUP_get_nid -> EC_GROUP_get_curve_name EC_GROUP_set_nid -> EC_GROUP_set_curve_name improve comment readability rebuild (starting with state from 0.9.7-stable branch) to avoid clutter Update util/ck_errf.pl script, and have it run automatically during "make errors" and thus during "make update". Fix more error codes. Move some entries from ChangeLog.0_9_7-stable_not-in-head to ChangeLog.0_9_7-stable_not-in-head_FIPS. Don't use the SSL 2.0 Client Hello format if SSL 2.0 is disabled with the SSL_OP_NO_SSLv2 option. Move another item into ChangeLog.0_9_7-stable_not-in-head_FIPS fix msg_callback() arguments for SSL 2.0 compatible client hello (previous revision got this wrong) make update rebuild to synchronize with additions to 0.9.7 branch Implement fixed-window exponentiation to mitigate hyper-threading timing attacks. Change wording for BN_mod_exp_mont_consttime() entry fix memory leak (BIO_free_all needs pointer to first BIO) check BN_copy() return value make sure DSA signing exponentiations really are constant-time Use BN_with_flags() in a cleaner way. avoid potential spurious BN_free() recent DH change does not avoid *all* possible small-subgroup attacks; let's be clear about that correct+extend publication info new option "openssl ciphers -V" harmonize with 0.9.7-stable and 0.9.8-stable variants of CHANGES fix stupid typo Add fixes for CAN-2005-2969. (This were in 0.9.7-stable and 0.9.8-stable, but not in HEAD so far.) deFUDify: don't require OPENSSL_EC_BIN_PT_COMP disable some invalid ciphersuites deFUDify: don't require OPENSSL_EC_BIN_PT_COMP comment update TLS-ECC code Rewrite timeout computation in a way that is less prone to overflow. Support TLS extensions (specifically, HostName) C style fix-up Make sure that after the change from revision 1.261, it's still possible to do a partial build. Various changes in the new TLS extension code, including the following: - fix indentation - rename some functions and macros - fix up confusion between SSL_ERROR_... and SSL_AD_... values Add names for people who provided the TLS extension patch. Fixes for TLS server_name extension complete and correct RFC3546 error codes make sure that the unrecognized_name alert actually gets sent prepare for additional RFC3546 alerts There's no such things as DTLS1_AD_MISSING_HANDSHAKE_MESSAGE. For now, anyway. Some error code cleanups (SSL lib. used SSL_R_... codes reserved for alerts) include max. codes in debug output Detect SSL error code mishandling. Detect more errors. Change assignment strategy: rathern than using max+r for new codes, find first hole in list of existing codes. Avoid contradictive error code assignments. "make errors". Further TLS extension updates More TLS extension related changes. improvements for alert handling Further TLS extension improvements move new member of SSL_SESSION to the end (minimize changes to binary format) clarification Implement the Supported Point Formats Extension for ECC ciphersuites udpate Supported Point Formats Extension code fix sign problems Simplify ASN.1 for point format list Implement cipher-suite selection logic given Supported Point Formats Extension. Change default curve (for compatibility with a soon-to-be-widely-deployed implementation that doesn't support the previous default) Implement Supported Elliptic Curves Extension. fix for hostname extension fix memory leak Avoid hard-coded table length where we can use sizeof. simplify: use s2n macro check length properly clarification Remove ECC extension information from external representation of the session -- we don't really need it once the handshake has completed. Camellia cipher, contributed by NTT Camellia cipher, contributed by NTT Camellia cipher, contributed by NTT Fix a bug recently introduced when updating this file to use the new keygen API: make sure that 'pkey_type' is actually visible to MAIN(). Thread-safety fixes Make sure that AES ciphersuites get priority over Camellia ciphersuites in the default cipher string. Ciphersuite string bugfixes, and ECC-related (re-)definitions. Disable invalid ciphersuites Oops ... deleted too much in the previous commit when I deleted the Fortezza stuff Fix another bug introduced yesterday when deleting Fortezza stuff: make sure 'mask' is initialized in ssl_cipher_get_disabled(). Fix another new bug in the cipherstring logic. Fix algorithm handling for ECC ciphersuites: Adapt to recent changes, and allow more general RSA OIDs for ECC certs with RSA CA sig. Call 'print_stuff' even if a handshake failed. Error messages for client ECC cert verification. another thread-safety fix Change array representation of binary polynomials to make GF2m part of the BN library more generally useful. Remove ECC ciphersuites from 0.9.8 branch (should use 0.9.9 branch) Change in 0.9.8 branch: Put ECCdraft ciphersuites back into default build (but disabled unless specifically requested) New functions CRYPTO_set_idptr_callback(), CRYPTO_get_idptr_callback(), CRYPTO_thread_idptr() for a 'void *' type thread ID, since the 'unsigned long' type of the existing thread ID does not always work well. always read in RAND_poll() if we can't use select because of a too large FD: it's non-blocking mode anyway use as by Single Unix Specification documentation for "HIGH" vs. "MEDIUM" was not up-to-date Camellia information New Camellia implementation (replacing previous version) Camellia IPR information Every change so far that is in the 0.9.8 branch is (or should be) in HEAD Make consistent with 0.9.8-branch version of this file Remove non-functional part of recent patch, after discussion with Colin Percival (this would have caused more problems than solved, and isn't really necessary anyway) update information on "current version" ... Make sure the int_rsa_verify() prototype matches the implementation (m_len currently is 'unsigned int', not 'size_t') ensure that ciphersuite strings such as "RC4-MD5" match the SSL 2.0 ciphersuite as well Update Ensure that the addition mods[i]+delta cannot overflow in probable_prime(). include 0.9.8d and 0.9.7l information Introduce limits to prevent malicious keys being able to cause a denial of service. (CVE-2006-2940) [Steve Henson, Bodo Moeller] All 0.9.8d patches have been applied to HEAD now, so we no longer need the redundant entries under the 0.9.9 heading. ASN1_item_verify needs to initialize ctx before any "goto err" can happen; the new code for the OID cross reference table failed to do so. fix support for receiving fragmented handshake messages Fix the BIT STRING encoding of EC points or parameter seeds (need to prevent the removal of trailing zero bits). Reorganize the data used for SSL ciphersuite pattern matching. This change resolves a number of problems and obviates multiple kludges. A new feature is that you can now say "AES256" or "AES128" (not just "AES", which enables both). fix incorrect strength bit values for certain Kerberos ciphersuites fix warnings/inconsistencies caused by the recent changes to the ciphersuite selection code in HEAD fix warnings for CIPHER_DEBUG builds Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that a ciphersuite string such as "DEFAULT:RSA" cannot enable authentication-only ciphersuites. fix a typo in the new ciphersuite ordering code Improve ciphersuite order stability when disabling ciphersuites. Change ssl_create_cipher_list() to prefer ephemeral ECDH over ephemeral DH. SSL_kKRB5 ciphersuites shouldn't be preferred by default delete obsolete comment prefer SHA1 over MD5 (this affects the Kerberos ciphersuites) Fix incorrect substitution that happened during the recent ciphersuite selection remodeling use 2007 copyright for generated files include complete 0.9.7 history include release date of 0.9.8e clarification regarding libdes files stricter session ID context matching Change to mitigate branch prediction attacks make BN_FLG_CONSTTIME semantics more fool-proof don't violate the bn_check_top assertion in BN_mod_inverse_no_branch() fix error codes Add SEED encryption algorithm. All ciphersuites should have a strength designator. remove leftover from editing ... fix function codes for error Fix crypto/ec/ec_mult.c to work properly with scalars of value 0 document -S and -nopad options in usage information Make sure that BN_from_montgomery keeps the BIGNUMS in proper format Clean up error codes a bit. (engines/ccgost/ remains utter chaos, though; "make errors" is not happy.) fix warning Implement the Opaque PRF Input TLS extension (draft-rescorla-tls-opaque-prf-input-00.txt), and do some cleanups and bugfixes on the way. In particular, this fixes the buffer bounds checks in ssl_add_clienthello_tlsext() and in ssl_add_serverhello_tlsext(). fix length parameter in SSL_set_tlsext_opaque_prf_input() calls properly handle length-zero opaque PRF input values (which are pointless, but still might occur) The hash length check wasn't strict enough, as pointed out by Ernst G Giessmann fix typos Should reject signatures that we can't properly verify and couldn't generate (as pointed out by Ernst G Giessmann) Make sure to set indent-tabs-mode so that we get tabs, not spaces. fix BIGNUM flag handling Montgomery-related minor cleanups/documentation Clarifying comment. Disable code that clearly doesn't currently serve any useful purpose. (Buggy line reported by Matthias Koenig.) Change use of CRYPTO_THREADID so that we always use both the ulong and ptr members. year 2008 grammar From HEAD: From HEAD: sync with 0.9.8 branch Everyone's had a few years to port their favorite additions to 0.9.7 to HEAD (and the 0.9.8 branch). Remove the reminder. avoid potential infinite loop in final reduction round of BN_GF2m_mod_arr() Make sure not to read beyond end of buffer We should check the eight bytes starting at p[-9] for rollback attack detection, or the probability for an erroneous RSA_R_SSLV3_ROLLBACK_ATTACK will be larger than necessary. Fix error codes for memory-saving patch. Mention ERR_remove_state() deprecation, and ERR_remove_thread_state(NULL). fix error function codes sanity check Don't use assertions to check application-provided arguments; and don't unnecessarily fail on input size 0. Some precautions to avoid potential security-relevant problems. Really get rid of unsafe double-checked locking. Note about CVS branch inconsistency. Fix SSL state transitions. oops update comment from 0.9.8 branch From branch OpenSSL_0_9_8-stable: Allow soft-loading engines. Make sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can't enable disabled ciphersuites. symbol deobnoxification warnings (mostly) Implement Configure option pattern "experimental-foo" (specifically, "experimental-jpake"). experimental-foo support for mk1mf.pl. Put back a variable deleted by the previous revision, but used in the code. -hex option for openssl rand For -hex, print just one \n Make CHANGES in CVS head consistent with the CHANGES files in the branches. Constify crypto/cast. Constify crypto/cast. Use properly local variables for thread-safety. Fix X509_STORE locking Always check bn_wexpend() return values for failure (CVE-2009-3245). Fix for "Record of death" vulnerability CVE-2010-0740. Harmonize with OpenSSL_1_0_1-stable version of CHANGES. ECC library bugfixes. New 64-bit optimized implementation EC_GFp_nistp224_method(). This will only be compiled in if explicitly requested (#ifdef EC_NISTP224_64_GCC_128). (formatting error) Patch from PR #1833 was broken: there's no s->s3->new_session (only s->new_session). For better forward-security support, add functions SSL_[CTX_]set_not_resumable_session_callback. Update version numbers C conformity fixes: - Move declarations before statements in all blocks. - Where 64-bit type is required, use it explicitly (not 1l). C conformity fixes: Move declarations before statements in all blocks. More C language police work. Fix error codes. make update CVE-2010-4180 fix (from OpenSSL_1_0_0-stable) fix omissions Assorted bugfixes: - safestack macro changes for C++ were incomplete - RLE decompression boundary case - SSL 2.0 key arg length check Synchronize with 1.0.0 branch OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d) Sync with 1.0.1 branch. (CVE-2011-0014 OCSP stapling fix has been applied to HEAD as well.) Fix the version history: changes going into 1.1.0 that are also going into 1.0.1 should not be listed as "changes between 1.0.1 and 1.0.0". Fix typo. Synchronize with 1.0.1 CHANGES file. Fix error codes. Fix expected DEFFLAG for default config. make update Fix memory leak on bad inputs. (EC)DH memory handling fixes. Fix d2i_SSL_SESSION. Fix session handling. oops Fix OPENSSL_BN_ASM_MONT5 for corner cases; add a test. In ssl3_clear, preserve s3->init_extra along with s3->rbuf. typo Clarify warning Make CTR mode behaviour consistent with other modes: - clear ctx->num in EVP_CipherInit_ex - adapt e_eas.c changes from http://cvs.openssl.org/chngview?cn=19816 for eng_aesni.c Avoid failed assertion in BN_DEBUG builds Oops - ectest.c finds further problems beyond those exposed by bntext.c use -no_ecdhe when using -no_dhe Improve optional 64-bit NIST-P224 implementation, and add NIST-P256 and NIST-P521. (Now -DEC_NISTP_64_GCC_128 enables all three of these; -DEC_NISTP224_64_GCC_128 no longer works.) Fix warnings. Also, use the common Configure mechanism for enabling/disabling the 64-bit ECC code. Fix indentation BN_BLINDING multi-threading fix. "make update" (partial) Fix NPN implementation for renegotiation. (Problem pointed out by Ben Murphy.) Fix BIO_f_buffer(). Update HEAD CHANGES file. Fix ecdsatest.c. Resolve a stack set-up race condition (if the list of compression methods isn't presorted, it will be sorted on first read). Fix for builds without DTLS support. Fix usage indentation Update for 0.9.8s and 1.0.0f, and for 1.0.1 branch. Disable SHA-2 ciphersuites in < TLS 1.2 connections. Enable message names for TLS 1.1, 1.2 with -msg. Oops - didn't mean to change Makefile on previous submit Fix warning. Fix Valgrind warning. Fix EC_KEY initialization race. Carlos Alberto Lopez Perez (4): Fix XMPP code detection on s_client starttls xmpp Fix infinite loop on s_client starttls xmpp Add "xmpp" to the list of supported starttls protocols on s_client manpage Add an "-xmpphost" option to s_client Chris Rorvick (1): doc: Add missing =back directive. Christian Heimes (2): Implement tests for PKCS#5 PBKDF2 HMAC add test case to makefiles Clang via Jeffrey Walton (1): RT3140: Possibly-unit variable in pem_lib.c Claus Assmann (1): RT3268: Fix spelling errors in CHANGES file. Cristian Rodr??guez (1): constify tls 1.2 lookup tables. Daniel Kahn Gillmor (10): Allow "ECDHE" as a synonym of "EECDH" when specifiying ciphers emit "ECDHE" instead of "EECDH" for kX packet trace output use SSL_kECDHE throughout instead of SSL_kEECDH Allow "DHE" and "kDHE" as synonyms of "EDH" and "kEDH" when specifiying ciphers emit "DHE" instead of "edh" for kX packet trace output use SSL_kDHE throughout instead of SSL_kEDH documentation should use "DHE" instead of "EDH" change SSL3_CK_EDH_* to SSL_CK_DHE_* (with backward-compatibility) Replace EDH-RSA-DES-CBC-SHA, etc. with DHE-RSA-DES-CBC-SHA update remaining documentation to move from EDH to DHE Dario B (1): RT3291: Add -crl and -revoke options to CA.pl David Benjamin (3): Check there is enough room for extension. Fix protocol downgrade bug in case of fragmented packets Do not resume a session if the negotiated protocol version does not match the session's version (server). David Gatwood (2): RT1744: SSL_CTX_set_dump_dh() doc feedback RT1744: SSL_CTX_set_dump_dh() doc feedback David Lloyd (1): Prevent infinite loop loading config files. David Ramos (4): Double free in i2o_ECPublicKey Initialise alg. Allocate extra space when NETSCAPE_HANG_BUG defined. Delays the queue insertion until after the ssl3_setup_buffers() call due to use-after-free bug. PR#3362 David Woodhouse (1): Check DTLS_BAD_VER for version number. Dominik Neubauer (1): typo in s_client Doug Goldstein (1): RT2163: Remove some unneeded #include's Dr Stephen Henson (1): Fix d4a4370050f7d72239b92a60ab9d4a2dd5e9fd84 Dr. Stephen Henson (3719): Add extended key usage OID and update STATUS file. Move DSA test in ca.c inside #ifdef and make pubkey BIT STRING always have zero unused bits. Make sure applications free up pkey structures and add netscape extension handling to x509.c Remove one EVP_PKEY_free() that shouldn't be there. More EVP_PKEY patches for new functionality. Fix things so DH_free() will be no-op when passed NULL, like RSA_free() and DSA_free(): this was causing crashes when for example an attempt was made to handle a (currently) unsupported DH public key. Also X509_PUBKEY_set()i wasn't checking errors from d2i_PublicKey(). Oops! update CHANGES file properly. Fix the gendsa program and add it to the app list. The progs.h file is auto generated but not auto updated so it is included. Also remove the encryption from the sample DSA keys. Fix OBJ_txt2nid(): old function was broken when input used the "dot" form, e.g. 1.2.3.4 . Also added new function OBJ_txt2obj(). Submitted by: Neil Costigan PR: Fix parameters to dummy function BN_ref_mod_exp(). Time to blow up the source tree :-) This is the beginning of support for GeneralizedTime. At several points PKIX specifies that GeneralizedTime can be used but OpenSSL doesn't currently support it. This patch adds several files and a bunch of functions. Update CHANGES for GeneralizedTime info. New err_code.pl script to retain old error codes. This should allow the use of 'make errors' without causing huge re-organisations of files when a new code is added. This is the result of a "make errors" with the new error building functionality in place. Continued patches so certificates and CRLs now can support and use GeneralizedTime. Initial addition of new X509 V3 files, tidy of old files. Continuing adding X509 V3 support. This starts to integrate the code with the main library, but only with printing at present. To see this try: openssl x509 -in cert.pem -text on a certificate with some extensions in it. Add file x509v3.err. More X509 V3 stuff. Add support for extensions in the 'req' application so that: openssl req -x509 -new -out cert.pem will take extensions from openssl.cnf a sample for a CA is included. Also change the directory order so pem is nearer the end. Otherwise 'make links' wont work because pem.h can't be built. Still more X509 V3 stuff. Modify ca.c to work with the new code and modify openssl.cnf for the new syntax. Add a few extended key usage OIDs. Add ASN1 code for netscape certificate sequences. Remember to add the new file this time :-) Allow the -certfile argument to be used multiple times in crl2pkcs7. Also fix typos in the usage messages: "inout" instead of "input". New program 'nseq' added to apps to allow Netscape certificate sequences to be pulled apart and built. Update STATUS, modify ssl.h so mkdef.pl will pick up prototypes and add x509v3.h to mkdef.pl list of include files. Fix various stuff: that VC++ 5.0 chokes on: 1. Add *lots* of missing prototypes for static ssl functions. 2. VC++ doesn't understand the 'LL' suffix for 64 bits constants: change bn.org 3. Add a few missing prototypes in pem.org Fix mk1mf.pl so it outputs a Makefile that doesn't choke Win95. Fix mkdef.pl so it doesn't truncate longer names. More Win32 fixes. The Configure script used to give *lots* of warnings about use of undefined variables: kludge so they all get initialised. Also avoid use of POSIX module. Delete bogus V3 prototype and update the *.num files to include ordinals for the new functions. Update MINFO. Oops! Restore ssleay.num: it got overwritten with libeay.num :-( Rename v3_bitstr.c to v3_bitst.c to fit in 8+3. Rebuild MINFO to reflect change. Delete legacy file. Add support for GeneralName and GeneralNames extensions. Also preliminary support for subject and issuer alt name. Add a new ASN1 macro and fix a nasty bug that left an ASN1 buffer modified on an error condition with IMPLICIT tagging. Fix filename in comment. Comment out def of currently unimplemented function to stop warning. Support for ASN1 ENUMERATED type. This copies and duplicates the ASN1_INTEGER code and adds support to ASN1_TYPE and asn1parse. Oops... forgot to add new ENUMERATED file... More extension code. Incomplete support for subject and issuer alt name, issuer and authority key id. Change the i2v function parameters and add an extra 'crl' parameter in the X509V3_CTX structure: guess what that's for :-) Fix to ASN1 macro which messed up IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED. Oops. Forgot to do a 'make errors'. Delete a few unused files in apps, restore CAST WIN32 ASM file to main tree. Make the 'crypto' and 'ssl' options in the perl script mkdef.pl really work, also add an 'update' option to automatically append any new functions to the ssleay.num and libeay.num files. Fix typo in asn1.h (PRINTABLESTRING_STRING) and fix a bug in object creation perl script. It failed if the OID had any zeros in it. Modify configure script to generate some files that Win32 needs and new script that does the same as 'make files'. Oops... add other changes this time too. More Win32 fixes and upsdate INSTALL.W32 documentation. Convert ms/do_ms.bat to DOS EOL format of DOS chokes on it. Add support for raw extensions. This means that you can include the DER encoding of an arbitrary extension: e.g. 1.3.4.5=critical,RAW:12:34:56 Using this technique currently unsupported extensions can be generated if you know their DER encoding. Even if the extension is supported in future the raw extension will still work: that is the raw version can always be used even if it is a supported extension. Update error codes. Patch to Configure script. For some reason the BN_ASM part was truncated to the first word which broke (at least) the Linux compile. Hopefully this wont break other platforms. Fix various memory leaks in SSL, apps and DSA Added code to GENERAL_NAME with support for more options and preliminary support for assignment in config files. Fuller authority key id support, partial support for private key usage extension and really fix the ASN.1 IMPLICIT bug this time :-) Oops! Remeber to include the other patches this time... Overhaul 'crl' application, add a proper X509_CRL_print function and start to support CRL extensions. Patch so the new crl stuff actually compiles this time :-) Also update the Win32 ordinals. Preliminary support for reason code CRL extension. Add more functionality to issuer alt name and subject alt name. New options to include email addresses from DN and copy details from issuer certificate. Include examples in openssl.cnf, update Win32 ordinals. Make RSA_NO_PADDING really use no padding. Add preliminary user level config documentation for extension stuff. Programming info will come later... Various changes to make this stuff compile under Win32 and VC++ with and without -debug option to mk1mf.pl. Change _export to is_export (_export is a reserved word under VC++). Add yucky function prototype function pointer casts. Sanitise the included files in crypto/x509v3. Redo the way 'req' and 'ca' add objects: add support for oid_section. Remove debugging fprintf from req.c and fix the code so it properly skips over the first leading XXX. in the DN. BN_RECURSION causes the stuff in bn_mont.c to fall over for large keys. For now change it to BN_RECURSION_MONT so it isn't compiled in. Fix the Win32 compile environment and add various changes so it will now compile under Win32 (9X and NT) again. Note: some signed/unsigned changes recently checked in were killing the Win32 compile. Deleted my str_dup() function from X509V3: the same functionality is provided by BUF_MEM_strdup(). Added text documentation to the BUF_MEM stuff. Workaround for a Win95 console bug triggered by the password read stuff. Fix the PKCS#7 stuff: signature verify could fail if attributes reordered, the detached data encoding was wrong and free up public keys. Add an extra 'raw' function r2i to the extension code. Nothing uses this yet and it is just a place holder for functionality to be added later. Its been added now so the X509V3_EXT_METHOD structure shouldn't (hopefully) have to change after the release. Added support for adding extensions to CRLs, also fix a memory leak and make 'req' check the config file syntax before it adds extensions. Added info in the documentation as well. Delete obsolete old X509V3 files. Various fixes to Win32, update ssleay.num, libeay.num, shuffle various #ifdefs around so more options appear in e_os.h Add missing funtions from non ANSI section of header files and add missing ordinals to libeay.num. Comment out two unimplemented functions from bio.h. Attempt to get the Win32 test batch file going again. Remove some hard coded paths from Win32 test stuff. Make CC,CFLAG etc get passed to make links and various Win32 fixes. Fix couple of ANSI declarations and prototypes Fix for RSA private key encryption if p < q. This took ***ages*** to track down. Delete NULL ciphers from 'ALL' in the cipher list aliases. This means that NULL ciphers specifically have to be enabled with e.g. "DEFAULT:eNULL". This prevents cipher lists from inadvertantly having NULL ciphers at the top of their list (e.g. the default ones) because they didn't have to be taken into account before. Delete Win32 test with testreq.pem and req: there is already a test with testreq2.pem. Remove some references which called malloc and free instead of Malloc and Free. Using int for the digest length in EVP_DigestFinal() broke some compilers. Changed to unsigned int: also need an evil cast in pk7_doit.c because a signed, unsigned comparison chokes VC++. Comment out the lines that generated by mk1mf.pl include three separate rules that are equivalent to $(OUT_D). This was what was causing the 'too many rules' warning under VC++. Add initial support for Thawte strong extranet certificate extensions and include an 'indent' option to V3 stuff. extranet file added... This is the beginning of PKCS#12 integration. This just adds the PKCS#12 objects to objects.h Further PKCS#12 integration, PBE, PKCS#8 additions. Yet more PKCS#12 integration: add lots of files under crypto/pkcs12 and add them to the build environment. Various PKCS#12 related tidies and fixes: it might even compile now :-) Include pkcs12 program as part of openssl. This completes most of the PKCS#12 integration. Remove deleted PKCS#12 functions from pkcs12.h, get rid of object creation kludge, remove CRs from ssl_ciph.c and update Win32 functions for PKCS#12 code. It might compile under Win32 now ... Delete some auto generated files and correct a typo in crypto/asn1/p5_pbe.c Did a 'make errors' to update asn1 error codes now typo is fixed Add PKCS#5 v2.0 ASN1 structures. Delete all the old X509V3 pack and unpack stuff and various structures and files associated with them. This stuff is all obsoleted by the new X509V3 code. Add some utilities to support SXNet extension also add support in DEF files generator to typesafe stacks. Fix a horrible BN bug in bn_expand2 which caused BN_add_word() et al to fail when they cause the destination to expand. Add initial support for r2i RAW extensions which can access the config database add various X509V3_CTX helper functions and support for LHASH as the config database. Add support for VISIBLESTRING and UTF8String Allow asn1parse to print out VISIBLESTRING and some code needed for certificate policies extension. Initial support for Certificate Policies extension: print out works but setting isn't fully implemented (yet). Finish off support for Certificate Policies extension. Various fixes so Win32 compile may work. Convert GeneralNames to use safe stack. Suppport for CRL distribution points extension. Also document some of this stuff. Oops! Fixup CHANGES. Complete rewrite of the error code generation script. It now runs as a single script, translates function codes better and doesn't need the K&R function prototypes to work (NB. the K&R prototypes can't be wiped just yet: they are still needed by the DEF generator...). I also ran the script with the -rewrite option to update all the header and source files. Delete the unnecessary ERR and ERRC lines in makefiles, add some functionality to error code script: it can now find untranslatable function codes (usually because the function is static and not defined in a header: occasionally because of a typo...) and unreferenced function and reason codes. To see this try: perl util/mkerr.pl -recurse -debug Also fixed some typos in crypto/pkcs12 that this found :-) Also tidy up some error calls that had to be all on one line: the old error script couldn't find codes unless the call was all on one line. Change the command line options of mkerr.pl so -static is now default and a -write option is needed to actually change anything. Second attempt at getting rid of ERR, ERRC definitions: it might even work this time :-) Fix mkerr.pl to find functions returning function pointers (thanks Ulf!) also add a few missing prototypes. Various header consistency fixes. Fixes so it will compile again under Win32. Extensively changed the DEF file generator mkdef.pl to use a modified version of Ulf's prototype parser, also general tidying and fixing of several problems with the original. Its still a bit of a hack but should work. Add PKCS#12 documentation and new option in x509 to add certificate extensions. Oops ... fix warning. Fix a couple of cases where an attempt is made to lock an already locked mutex. GeneralizedTime setting fixes. Allows PKCS#12 password to be placed on command line and add allow config file name for 'ca' to come from the environment. Various Win32 fixes. Win95 doesn't support MoveFileEx() (which was used for a Win32 version of rename() ). There isn't a precise rename() equivalent under Win95: the standard rename() complains if the destination already exists so replaced with a combination of unlink() and MoveFile(). Kill evil casts, fix PKCS#7 and add new X509V3 Function. Various PKCS#7 fixes to properly (maybe!) handle PKCS#7 enveloped data. Containts elements of code by Sebastian Akerman and made a bit less "naughty" by Steve. Various PKCS#7 related fixes,tidies and comments. Add new -out option to asn1parse to allow the parsed data to be output. Fixed -strparse option: it didn't work if used more than once (this was due to the d2i_ASN1_TYPE call parsing a freed buffer). On Win32 the file wincrypt.h #define's X509_NAME and PKCS7_SIGNER_INFO causing clashes so these are #undef'ed Several of the EVP_CIPHER structures had the get and set asn1 parameter functions transposed. The encoding of negative ASN1 INTEGERs and the conversion of BNs to negative integers was completely broken. Also added a NEG_PUBKEY_BUG compilation option to compensate for public keys improperly encoded as negative integers. Various Win32 fixes. Change args in do_ms.bat to put platform last. Fix unsigned/signed cmp error in asn1parse. Change various pem_all.c args to use pem_password_cb. Fix some obvious bugs in the PKCS#7 library handling. It didn't try to find the right RecipientInfo based on the recipient certificate (so would fail a lot of the time) and fixup cipher structures to correctly (maybe) modify the AlgorithmIdentifiers. Largely untested at present... this will be fixed in due course. Well the stuff was broken to begin with so if its broken now then you haven't lost anything :-) Fix various less obvious bugs in PKCS#7 handling: such as not zeroing the secret key before we've encrypted it and using the right NID for RC2-64. Add various arguments to the experimental programs 'dec' and 'enc' to make testing less painful. Oops! Get the pmatch test the right way round. Various clarifications to extension docs: change the name of literal extensions from RAW to DER to avoid confusion with raw extensions. Change default PKCS#12 iteration count to 2048, include rsa_oeap_test in the test batch file. New functions sk_set, sk_value and sk_num to replace existing macros: this is to minimise the effects on existing code. Include some notes on basic extension usage and change openssl.cnf to usually do sensible things with extensions. The last argument in the d2i_XXX_fp and d2i_XXX_bio functions should be of type XXX ** not XXX * Move the Win32 #undefs of X509_NAME and PKCS7_ISSUER_AND_SERIAL so they will always get included with the relevant files. Fixup do_nt.bat for new mk1mf arg order. Set ext_list to NULL after use. Fix URL for perl in INSTALL.W32 Update md5 assembly source for Win32. Fix for memory leak. Free up 'out' before exiting pkcs12 application. Submitted by: Wu Zhigang Add PKCS#5 v1.5 compatible algorithms and initial PKCS#8 support. PKCS#8 needs more work: need an application and make the private key routines automatically handle PKCS#8. The rest of the PKCS#5, PKCS#8 patch I forgot before :-) Add a 'pkcs8' application for initial PKCS#8 support. Still needs lots more options to handle encrypted and unencrypted forms and DER format input and output. Add d2i,i2d bio and fp functions for PKCS#8 and add -inform and -outform arguments to pkcs8 application. More PKCS#8 stuff. Support for unencrypted forms of private key. Change so PEM private key read routines can handle PKCS#8 transparently. Rewrite PBE handling read to support PKCS#5 v2.0 and update the function list for Win32. Change PBE handling a bit more: now the key and iv generator does calls EVP_CipherInit() this because the IV wont be easily available when doing PKCS#5 v2.0 More PKCS#5 v2.0 development. Add a function to setup a PKCS#5 v2.0 AlgorithmIdentifier and make various ASN1 fixes. This is the main PKCS#5 v2.0 key generation function, it parses the ASN1 structure and decides what key to generate (if any). Not currently added to the PBE algorithm list because it is largely untested. Complete support for PKCS#5 v2.0. Still needs extensive testing. Change the PEM function implementation to use a common set of macros: this should make modifying them easier. Reformat and "modernise" the sign.c demo. Two new functions to write out PKCS#8 private keys. Also fixes for some of the the PBE code and a new constant PKCS5_DEFAULT_ITER for the default iteration count if it is passed as zero. Document the X509V3 code and change some of the extension function pointers to use 'void *' rather than 'char *' for an "arbitrary extension". Fix to i2d_DSAPublicKey() to return the correct length. Submitted by: Jeon KyoungHo New functions CONF_load_bio() and CONF_load_fp() to load a configuration file from a bio or fp. Added some more constification to the BN library. Convert the CONF library to use a typesafe stack: a STACK_OF(CONF_VALUE). It seemed like a good idea at the time... several hours later it was rather obvious that these are used all over the place making the changes rather extensive. Implement STACK_OF(ANS1_OBJECT) for extended key usage extension, change the documentation to reflect the STACK_OF(CONF_VALUE) change to the CONF lib and use ANSI typedefs for X509V3_EXT_I2D and X509V3_EXT_FREE. Change the PEM_* function prototypes to use DECLARE_PEM macros and change util/mkdef.pl to handle this. Also do a 'make update'. New function PKCS7_signatureVerify to allow the signing certificate to be explicitly stated with PKCS#7 verify. Fix d2i_ASN1_INTEGER() and i2d_ASN1_INTEGER() so it correctly works out the length of negative integers. New functions to allow RSA_METHODs to be changed without poking round in RSA structure internals. SXnet code was freeing up the extension data rather than the temporary zone number. Fix a bug in x509.c that omitted DSA parameters when they didn't match the signers parameters. Changed it to never omit parameters. Copy flags in ASN1_STRING_dup() Add a debugging option to PKCS#5 v2.0 key generation function. Various changes to stop VC++ choking under Win32. Beginnings of experimental support for NASM assembler. This is a free assembler for various X86 platforms including Win32. It can output object files that VC++ will tolerate so it could be used to provide assembly language support to Win32 without the need for MASM. More NASM support code it still doesn't work but it doesn't work less than it didn't work before :-) Continues NASM support. This might work now. Its still experimental but it passes all the tests. Added documentation in INSTALL.W32. Eliminate a warning: BN_mod_inverse() returns a (BIGNUM *) and remove and unnecessary cast. New RSA flag RSA_FLAG_EXT_PKEY, to always call rsa_mod_exp. New function OBJ_obj2txt() Tidy up pkcs12 application. Allow the PKCS#7 (S/MIME encrypt) application to support more than one recipient. Fix to PKCS#12 code to use the cipher block length when allocating a buffer for encrypted data, rather than hard coding '8'. Configure fix for Windows: under Windows+perl "system" ends up going via the command shell which means that redirecttion needs backslashes in the paths. Change all the -'s to _'s. Fix -startdate and -enddate arguments to 'ca' program. Also update NEWS file with some 0.9.4 changes. *** empty log message *** Support for parsing of certificate extensions in PKCS#10 requests: these are used by things like Xenroll. Also include documentation for extendedKeyUsage extension. Add functions to allow extensions to be added to certificate requests. Fix PKCS7_ENC_CONTENT_new() to include a sensible default content type and add support for encrypted content type in PKCS7_set_content(). Allow memory bios to be read only and change PKCS#7 routines to use them. Initial support for DSA_METHOD... Initial support for DH_METHOD. Also added a DH lock. A few changes made to DSA_METHOD to make it more consistent with RSA_METHOD. Fix for a bug which meant encrypting BIOs sometimes wouldn't read the final block. Allow extensions to be added to certificate requests, update the sample config file (change RAW to DER). Allow the 1.OU="my OU" syntax in 'ca' for SPKACs. Allow the extension section specified in config files to be overridden on the command line for various utilities. Make DH_free() free up any ex_data and also call the finish method. Add new 'spkac' utility and several SPKAC utility functions. New UTF8 utility functions to parse/generate UTF8 strings. New function to convert ASN1 tag values to strings. Also fix typo in asn1.h This is preliminary support for an "RSA null" cipher. Unfortunately when OpenSSL is compiled with NO_RSA, no RSA operations can be used: including key generation storage and display of RSA keys. Since these operations are not covered by the RSA patent (my understanding is it only covers encrypt, decrypt, sign and verify) they can be included: this is an often requested feature, attempts to use the patented operations return an error code. Oops... forgot the other RSA_NULL patches... Fix typo. Fix typo. Various CRL enhancements tidies and workaround for broken CRLs. Add new sign and verify members to RSA_METHOD and change SSL code to use sign and verify rather than direct encrypt/decrypt. Lots of evil casts to stop VC++ choking with "possible loss of data" warnings :-( Fix to make s_client and s_server work under Windows. A bit of a hack but an improvement on not working at all. Modify the 'speed' application so it now uses RSA_sign and RSA_verify instead of RSA_private_encrypt and RSA_public_decrypt Fix for base64 BIO decoding bug Fix for d2i_ASN1_bytes and stop PKCS#7 routines crashing is signed message contains no certificates. Add support for public key input and output in rsa and dsa utilities with some new DSA public key functions that were missing. New option -dhparam to s_server to allow the DH parameter file to be set explicitly. Previously it couldn't be changed because it was hard coded as "server.pem". Fix for bug in pkcs12 program and typo in ASN1_tag2str(). Fix for bug in pkcs12 program and typo in ASN1_tag2str(). Fix incorrect usage messages in some commands. New functions to parse and get extensions. Add EX_DATA support to X509. Fix a bug in the X509_get_d2i() functions which didn't check if crit was NULL. Initial support for certificate purpose checking: this will ultimately lead to certificate chain verification. It is VERY EXPERIMENTAL at present though. Replace the macros in asn1.h with function equivalents. Also make UTF8Strings tolerated in certificates. New function ASN1_mbstring_copy() to handle ASN1 string copying. Ultimately this will be used to clear up the horrible DN mess. More multibyte character support. Continued multibyte character support. Fix to PKCS#7 routines so it can decrypt some oddball RC2 handling. Allow additional information to be attached to a certificate: currently this includes trust settings and a "friendly name". Fix to the -revoke option in ca. It was leaking memory, crashing and just plain not working :-( Very preliminary POD format documentation for some of the openssl utility commands... Oops. The pkcs8 man page wasn't finished: this is an updated version Fix a couple of outstanding issues: update STATUS file, fix NO_FP_API problems. Add password command line options to some utils. Fix and update man pages. More docs and corrections/updates Oops forgot the S/MIME v3 RFC. Merge some common functionality in the apps, delete the encryption option in the pkcs7 utility (they never did anything) and add a couple more options to pkcs7. Add an spkac manual page and fix the pkcs7 manpage. Correct x509 manpaghe and add a crl manpage Add info about the header and footer lines used in PEM formats and add an nseq manpage. Add support for the 40 and 64 bit RC2 and RC4 ciphers in 'enc' add documentation for 'enc'. Add some examples to the enc man page. 'req' fixes. Reinstate length check one request fields. Fix to stop null being added to attributes. Modify X509_LOOKUP, X509_INFO to handle auxiliary info. New function X509_cmp(). Add a salt to the key derivation using the 'enc' program. Clarify docs. Fix for a bug in PKCS#7 code and non-detached data. Modify verify code to handle self signed certificates. Support for otherName in GeneralName. Transparent support for PKCS#8 private keys in RSA/DSA. Support for authority information access extension. Initial chain verify code: not tested probably not working at present. However nothing enables it yet so this doesn't matter :-) New options to the -verify program which can be used for chain verification. Extend the X509_PURPOSE structure to include shortnames for purposed and default trust ids. Initial trust code: allow setting of trust checking functions in a table. Doesn't do too much yet. Oops! Commit died on me :-( Add trust setting support to the verify code. It now checks the trust settings of the root CA. Add part of chain verify SSL support code: not complete or doing anything yet. Remainder of SSL purpose and trust code: trust and purpose setting in SSL_CTX and SSL, functions to set them and defaults if no values set. Document all possible errors (and some impossible) from the verify program. Document the extension tests performed by the -purpose test in the x509 utility. Modify the X509 V3 extension lookup code. Change the trust and purpose code so it doesn't need init either and has a static and dynamic mix. Fix a bug in the modified purpose code: it wasn't updated to use the new purpose getting function. New function PKC12_newpass() Merge in my S/MIME library and utility. Modify S/MIME application so the -signer option writes the signer(s) to a file if we are verifying. Add i2d_ASN1_PRINTABLESTRING() function, and do 'make update' Make the PKCS#7 S/MIME functions check for passed NULL pointers. Fix for crashing INTEGERs, ENUMERATEDs and OBJECT IDENTIFIERs. Various S/MIME fixes. Fix a typo in a_enum.c. Various S/MIME fixes. Fix for memory leak, recipient list bug and not excluding parameters with DSA keys. Fix the S/MIME code to use canonical MIME format for encrypted mail. Also update the smime docs. Delete an unused variable and make the PKCS#12 keygen debugging code work again. Support for ASN1 NULL type. Add PKCS#8 utility functions and add PBE options. Fixes so NO_RSA works again. Allow passwords to be included on command line for a few more utilities. New {i2d,d2i}_PrivateKey_{bio, fp} functions. Simplify the trust structure: basically zap the bit strings and represent everything by OIDs. Add OIDs for idea and blowfish. Unfortunately these are in the middle of the OID table so the diff is rather large :-( Fix some of the command line password stuff. New function that can automatically determine the type of a DER encoded "traditional" format private key and change some of the d2i functions to use it instead of requiring the application to work out the key type. Add support for MS "fast SGC". Initial automation changes to 'req' and X509_ATTRIBUTE functions. More X509_ATTRIBUTE changes. #undef PKCS7_SIGNER_INFO for Win32 to avoid clashes. Add PKCS#12 manpage and use MAC iteration counts by default. Manpages for the DH utils and fix for a memory leak in dh program Add -prexit command to s_client and patch some BIO functions so it doesn't crash. Document s_client. Man page for s_server. New function X509_CTX_rget_chain(), make SSL_SESSION_print() display return code. Remove references to 'TXT' in -inform and -outform switches. Update docs. Rename X509_att*() stuff to X509at_*(), add X509_REQ wrappers. Finish off the X509_ATTRIBUTE string stuff. Oops... undo change to wrong prototype. Change the 'man' directory to 'apps'. Yes I wish cvs could rename too :-( Make -CAcreateserial start from 1 instead of 0 for serial numbers. Docs for sess_id utility. Apply Lutz Behnke's 56 bit cipher patch with a few minor changes. Gets Lutz Jaenicke's name right this time :-) Add new program dhparam and update docs. Minor patch: check only match @STRENGTH and remove eNULL comment. Make s_server, s_client check cipher list return codes. Tidy up CRYPTO_EX_DATA structures. Document how CRYPTO_EX_DATA stuff works for RSA structures. Other structures behave in a similar way. New -pkcs12 option to CA.pl. Document CA.pl script. Initialise and free up the extra DH fields (nothing uses them yet though). Add CA.pl man page this time... Fix CRL encoding bug. Update docs. Update docs. Add new -notext option to 'ca', -pubkey option to spkac. Rename SSLeay_add_all_algorithms() et al to OpenSSL_add_all_algorithms(). Move these into separate files so they work properly. Add support for some broken PKCS#8 formats. Document EVP digest operations. Rename the X509V3_*_d2i functions to X509_get_ext_d2i() etc. This better reflects their behaviour. Add command line password options to the reamining utilities, amend docs. Update docs. Make pkcs12 and smime applications seed random number generator (otherwise they don't work) and add -rand option. Update docs. Modernise 'selfsign.c' to use new X509_NAME code and add example of extension aliasing. Also fix the extension aliasing because it didn't work :-) Fix for Netscape "hang" bug. Pass phrase reorganisation. Add -pass argument to 'enc'. Fix to make Win32 compile work again. New functions and option to use NEW in certificate requests. Add -clrext option to 'x509' Change the 'other' structure in certificate aux info. Change EVP_MD_CTX_type so it is more logical and add EVP_MD_CTX_md for the old functionality. Update docs. Make pkcs8 work again. Allow ADH to be used but not present in the default cipher list. Add PBE algorithms with ciphers, not digests. Allow code which calls RSA temp key callback to cope with a failure. Rename functions for new convention. Fix shadow warning. Make ASN1 types real typedefs. Fix so Win32 assembly language works with MASM. Fix so Win32 compiles again... Don't call BN_rand with zero bits in bntest.c Ouch! PKCS7_encrypt() was heading MIME text headers twice because it added them manually and as part of SMIME_crlf_copy(). Removed the manual add. Fix bug which would free up a public key twice if the verify callback tried to continue after a signature failure. Move the 'file scope' argument in set_label to the third argument: the second was being used already. Make name_funcs_stack static. Fix the PKCS#8 DSA code so it works again. All the broken formats worked but the valid didn't :-( New compatability trust and purpose settings. Manual pages for EVP signing and verifying. Manual pages for EVP_Open* and EVP_Seal* Fix typo and make ca get the CA and request fields correct. Don't Free() password if it was read from config file. Make V_ASN1_APP_CHOOSE work again. Fix a memory leak in PKCS12_parse. Don't copy private key to X509 etc public key structures. Fix for warning. Update docs and remove old PKCS#7 README file. Add a few more FAQs. Update docs. Fix for HMAC. Add a couple of FAQs. Make PKCS#12 code handle missing passwords. Fix for SSL server purpose checking Fix c_rehash script, add -fingerprint option to crl. Add DSA library string. Workaround for IIS .key file invalid ASN1 encoding. Beginnings of EVP cipher overhaul. This should eventually enhance and tidy up the EVP interface. Second phase of EVP cipher overhaul. Third phase of EVP cipher overhaul. Fourth phase EVP revision. Fourth phase EVP revision. More EVP cipher revision. Document EVP routines. Change EVP_SealInit() and EVP_OpenInit() to support multiple calls. Make EVP_SealInit() and EVP_OpenInit() check EVP_EncryptInit() and EVP_DecryptInit() return values. Fix evp_locl.h macros. Add support for the modified SGC key format used in IIS. Safe stack reorganisation in terms of function casts. Handle ASN1_SET_OF and PKCS12_STACK_OF using function casts in the same way as STACK_OF. Fixes for Win32 build. Change mkstack.pl so it now sorts each group into lexical order. Previously it depended on the order of files in the directory. Update STATUS. New ASN1 functions that just deal with content octets, not tag+length. Fix some typose in the i2d/d2i functions that call the i2c/c2i (they were not using the content length for the headers). Make req seed the PRNG if signing with an already existing DSA key. Make NEG_PUBKEY_BUG on by default. Fix warnings. Fix a bug in the new i2d_{ENUMERATED,INTEGER} that didn't recognise NULL to mean 'don't output anything' New ASN1_STRING_print_ex() and X509_NAME_print_ex() functions. These are intended to be replacements for the ancient ASN1_STRING_print() and X509_NAME_print() functions. Document the new DN printing options. Changes needed for Tandem NSK, supplied by Scott Uroff (scott at xypro.com). Fix for bad sorting of object names. Various fixes... Fixes to d2i_ASN1_OBJECT, ASN1_INTEGER_to_BN and a_strex.c Fix ASN1_INTEGER_to_BN properly this time... Add support for 'other' PKCS#7 content types. New option to CA.pl to sign request using CA extensions. This allows intermediate CAs to be created more easily. Change PKCS#7 test data to take account of removal of indefinite length encoding. Fix typo in i2d_ASN1_ENUMERATED Add 'rsautl' low level RSA utility. Keep a not of original encoding in certificate requests. *BIG* verify code reorganisation. Fix typo in rsautl. Some BIO docs, incomplete, more to follow. Add docs for BIO_find_type() and friends. Ugh, BIO_find_type() cannot be passed a NULL. Two new PKCS#12 demo programs. Update verify docs. Add BIO_read() (etc.) docs. Really add BIO_read this time... More preliminary BIO docs... More new BIO docs, correct some old ones. Docs for cipher and base64 BIOs. More BIO docs. Clarify some of the I/O issues. BIO_s_fd() manual page. Docs for socket BIO. Initial connect BIO docs. BIO_s_bio() manual page detailing BIO pair. Update BIO_s_connect(). Accept BIO docs. BIO_f_ssl() docs. Remove redundant manpages and references to them. New macro BIO_set_shutdown_wr(). Work around for Netscape PKCS#7 signedData bug. Clarify the BIO_seek() mess and related issues. Fix a typo in apps/pkcs12.c which was using the wrong part of ASN1_TYPE (though they are both ASN1_STRING so it didn't cause any problems). Add docs for X509_get_ext_d2i() function. Fix ASN1_TYPE bug. Only use the new informational verify codes if we specifically ask for them. Global DirectoryString mask fix. More code for X509_print_ex() support. Make non blocking I/O work for accept BIOs. Fix for typo in certificate directory lookup code. Update test server certificate in apps/server.pem (it was expired). Move expired CA certificate. Fix for bug (?) in assembly language routines for SHA1. This causes MASM to complain and not produce valid debug info. Hopefully this wont break anything else... Merge from the ASN1 branch of new ASN1 code to main trunk. Rewrite the extension code to use an ASN1_ITEM structure for its ASN1 operations as well as the old style function pointers (i2d, d2i, new, free). Change standard extensions to support this. Stop extension creation code core dumping. Replace the old style OCSP ASN1 module. Change the PKCS7 structure to use SEQUENCE OF for the authenticated attributes: this is used to retain the original encoding and not break signatures. New function X509_signature_print() to remove some duplicate code from certificate, CRL and request printing routines. New function X509V3_extensions_print() this removes extension duplication from the print routines. Add OCSP nonce extension to supported extensions. Implement some standard OCSP extensions in the v3 code. These are all raw print only extensions at present. Add a couple of FAQs. Make mkdef.pl parse some ASN1 IMPLEMENT macros. Add support for the noCheck OCSP extension. This is just a NULL and appears in a certificate. Add OCSP service locator extension. Redo OCSP response printing. Remove duplicate or obsolete code. Delete some redundant files. Fixes to OCSP print code. Various Win32 related fixes. Doesn't compile yet on Win32 but it is getting there... New function X509V3_add_i2d() this is used for encoding, replacing and deleting extensions. X509V3_add_i2d() needs to be able to allocate a STACK_OF(X509_EXTENSION) so it should be passed STACK_OF(X509_EXTENSION) ** in the first argument. Avoid compiler warnings in hw_ubsec.c: unused static functions and signed/unsigned mismatch. New OCSP extension functions. ASN1_ITEM versions of sign, verify, pack and unpack. Add NO_ASN1_OLD to remove some old style functions: currently OpenSSL itself wont compile with this set because some old style stuff remains. ASN1_ITEM version of ASN1_dup(). Might want something more efficient later... Replace the old ASN1_dup() with ASN1_item_dup() and zap some evil function pointers casts along the way... ASN1_ITEM versions of ASN1_d2i_{fp, bio} and replacement of most of the old wrappers. A few of the old versions remain because they are non standard and the corresponding ASN1 code has not been reimplemented yet. Delete PKCS#12 redundant files. Rewrite PKCS#12 code and remove some of the old horrible macros. Fix the S/MIME code so it now works again and uses the new ASN1 code. Update OCSP API. Fix typo in OCSP nonce extension. Modify OCSP API to more closely reflect application needs. Add set of OCSP client functions. All experimental and subject to addition, modifcation or deletion. Add prototypes for new OCSP functions. Fix uni2asc() so it can properly convert zero length unicode strings. Certain PKCS#12 files contain these in BMPStrings and it used to crash on them. OCSP basic response verify. Very incomplete but will verify the signatures on a response and locate the signers certifcate. Fix typo in OCSP ASN1 module, this caused invalid format in OCSP request signatures. New OCSP utility. This can generate, parse and print OCSP requests. It can also query reponders and parse or print out responses. Preliminary ocsp utility documentation. Fix warning in apps/ca.c Change PKCS#12 key derivation routines to cope with non null terminated passwords. Initial OCSP certificate verify. Not complete, it just supports a "trusted OCSP global root CA". Implement remaining OCSP verify checks in accordance with RFC2560. Don't shadow. Additional functionality in ocsp utility: print summary of status info. Check nonce values. Option to disable verify. Update usage message. Fixes to various ASN1_INTEGER routines for negative case. Update ocsp utility documentation. Fix to stop X509_time_adj() using GeneralizedTime. Add debugging info to new ASN1 code to trace memory leaks. Zero the premaster secret after deriving the master secret in DH ciphersuites. New OCSP response verify option OCSP_TRUSTOTHER Make sk_sort tolearate a NULL argument. Tolerate some "variations" used in some certificates. Tidy up the mess in bss_sock.c and bss_fd.c by placing them socket/fd code in separate files rather than trying to have them both share the same one. Various function for commmon operations. Various OCSP responder utility functions. Fix ASN1_TIME_to_generlizedtime(). New function to copy nonce values from OCSP request to response. Fix AES code. Allow various options to be included for signing and verify of OCSP responses. Add missing \n's to ocsp usage message. Various updates to mkdef.pl to cope with new aes and ASN1 code. Various Win32 related fixed. Make no-krb5 work in mkdef.pl . Fix CRL printing to correctly show when there are no revoked certificates. Work around for libsafe "error". Modify OCSP nonce behaviour. New function OCSP_parse_url() and -url option for ocsp utility. Initial OCSP SSL support. Option to disable standard block padding with EVP API. New options to 'ca' utility to support CRL entry extensions. New -set_serial options to 'req' and 'x509'. Fix typo. Rebuild ASN1 error codes to remove unused function and reason codes. Initial support for ASN1_ITEM_FUNCTION option to change the way ASN1 modules are exported. Get rid of ASN1_ITEM_FUNCTIONS dummy function prototype hack. This unfortunately means that every ASN1_*_END construct cannot have a trailing ; Oops, forgot CHANGES entry for ASN1_ITEM_FUNCTIONS. Make OCSP cert id code tolerate a missing issuer certificate or serial number. Stop PKCS7_verify() core dumping with unknown public key algorithms and leaking if the signature verify fails. Print out OID of unknown signature or public key algorithms. New function and options to check OCSP response validity. Trap an invalid ASN1_ITEM construction and print out the errant field for more ASN1 error conditions. Enhance OCSP_request_verify() so it finds the signers certificate properly and supports several flags. Typo in comment. Fix a bug which caused BN_div to produce the wrong result if rm==num and num < 0. Fix bug in copy_email() which would not find emailAddress at start of subject name. Make EVP_Digest*() routines return a value. Change the EVP_somecipher() and EVP_somedigest() functions to return constant EVP_MD and EVP_CIPHER pointers. Update docs. Add the 'ec' directory to mkdef.pl and mkfiles.pl so the Windows build can see it. Typo. In crypto/ec #if 0 out structures which reference (currently) non existent functions because this breaks shared libraries. Initial docs for PEM routines. Document the -certopt option to the x509 utility. Overhaul the display of certificate details in the 'ca' utility. This can now be extensively customised in the configuration file and handles multibyte strings and extensions properly. Add 'align' option to nameopt. Add copy_extensions option to 'ca' utility. Fix PKCS#12 key generation bug. Rewrite CHOICE field setting code to properly handle combine in CHOICE options. Fix ASN1 bug when decoding OTHER type. Win32 fixes: Initial CRL based revocation checking. Allow various X509_STORE_CTX properties to be inherited from X509_STORE. Fix to allow multiple NONE libraries in mkerr.pl . Fix warning with DEBUG_SAFESTACK Purpose and trust setting functions for X509_STORE. Typo. Under VC++ _DLL is set to indicate that the application will be linked against the DLL runtime library. It is automatically set when /MD is used. Change Win32 to use EXPORT_VAR_AS_FN. #if 0 out deleted (?) functions to stop Win32 DLL build falling over. Fix for new UI functions under Win32. Add examples to EVP_EncryptInit manual page. Add missing variable length cipher flag for Blowfish. Add support for MS CSP Name PKCS#12 attribute. Initialize UI ex_data. Make update Don't set pointer if add_lock_callback used. make apps compile again Fix memory leaks. Change all calls to low level digest routines in the library and applications to use EVP. Add missing calls to HMAC_cleanup() and don't assume HMAC_CTX can be copied using memcpy(). Fix memory leak when RAND is used: need to cleanup RANDs ENGINE reference in ENGINE_cleanup(). Update my config entry to allow use of DSOs. In UI_dup_*() function, use the duped string, not the original. Fix UI leak in apps. Fix hwcrhk_insert_card. In {RSA,DSA,DH}_new_method(x) need to increase the reference count of the ENGINE is x is not NULL since it will be freed in {RSA,DSA,DH}_free(). Handle empty X509_NAME in printing routines. Another empty X509_NAME fix. Modify apps to use NCONF code instead of old CONF code. In ocsp_match_issuerid() we are passed the CA that signed the responder certificate so need to match its subject with the certificate IDs in the response. Delete extra ; Initial OCSP server support, using index.txt format. Allow OCSP server to handle multiple requests. First of several reorganisations to reduce linker bloat. For example the single line: More linker bloat reorganisation: Make sure *outl is always initialized in EVP_EncryptUpdate(). Add CRL utility functions to allow CRLs to be built up without accessing structures directly. Make -passin -passout etc work again. Add #ifdefs to some devcrypto code Load OCSP responder key before waiting for an incoming connection so it can prompt for pass phrase on startup instead of after the first connection. Replace old (and invalid) copyright notice. Add certificate and request demos. Fix AES CBC mode EVP_CIPHER structures: the IV length is always 16. Support fractional seconds in GeneralizedTime Make (ancient) sign.c demo compile again. Constify EVP_SealInit, EVP_OpenInit Modernise and fix (ancient) "maurice" demos. Make EVP_DecryptUpdate work again. Use the maximum block length for the extra size in the encrypt BIO buffer instead of hard coding it as 8. Retain compatibility of EVP_DigestInit() and EVP_DigestFinal() with existing code. Update docs. Modify EVP cipher behaviour in a similar way to digests to retain compatibility. Update docs. Add missing EVP_CIPHER_CTX_{init,cleanup} Typo. Stop spurious "unable to load config info" errors in req Reject certificates with unhandled critical extensions. Sanitize CHANGES entry. New options to allow req to accept UTF8 strings as input. Add support for Subject Info Acess extension. Stop compiler warnings. Bugfixes for noemailDN option. Make it use the correct name (instead of NULL) if nomailDN is not set, fix memory leaks and retain DN structure when deleting emailAddress. Allow ca to certify requests containing BMPStrings and UTF8Strings. Another noemailDN fix. Fix email address delete code. Win32 fixes. PKCS#12 code fixes: initialize and cleanup digests and ciphers properly. Add an FAQ. NO_DSA, NO_RSA patches. Add -pubkey option to req command. Make EVP_SealInit() return the correct value. EVP_BytesToKey documentation. Don't overwrite signing time. Update PEM docs Experimental configuration code. Initial ENGINE config module, docs to follow. default_algorithms option in ENGINE config. Constification. #undef some things that cause a conflict under Win32 when wincrypt.h is included. Config file updates from stable branch Config code updates. Update from stable branch. make errors non-Monolith fixes. Fix for AIX. New OPENSSL_LOAD_CONF define to load openssl.cnf when OpenSSL_add_all_algorithms() is called. Updates from stable branch. Make the engine config module always add dynamic ENGINEs to the list using dynamic_path. This stops ENGINEs which don't supply any default algorithms being automatically freed (because they have no references) and allows them to be accessed by id. Fix new -aes command argument handling Always init ctx_tmp in PKCS7_dataFinal since it is always cleaned up. Fix warnings about signed/unsigned mismatch and global shadowing (random, index) in hw_4758_cca.c Make sure the type accessed by the LONG and ZLONG ASN1 type is really a long, to avoid problems on platforms where sizeof(int) != sizeof(long). ENGINE module additions. Fix the Win32_rename() function so it correctly returns an error code. Use the same code in Win9X and NT. Make {RSA,DSA,DH}_new_method obtain and release an ENGINE functional reference in all cases. Make ciphers and digests obtain an ENGINE functional reference if impl is explicitly supplied. Fix various warnings when compiling with KRB5 code. Fix ASN1 additions for KRB5 Fix Kerberos warnings with VC++. Undo previous patch: avoid warnings by #undef'ing duplicate definitions. Initialize cipher context in KRB5 ("D. Russell" ) Ensure EVP_CipherInit() uses the correct encode/decode parameter if enc == -1 Initialize ciph_ctx in kssl.c Add apps_startup and bio_err init code to smime.c Avoid gcc warning: BN_DEC_CONV when SIXTY_FOUR_BIT is defined is unsigned. Fallback to normal multiply if n2 == 8 and dna or dnb is not zero in bn_mul_recursive. Add config entry debug-steve-linux-pseudo64. This sets the SIXTY_FOUR bignum library option to use 64 bit operations on the 32 bit linux platform. EVP_SealFinal should return a value. Zero cipher_data in EVP_CIPHER_CTX_cleanup Add missing EVP_CIPHER_CTX_init call. Fix Mingw32 asm build: use the Unix bignum assembly method of bn-586.pl and co-586.pl which (for some reason) VC++ doesn't use. Reorganise -subj option code, fix buffer overrun. Make i2c_ASN1_BIT_STRING return the correct length. The new ASN1 code automatically allocates structures for fields that are not OPTIONAL. Fix ext_dat.h extension ordering. Fix the ASN1 sanity check: correct header length calculation and check overflow against LONG_MAX. Fix typo Fix typo in OBJ_txt2obj which incorrectly passed the content length, instead of the encoding length to d2i_ASN1_OBJECT. Fix block_size field for CFB and OFB modes: it should be 1. Fix crahses and leaks in pkcs12 utility -chain option #if out unused function to shut the compiler up. Change C++ style comments Make -nameopt work in req and add support for -reqopt Reinstate the check for invalid length BIT STRINGS, which was effectively bypassed in the ASN1 changed. Fix ASN1_STRING_to_UTF8: remove non sensical !*out test. Fix typos in PKCS#12 ASN1 code. Really fix PKCS7_set_detached this time... Preliminary streaming ASN1 encode support. Various enhancements to PKCS#12 code, new medium level API, improved PKCS12_create and additional functionality in pkcs12 utility. Update mkdef.pl to handle new ASN1 macro Add declaration got PKCS#7 NDEF. make update Add version info to Win32 DLLs. Typo. Some docs relating to X509 ASN1 functions. Update RSAPublicKey manual page... Oops, remove old comment out debugging printf... Various Win32 fixes. Update DH parameter docs. Update docs. Update docs. Document "0" and "1" naming convention. More d2i/i2d manual pages. More docs. PKCS7_verify() docs. More man pages. PKCS12_create manual page PKCS12_parse manual page. Update docs. Typo. More docs. New docs. Typo: v3 is represented by 2. Check for NULL ASN1_ITEM when initializeing boolean option in ASN1_TYPE. CRL reason code docs. Typo in OCSP ASN1 module Typo Initial ASN1 generation code. This can construct arbitrary encodings from strings and config files. Initial ASN1 generation documentation. Update docs Fix memory leak in s2i_ASN_INTEGER and return an error if any invalid characters are present. Add header ctype.h Only accept exact match for modifier or tag name Put NAME in right place, fix typo Update docs Typo Fix get_email: 0 is a valid return value Fix documentation of i2d_X509_fp and i2d_X509_bio. Add SETWRAP modifier to ASN1 generate. In asn1_d2i_read_bio, don't assume BIO_read will return the requested number of bytes when reading content. Typo in X509v3_get_ext_by_critical Make ASN1_TYPE_get() work for V_ASN1_NULL type. Fix leak. NULL tofree when it is freed to avoid double free. Typo. Set EXPORT_VAR_AS_FN for BC-32 to work around a compiler bug, EVP_DecryptInit() should call EVP_CipherInit() not EVP_CipherInit_ex(). Check return value of gmtime() and add error codes where it fails in ASN1_TIME_set(). Correct EVP_SealInit() documentation, iv is an output parameter. IPv6 display and input support for extensions usingh GeneralName. Typo. GeneralString support in mini-ASN1 compiler Option to disable SSL auto chain build Single pass processing to cleartext S/MIME signing. Update docs. Typo. Update debub-steve* entries. Fix bug in base64 bios during write an non blocking I/O: if the write fails when flushing the buffer return the value to the application so it can retry. Re enable the read side non blocking test BIO code. Ooops forgot to recognise V_ASN1_GENERALSTRING. Base64 bio fixes. The base64 bio was seriously broken when reading from a non blocking BIO. Fix indefinite length encoding so EOC correctly updates the buffer pointer. Support for dirName from config files in GeneralName extensions. Typo. Encryption BIOs misbehave when used with non blocking I/O. Fixes for EVP_DigestInit_ex() and OPENSSL_NO_ENGINE. Avoid warnings for no-engine and PEDANTIC Return an error if gmtime returns NULL. Fix PEDANTIC stuff... Add some OIDs. Add entry for domainComponent so it is treated correctly. Don't give an error if response reason absent in OCSP HTTP. Fix for no-ec on Windows. Fix Certificate and CRL adding in X509_load_cert_crl_file: an X509_INFO structure can contain more than one object, for example a certififcate and a CRL. make update Avoid warning. Typo: OID should be policyMappings Support for policyMappings New ASN1 macros to just implement and declare the new and free functions and changes to mkdef.pl so it recognises them. make update Support for policy constraints. make update Name Constraints OID. Support for name constraints. make update Update ocsp usage message and docs. Multi valued AVA support. Update from stable branch. Typo. Make DER option work again. Add correct DN entry for serialNumber. Fix docs. The square brackets in BIO_s_bio.pod for some reason cause wml to bomb out with the error message: PR: 631 Submitted by: Doug Sauder PR: 627 Various S/MIME bug and compatibility fixes. Stop checking for CRLF when start of buffer is reached. Only count 'LF' as EOL in pk7_mime.c, this avoids incorrect results if CR+LF straddles the line buffer. Update CHANGES to reflect base64 fix added to 0.9.7 Really get X509_CRL_CHECK_ALL right this time... Return EOF when an S/MIME part have been read. Avoid clashes with Win32 names in WinCrypt.h outlen should be int * in out_utf8. Only accept a client certificate if the server requests one, as required by SSL/TLS specs. New -ignore_err option in ocsp application to stop the server exiting on the first error in a request. Typos. In order to get the expected self signed error when calling X509_verify_cert() in x509.c the cert should not be added to the trusted store. Add -passin support to rsautl ASN1 parse fix and release file changes. Avoid warnings: add missing prototype, don't shadow. Retrieve correct content to sign when the type is "other". Initialize digested data type in PKCS7_set_type(). New function to initialize a PKCS7 structure of type other. Simplify cipher and digest lookup in PKCS#7 code. Add support for digested data PKCS#7 type. Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex(). Give CRLDP its standard name. Typos. Replace expired certificate. Add flag to avoid continuous memory allocate when calling EVP_MD_CTX_copy_ex(). Fix handling of -offset and -length in asn1parse tool. Use an OCTET STRING for the encoding of an OCSP nonce value. Initial docs for the OpenSSL library configuration via openssl.cnf More autoconfig docs. Documentation of the KISS autoconfig functions. Config docs. Indent some of the code examples. Typos. Various X509 fixes. Disable broken certificate workarounds when X509_V_FLAG_X509_STRICT is set. Check for CRLSign in CRL issuer certificates. Reject CRLs with unhandled (any) critical extensions. Memory leak fix. Call autoconfig code in pkcs7 utility. Cleanup ASN1 OID module when it exits. Support for inhibitAnyPolicy extension. Fix policy constraints syntax. Avoid warnings. Initial support for certificate policy checking and evaluation. Fix ASN1 warnings. Fix loads of warnings in policy code. Remove BN_CTX debug from debug-steve Free up BIO properly when using streaming S/MIME sign. Extend OID config module format. Allow CRLs to be passed into X509_STORE_CTX. This is useful when the verified structure can contain its own CRLs (such as PKCS#7 signedData). Remove obsolete files. Make {i2v,v2i}_ASN1_BIT_STRING global. Enhance EVP code to generate random symmetric keys of the appropriate form, for example correct DES parity. New function X509_POLICY_NODE_print() Oops forgot CHANGES entry. Don't use C++ reserved word. Add some root CAs. Clear error if unique_subject lookup fails. Reduce chances of issuer and serial number duplication by use of random initial serial numbers. Use X509_get_serialNumber() instead of accessing internals in x509.c New option to 'x509' -next_serial. This outputs the certificate serial number plus 1 to the output file. Its purpose is to allow serial number files to be initialized when random serial numbers are used. Fix leak. Reformat/tidy some of the ASN1 code. More ASN1 reformat/tidy. Make ASN1 code work again... Make self signing option of 'x509' use random serial numbers too. Fixes so alerts are sent properly in s3_pkt.c Add SHA256 and SHA512 algorithms to mkdef.pl. Delete obsolete and unimplemented function. Delete unused function from libeay.num, replace with one that does exist. Reformat pkcs8 source. Stop compiler warnings with debug-steve Don't try to parse non string types. PKCS#8 fixes from stable branch. Delete non-POSIX header file. Delta CRL support in extension code. Add FIPS library name to error routines. Oops, wrong version... Don't ignore return value of EVP_DigestInit_ex() in md BIOs and dgst utility. Call setup_engine after autoconfig. Make ASN1_INTEGER_cmp() work as expected with negative integers. Update FAQ. Stop compiler warnings. New X509_VERIFY_PARAM structure and associated functionality. Reformat smime.c Don't use 'explicit' for variable name. Reformat smime utility. When looking for request extensions in a certificate look first for the PKCS#9 OID then the non standard MS OID. Change values of MBSTRING_* to the form MBSTRING_FLAG|nbyte as assumed in ASN1_STRING_to_UTF8(). Check ASN1_TYPE structure type is a SEQUENCE in PKCS7_get_smimecap(). Don't use C++ reserved work "explicit". Update debug-steve Fix race condition when CRL checking is enabled. Oops! Fix race condition when SSL ciphers are initialized. Update FAQ. Update NEWS Don't return an error with crl -noout. Use the default_md config file value when signing CRLs. Fix x509.c so it creates serial number file again if no serial number is supplied on command line. PR: 969 Submitted by: David Holmes Zap obsolete der_chop script. PR: 938 PR: 923 PR: 940 Initial pod documentation of X509V3 config file format. PR: 910 Update X509v3 docs. Update X509v3 doc. In "req" exit immediately if configuration file is needed and it can't be loaded instead of giving the misleading: Fix memory leak. Typo. Check return code of EVP_CipherInit() in PKCS#12 code. Update docs. Update docs Allow alternative manual sections to be embedded in .pod file comments. Add errstr manual page Typo. Perform partial comparison of different character types in X509_NAME_cmp(). Add couple of OIDs. Resync NIDs for consistency with 0.9.7. V1 certificates that aren't self signed can't be accepted as CAs. Add -passin argument to dgst command. In by_file.c check last error for no start line, not first error. Update year. Add lots of checks for memory allocation failure, error codes to indicate failure and freeing up memory if a failure occurs. Remaing bits of PR:620 relevant to 0.9.8. Use X509_cmp_time() in -checkend option, to support GeneralizedTime. Update 'certs' directory. Move expired certificates to expired directory and zero assurance demontrations CAs to 'demo'. Automatically mark the CRL cached encoding as invalid when some operations are performed. Remove duplicate lines. Fix s_client so it works without a certificate again. Don't use multiple storage types. Remove unused buffer 'buf'. Prompt for passphrases for PKCS12 input format PKCS7_verify() performance optimization. When the content is large and a memory BIO (for example from SMIME_read_PKCS7 and detached data) avoid lots of slow memory copies from the memory BIO by saving the content in a temporary read only memory BIO. In mkdef.pl ignore trailing whitespace in #ifdef lines Fix possible memory leak. Ensure (SSL_RANDOM_BYTES - 4) of pseudo random data is used for server and client random values. Doc fixes. Update FAQ Typo Make kerberos ciphersuite code work with newer header files Move allow_proxy_certs declaration to start of function. Include error library value in C error source files instead of fixing up at runtime. Rebuild error codes. Replace overwritten lines before error codes. More overwritten stuff... Update FAQ. Check return values of _Init functions in low level digest calls. Fix from stable branch. Various Win32 and other fixes for warnings and compilation errors. Update year. Ignore TYPEDEF_OF in mkdef.pl New "algorithm define" OPENSSL_NO_GMP. Update mkdef.pl and Configure script to use it. Stop perl warning. Fix logic in mkdef.pl function is_valid. Handle similar mk1mf.pl options with a hash table. Process MINFO file earlier in mk1mf.pl so it can modify variables like CFLAGS. Stop bogus shadowing warning. Stop compiler warnings about deprecated lvalue casts. Rename typed version of M_ASN1_get M_ASN1_get_x to avoid conflicts. Make kerberos ciphersuite code compile again. Don't use standard kerberos library locations in MK1MF builds. Recognize zlib and krb5 options in mk1mf.pl Oops... False positive removed. Fixes for signed/unsigned warnings and shadows. Remove more false positives. Port from stable branch. Remove more false positives. Port prime utility across from stable branch. More false positives and cases covered by port of prime.c Port from stable branch. Remove more false positives. Stop unused variable warning. Port BN_MONT_CTX_set_locked() from stable branch. Change method_mont_p from (char *) to (BN_MONT_CTX *) and remove several casts. Lots of Win32 fixes for DTLS. Update default dependency flags. Increase offset for BIO_f_enc() to avoid problems with overlapping buffers when decrypting data. Use more efficient way to locate end of an ASN1 structure. Don't attempt to parse nested ASN1 strings by default. Typo. Support for smime-type MIME parameter. Typo. Fix from stable branch. Avoid warnings. Some C compilers produce warnings or compilation errors if an attempt is made to directly cast a function of one type to what it considers and incompatible type. In particular gcc 3.4.2. openssl_fcast should always be defined, not just with DEBUG_SAFESTACK Make -CSP option work again in pkcs12 utility by checking for attribute in EVP_PKEY structure. Make update. Assing check_{cert,crl}_time to 'ok' variable so it returns errors on expiry. Update from 0.9.7-stable. Also repatch and rebuild error codes. Add pss/x931 files. Update from stable branch. Update from 0.9.7-stable. Update CHANGES. Typo. Use correct name for config file env variable. Fix for padding X9.31 padding check and zero padding bytes. Fix extension ordering. Typo. Add Argen root CAs. Sync libeay.num Check PKCS7 structures in PKCS#12 files are of type data. Update from stable branch. Initial print only support for IDP CRL extension. Print out previously unsupported fields in CRLDP by i2r instead of i2v. Typo which prevents mult valued RDNs being created. Allow setting of all fields in CRLDP. Few cosmetic changes to output. Don't use @syntax for extended CRLDP format. Add support for setting IDP too. Add declaration for IDP ASN1 functions. Update ASN1 printing code. Highly experimental, not working properly (neither did the old code) and not compiled in yet... Handle case where it==NULL Allow PKCS7_decrypt() to work if no cert supplied. Initialize SSL_METHOD structures at compile time. This removes the need for locking code. The CRYPTO_LOCK_SSL_METHOD lock is now no longer used. New version of ASN1 print code, still not compiled in though. Remove ASN1_METHOD code replace with new ASN1 alternative. Update from stable branch. Add file which includes new ASN1 NETSCAPE format for certificates. Delete old ASN1_METHOD files. Command line support for RSAPublicKey format. Use correct date and filename. Integrated support for PVK files. Initial support for ASN1 print code. Update ASN1 printing code and add a -print option to 'pkcs7' utility for initial testing. Return 2 from X509_NAME printing routine to add newline. Extend callback function to support print customization. Two new verify flags functions. Update to ASN1 printing code. Update asn1t.h too for ASN1 print. Update ASN1 print implement macro. Update print macro properly this time... Fix for Win32. Change openssl.cnf to use UTF8Strings by default and not always include issuer and serial versions of AKID. 128 bit AES ciphersuites should be classified as HIGH. Update from stable branch. Make OPENSSL_NO_COMP compile again. Fix compilation without OPENSSL_NO_COMP :-) Make OPENSSL_NO_COMP work under Win32. Oops :-) Initialize bignum constants using BN_bin2bn() instead of BN_hex2bn(). This saves a bit of space and avoids a compiler warning about string length. New option SSL_OP_NO_COMP to disable compression. New ctrls to set maximum send fragment size. Allocate I/O buffers accordingly. Avoid warning on Win32. Add PVK support to dsa utility. Include kerberos libraries (if used) when linking test apps: some need it. Update from stable branch. Add symbols for ASN1 print functions, update ordinal file. Make DLL engines the default in 0.9.9 and VC++. Update from stable branch. Update docs. Update from stable branch. Extensive OID code enhancement and fixes. Make CA.pl script use CA extensions when creating a root CA. Typo Include EVP_whirlpool() prototype in evp.h Add error checking to avoid crashing when zlib cannot be loaded. New functions to support opaque EVP_CIPHER_CTX handling. Update ordinals and include changes from 0.9.8. Oops... Make ZLIB without ZLIB_SHARED compiled again. Make mk1mf.pl and friends recognize Whirlpool. Update from stable branch. Update from 0.9.8-stable. Avoid warnings on VC++ 2005. Initial attempt at Whirlpool assembler support on VC++. Don't include zlib header dir if it is not defined. Add cpuid code to VC++ build. In ASN1_parse() show tag value for ASN1 tags > 30. Update from stable branch. Typo. Fix from stable branch. Fixes for BOOL handling: produce errors for invalid string for mini-compiler, correctly encode FALSE for BOOL in ASN1_TYPE. Ignore zero length constructed segments. Recognize mingw in perlasm. Update filenames in makefiles. Update from 0.9.7-stable. Avoid warnings about shadowed definitions. Fix warnings about "sin" conflicting with sin(3) definition. Add FAQ about AKID. Minor clarification. Fix warnings. Fix from stable branch. Tolerate a SEQUENCE in DN components. Print out if an OID value is invalid. Check EVP_DigestInit_ex() return value in EVP_BytesToKey(). Typo. Stop compiler warnings. Initial support for pluggable public key ASN1 support. Process most public key ASN1 handling through a single EVP_PKEY_ASN1_METHOD structure and move the spaghetti algorithm specific code to a single ASN1 module for each algorithm. Transfer parameter handling and key comparison to algorithm methods. DH EVP_PKEY_ASN1_METHOD, doesn't do much (yet?). Gather printing routines into EVP_PKEY_ASN1_METHOD. Move algorithm specific print code from crypto/asn1/t_pkey.c to separate *_prn.c files in each algorithm directory. Make EVP_PKEY_ASN1_METHOD opaque. Add application level functions to initialize it. Initial support for application added public key ASN1. Add information and pem strings. Update dependencies. Fix bug in DSA, EC methods. Typo. Add support for legacy PEM format private keys in EVP_PKEY_ASN1_METHOD. Initial support for generalized public key parameters. New general public key utility 'pkey'. New utility pkeyparam. Enhance and bugfix algorithm specific parameter functions to support it. Typo. Fix bug where freed OIDs could be accessed in EVP_cleanup() by defering freeing in OBJ_cleanup(). Add missing function declaration. Add some GOST OIDs. Fix typo. Fix gost OIDs. Initialize pval. Don't free up key in priv_decode. Add GOST parameter set OIDs. More GOST OIDs Update and add last (?) set of GOST OIDs. Stop warning. New function to retrieve ASN1 info on public key algorithms. New command line option to print out info. Fix dynamic public key method lookup. Add an explicit load_config() call so any added algorithms are visible. Minor object name edit. Typo. Typos in a few OID names. Rebuild mac table to avoid duplicates. Last arg to EVP_PKEY_assign() should be void *. New function to add dynamic alias. Initial definitions and a few functions for EVP_PKEY_METHOD: an extension of the EVP routines to public key algorithms. Updated to EVP_PKEY_METHOD code... still doesn't do much. Initial functions for main EVP_PKEY_METHOD operations. No method implementations yet. Include EVP_PKEY argument in EVP_PKEY_CTX_new(). This avoids the need for a separate EVP_PKEY parameter in the other operation initialization routines. New utility 'pkeyutl' a general purpose version of 'rsautl'. If _init function is zero interpret as noop. Initial functions for RSA EVP_PKEY_METHOD. Implement encrypt/decrypt using RSA. Update dependencies. Reformat pkeyutl.c, add support for verify operation but nothing actually supports it (yet). Fix typo. Add EVP_PKEY_CTX control function for later use by command line utilities. Add RSA ctrl for padding mode, add ctrl support in pkeyutl. Add checking to padding ctrl. Support for digest signing and X931 in rsa_pkey_meth. Bugfix X9.31 padding. Constification. Store digests as EVP_MD instead of a NID. New utility function to reverse a buffer, either by copying or in-place. Implementation of pkey_rsa_verify. Some constification. Change operation values so they can be used as a mask. Beginnings of PSS support. Preliminary PSS support. ctrls to set PSS salt length. Initial keygen support. Add support for setting keybits and public exponent value for pkey RSA keygen. Add parameter generation option to genpkey. Write parameters if -genparam option include. Fix parameter error messages. Initial DSA EVP_PKEY_METHOD. Fixup some error codes. Support for DSA keygen, fix for genpkey. Add file dso_beos.c missing from original commit. Compare parameters when comparing public keys. Extend DH ASN1 method to support public key encode/decode and parameter utilities. PKCS#3 DH PKCS#8 ASN1 support. Fix leak. Extend DH ASN1 method, add DH EVP_PKEY_METHOD. Typo. Change the option setting command line switch to "-pkeyopt" to avoid confusion with algorithm parameters. Add key derivation support. Update dependencies. Complete key derivation support. Add functions to allow setting and adding external EVP_PKEY_METHOD. Print out zero length string properly. Update copyright notices on a few files where all original SSLeay code has been deleted. If cipher list contains a match for an explicit ciphersuite only match that one suite. Oops... Revert to original... Fix from 0.9.7-stable branch. Use more flexible method of determining output length, by setting &outlen value of the passed output buffer is NULL. Provisional support for EC pkey method, supporting ECDH and ECDSA. Fix (most) WIN32 warnings and errors. If we include winsock2.h then FD_SET wants an unsigned type for an fd. Allow public key ASN1 methods to set PKCS#7 SignerInfo structures. Add OID cross reference table. Remove comment from SSLeay days about EVP_PKEY_METHOD. Remove link between digests and signature algorithms. Remove dss1 hack from S/MIME code. Add 'flags' parameter to EVP_PKEY_asn1_meth_new() to set algorithm flags. Correct copyright notice... this doesn't contain any SSLeay code. Add prototypes and pkey accessor function for EVP_PKEY_CTX. Fix usage message for pkeyutl. Don't free up parameter. The public key ASN1 method can do that if it needs to. New function to extract AlgorithmIdentifier for PKCS7_RECIP_INFO. Code tidy. Replace RSA specific PKCS7_RECIP_INFO set up with an public key algorithm ctrl. Fix from stable branch. Update EVP_PKEY_cmp() and X509_check_private() to return sensible values and handle unsupported key types. Update from stable branch. Update FAQ. Update from stable branch. Fix from stable branch. Add support for default public key digest type ctrl. Update S/MIME code to use default digest. Update PKCS#7 enveloped data to new API. Update PKCS#7 decrypt routines to use new API. New functions to get key types without dereferncing EVP_PKEY. Update 'req' command to use new keygen API. Typo. Stop warnings about deprecated -mcpu option. In interactive mode only config OpenSSL once. Typo. Check for deprecated private key types before PKCS#8 types. Extend PBE code to support non default PKCS#5 v2.0 PRFs. Add feature to PKCS12_create() if the encryption NID corresponds to a supported encryption algorithm instead of a PBE NID then use that algorithm with PBES2. Correctly handle missing DSA parameters. Bugfix: the NONE string for PBE algorithms wasn't working. Update old **EVIL** PEM_X509_INFO_read_bio() function to correctly assign private keys. Change builting PBE to use static table. Add entries for HMAC and MD5, GOST. Add PRF preference ctrl to ciphers. Gather keygen options in req and only use them after all other options have been processed. This allows any ENGINE changing operations to be processed first (for example a config file). HMAC OIDs from RFC4231. Oops... Extended PBES2 function supporting application supplied IV and PRF NID. Tidy up of S/MIME code and add new functions which will make is easier to create S/MIME signed data with multiple signers. PKCS#12 mac key length should equal digest length. Don't try to print PBE information if it can't be decoded. New option to pkcs12 utility to set alternative MAC digest algorithm. Reformat smime.c utility. Multiple signer support in smime application. Remove old digest type hacks for non RSA keys. More S/MIME tidy. Place some common attribute operations in utility functions. make update Typo. Code tidy. Add -resign and -md options to smime command to support resigning an existing structure and using alternative digest for signing. Add ctrl to EVP_MD and EVP_PKEY_CTX to EVP_MD_CTX. These will be used for enhanced sign/verify operations. Fix smime -pk7out. Use size_t for new crypto size parameters. Fix warnings. New functions for enchanced digest sign/verify. New function to dup EVP_PKEY_CTX. This will be needed to make new signing functions and EVP_MD_CTX_copy work properly. Update EVP_MD_CTX_copy_ex() to use EVP_PKEY_CTX_dup(). Add prototypes, update Win32 ordinals. Allow any supported cipher to be used with smime -encrypt. Update pkeyutl to use size_t for pkey functions. Fix warnings. Flush p7bio when all data has been copied. Install openssl.cnf to OPENSSLDIR in mk1mf.pl New pkey functions for keygen callbacks and retrieving operation type. Add engine table for EVP_PKEY_METHOD. Doesn't do much yet. Add missing prototype. Extend engine utility to print public key algorithms. Fix error code. make update Add ENGINE support for EVP_PKEY_METHOD including lookups of ENGINE implementations and functional reference counting when a context is allocated, free or copied. Typo. Extend default method string to include public key methods. Automatically free up dynamically allocated public key methods when and ENGINE is destroyed. Initial public key ASN1 method engine support. Not integrated yet. Make update. Complete EVP_PKEY_ASN1_METHOD ENGINE support. Clarify comment and add #ifdef. Add AES and GOST S/MIME capabilities if algorithms are supported. Output MIME parameter micalg according to RFC3851 and RFC4490 instead of hard coding it to "sha1". Fix EVP_PKEY_CTX_dup() to return correct value and handle NULL keys in the source. Make return value from EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() consistent. dsa_pub_cmp() doesn't need to check parameters because that is done in EVP_PKEY_cmp(). Add documentation for new smime options. Docs for new utilities. Initial docs for pkeyutl. Typo. Update docs with algorithm options. Add some EVP_PKEY_METHOD docs. Update docs. New docs. EVP_PKEY_verify() docs. Add some examples. EVP_PKEY_derive() docs. Keygen docs. New functions to enumerate digests and ciphers. Update docs. EVP_PKEY_CTX_ctrl() docs. EVP_PKEY_get_default_digest() manual page. Public key comparison and printing routine functions. Set detached flag in PKCS7 structure earlier to avoid eating up memory. New functions to add and free up application defined signature OIDs. Allow digests to supply S/MIME micalg values from a ctrl. make update Update some usage messages. Add docs for pkeyparam. Update some existing docs. New docs for EVP_Digest{Sign,Verify}*() function. Update existing docs. Typo. Bugfix: don't look in internal table for signature if found in application supplied list. In genpkey, also look for algorithm string name in any supplied ENGINE. There is should be no need to rewind the input stream any more. New non-blocking OCSP functionality. Add -timeout option to ocsp utility. Fix various error codes to match functions. Update .cvsignore Update .cvsignore again. WIN32 fixes signed/unsigned issues and slightly socket semantics. Store canonical encodings of Name structures. Update X509_NAME_cmp() to use them. Use correct pointer types for various functions. Avoid warnings. Avoid WIN32 warning. Avoid warning. Cache some CRL related extensions. Support for multiple CRLs with same issuer name in X509_STORE. Modify verify logic to try to use an unexpired CRL if possible. Fix leak Fix C++ style comments, change assert to OPENSSL_assert, stop warning with pedantic mode. Kill more C++ comments. Add an FAQ. Additional detail. Add verify callback functions to lookup a STACK of matching certs or CRLs based on subject name. Fixes for new CRL/cert callbacks. Update CRL processing code to use new callbacks. Update docs. Support for AKID in CRLs and partial support for IDP. Overhaul of CRL handling to support this. GOST public key algorithm ENGINE donated to the OpenSSL by Cryptocom. Overhaul of by_dir code to handle dynamic loading of CRLs. Tidy up CRL handling by checking for critical extensions when it is loaded. Add new function X509_CRL_get0_by_serial() to lookup a revoked entry to avoid the need to access the structure directly. Do CRL method init after other operations. Updated version of gost engine. Compile in gost engine. Make int_rsa_sign function match prototype. Add missing prototype. Fix various warnings (C++ comments, ; outside function). Updated file. Update length if copying MSB set in asn1_string_canon(). Using correct lock for X509_REQ. Buffer size handling fix for enc. Submitted by: Brad Spencer Reviewed by: steve Initialize new callbacks and make sure hent is always initialized. Place standard CRL behaviour in default X509_CRL_METHOD new functions to create, free and set default CRL method. Typo. Initialize old_priv_encode, old_priv_decode. Add documentetion for noCheck extension and add a few cross references to the extension documentation. Add v3 ref to see also sections. Typo. Fix link for ASN1_generate_nconf Typo. Don't add the TS EKU by default in openssl.cnf because it then makes certificates genereated by ca, CA.pl etc useless for anything else. Avoid shadow warning. Make TSA tests use the noprompt mode of utilities rather than piping the result into interative utilities. OCSP library tidy. Use extension to encode OCSP extensions instead of doing it manually. Make OCSP_CERTID_dup() a real function instead of a macro. Don't assume requestorName is present for signed requests. ASN1 OCSP module fix: certs field is OPTIONAL. Initial, incomplete support for typesafe macros without using function casts. Remove redundant PREDECLARE statement. Remove illegal IMPLEMENT macros from header file. Update ordinals. Update from 0.9.8 stable. Eliminate duplicate error codes. Add .cvsignore Win32 fixes from stable branch. Update dependencies. Import ordinals from 0.9.8 and update. Fix default dependency flags. Fix change to OPENSSL_NO_RFC3779 Sync OID NIDs with OpenSSL 0.9.8. Update from 0.9.7-stable branch. Experimental streaming PKCS#7 support. Add bit I missed from PKCS#7 streaming encoder. Add AOL an AOLTW root CAs to bundle. Constify version strings and some structures. Constify version strings is ssl lib. Update from 0.9.7-stable. Update from fips2 branch. Add -hmac option to dgst from 0.9.7 stable branch. PR: 1483 Updates from 0.9.8-stable branch. Update from 0.9.7-stable. Update FAQ,NEWS in HEAD. Update from stable branch. Fix from stable branch. Win32 fixes. Add GOST algorithm to mkdef, update ordinals. Signed/unsigned fixes. Stage 1 GOST ciphersuite support. New -sigopt option for dgst utility. Preliminary support for signctx/verifyctx callbacks. Fix digest signing so digest type is set after init. Fix from stable branch. Don't ignore config_name parameter passed to OPENSSL_config(). Use "openssl_conf" in config file if config_name variable is missing. Constification. Experimental HMAC support via EVP_PKEY_METHOD. Update CHANGES. New -mac and -macopt options to dgst utility. Reimplement -hmac option in terms of new API. Copy update callback across when copying EVP_MD_CTX. Update smime utility to support streaming for -encrypt and -sign -nodetach options. Add new streaming i2d (though strictly speaking it is BER format when streaming) and PEM functions. Update docs. Update docs. Oops... d2i_PKCS7_bio_stream() docs. Typo. More docs for streaming functions. PKCS7_sign_add_signer() docs. Don't finalize signerinfo if reuse and partial both set. Flush b64 BIO. Add a bunch of S/MIME sample programs and data. Sample text files for S/MIME test programs. New function ASN1_STRING_copy() to copy to an already alloacted ASN1_STRING structure. More useful ASN1 macros for static allocation functions. Tidy up docs, remove warning. Improve error detection when streaming S/MIME. Document streaming options. Change C++ style comments. New function EVP_PKEY_asn1_copy(). Use default MD if type param is NULL. Fix error code name. PR: 1516 Use EVP_DigestVerify() in dgst.c if verifying. Use default md if none specified in dgst utility. Prepend signature name in dgst output. Set len to buffer size. Add .cvsignore to seed dir. Initial GOST MAC support. Not fully working yet... Updated GOST MAC support. Fix warning and back out bad modification. Fixes for dgst tool. Initialize md_name, sig_name properly. Return error code on failure. Keep output format consistent with previous versions. Typo. Revert broken change to ccgost. Fix X509_REQ_print_ex() to process extension options. Update ordinals. Fix for GOST engine on platforms where sizeof(size_t) != sizeof(int). Handle NULL parameter in some EVP utility functions. Update ssl library to support EVP_PKEY MAC API. Include generic MAC support. Avoid use of function pointer casts in pem library. Modify safestack to always use inline functions. Back out safestack.h change for now: seems to break some things. Finish gcc 4.2 changes. Remove unnecessary casts and avoid some warnings with gcc 4.2. WIN32 fixes. Make ordinals consistent with OpenSSL 0.9.8 Update .cvsignore Update from stable branch. WIN32 VC++ build fixes. Update debug-steve RFC4507 (including RFC4507bis) TLS stateless session resumption support for OpenSSL. Remove debugging fprintfs, fix typo. Fix warnings. Typo. Fix warning and make no-tlsext work. OPENSSL_NO_TLS1 WIN32 build support. Fix so normal build works again. Fix for asm/no-asm on WIN32. Use SHA256 for ticket HMAC if possible. Docs and usage messages for RFC4507bis support. Add usage message for -sess_out, -sess_in Document ticket disabling option. Update from stable branch. Add Google sponsorship note. Add ctrls to set and get RFC4507bis keys to enable several contexts to reuse the same tickets. Check return code when attempting to receive new session ticket message. Update ssl code to support digests other than MD5+SHA1 in handshake. Fix warnings: computed value not use, incompatible pointer initialization and cast from pointer to int of different size (linux-x86_64 and align). Change safestack reimplementation to match 0.9.8. Fix another warning. Fix warning: print format option not compatible with size_t. Handle empty case in X509_NAME canonical encoding. Update from stable branch. Update from stable branch. Use accept flag for new session ticket write. Support for certificate status TLS extension. Typo. Move no status notification to ssl_check_serverhello_tlsext() to ensure no status is notified even if no server extensions are present. Off by one fix from stable branch. Fix from fips branch. Update CHANGES. Keep ordinals consistent. Fix from stable branch. Don't lookup zero length session ID. PR: 1591 Fix from stable branch. 1. Changes for s_client.c to make it return non-zero exit code in case of handshake failure GOST ENGINE information. Fix duplicate error codes. Fix from stable branch. Rebuild object cross reference table. Submitted by: "Victor B. Wagner" Update debug-steve targets. Avoid warning. Submitted by: "Victor B. Wagner" Lookup public key ASN1 methods by string by iterating through all implementations instead of all added ENGINEs to cover case where an ENGINE is not added. Add caRepository OID and sync object NIDs with OpenSSL 0.9.8. Fix from stable branch. Rebuild OID database: duplicates got in there somehow?? Submitted by: Victor B. Wagner , steve Handle non-SHA1 digests for certids in OCSP test responder. Initialize sigsize. Update ordinals Avoid aliasing warning. Add quotes to Win32 install directories. Submitted by: Mladen Turk Netware support. Submitted by: Guenter Knauf Move CHANGES entry. Revert include file install line. Avoid WIN32 signed/unsigned warnings. Update WIN32 nasm build to use new asm files. Update netware to use new SHA2 assembly language modules. Add sha2 defines. Add extra SHA2 defines. Include Mont asm files in WIN32 build. Update perl asm scripts include paths for perlasm. Experimental support for import of more options from Configure (via top level Makefile) into mk1mf builds. This avoids the need to duplicate the CFLAG handling and can auto build assembly language source files from perl scripts. does not exist under WIN32. Clarify BITLIST format and include an example. Clarify FAQ. Add Global Sign root CA. Support custom primitive type printing routines and add one to LONG type. Extend attribute setting routines to support non-string types. Utility attribute function to retrieve attribute data from an expected type. Useful for many attributes which are single valued and can only have one type. Typo. Add OIDs for compressedData content type and zlib compression. Use default value for $dir if it is empty. Clarification and fix typo. Fix typo and avoid warning. Fix error code function name mismatches in GOST engine, rebuild errors. Avoid warnings. We already have an object for "zlib compression" but it was a place holder and its actual encoding never used. #undef X509_EXTENSIONS to avoid conflict with CryptoAPI. Update year. And so it begins... Free up additional data in RecipientInfo structure .cvignore file for cms RFC4134 S/MIME examples test script. Only call free once in CHOICE type. New utility functions for encryptedData content type which will also be used by envelopedData. Encrypted Data type processing. Add options to cms utility and run section 7 tests in RFC4134. Reorganise encrypted content info code to avoid duplication and be more consistent with other content types. Typos. Delete temp files. Initial support for Encrypted Data type generation. Return error if no cipher set for encrypted data type. Check for cipher BIO errors and set key length after parameter decode. Initial support for enveloped data decrypt. Extent runex.pl to cover these examples. All RFC4134 examples can not be processed. Initial support for enveloped data decrypt. Extent runex.pl to cover these examples. All RFC4134 examples can now be processed. Add support for random key generation: this will be needed by enveloped data. Extend runex.pl to extract examples directly from RFC text. Don't need to check for examples directory any more. Remove deleted function from header file, update mkfiles.pl Adapt to diffrent OpenSSL utility locations. Fix some warnings. Preliminary support for enveloped data content type creation. Partial support for KEKRecipientInfo type. More support for KEK RecipientInfo. Various tidies/fixes: Add extensive PCKS7 and CMS consistency test script. Fixes for S/MIME consistency checker and flexibility enhancements. Uninitialized variable bug fix. Add enveloped data keyid test. Delete tmp files, silence openssl commands, compare extracted content. Delete standard out and err temp files too. Make 3DES default cipher in cms utility. Add support for KEKRecipientInfo in cms application. Additional sanity check. Produce meaningful error if sanity check fails. Add support for KEK decrypt in cms utility. Rebuild CMS error codes. Allow alternate eContentType oids to be set in cms utility. Preliminary documentation for CMS utility. Update dependencies. Fix duplicate asn1 ctrl values. Add support for CMS structure printing in cms utility. Add signed receipt ASN1 structures. Initial GENERAL_NAME utility functions. Signed Receipt Request utility functions and option on CMS utility to print out receipt requests. Add support for signed receipt request printout and generation. Support for verification of signed receipts. Signed receipt generation code. Update docs. Remove unnecessary header. Update dependencies. Use correct headers for signed receipts. Use consistent naming. Fix macro. Fix it properly this time.... Add signed receipt tests. Avoid warnings. Since OID NIDs with 0.9.8. Update CHANGES. Update CHANGES. Rename runex.pl to cms-examples.pl Make mk1mf.pl recognize no-cms. Delete nonexistant function from pkcs7.h header file. WIN32 build fix from stable branch. Sync and update ordinals. Give consistent return value and add error code for duplicate certificates. Fix typo and add header files to err library. Set contentType attribute just before signing to allow encapsulated content type to be set at any time in applications. Implement CMS_NOCRL. Initial CMS API documentation. Correct d2i/i2d typos. Fix various typos, update SMIMECapabilities description. More CMS API documentation. Add CMS_compress() docs. Add CMS_uncompress manual page. Update docs. Correct references to smime in cms app. Signed receipt request function documentation. Spellcheck CMS docs. Add CMS signed receipt genration and verification docs. Ignore nonsensical flags for signed receipts. Add additional parameter to CMS_final() to handle detached content. Add docs for CMS_final() and BIO_new_CMS(). Typo. Correct HISTORY reference. Reformat, fix typos and clarify CMS API docs. PKCS#7 examples converted to CMS. Fix for compression and updated CMS_final(). CMS compressed data examples. Make CMS_uncompress() argument order consistent with other functions. Fix comments. Revert argument swap change... oops CMS_uncompress() was consistent... Fix prototype for CMS_decrypt(), don't free up detached content. Correct argument order for CMS_decrypt() in docs. Detached encrypt/decrypt example, fix decrypt sample. Make certs argument work in CMS_sign() add test case. PR:1664 Disable debugging fprintf. Don't send zero length session ID if stateless session resupmtion is successful. Check be seeing if there is a cache hit. Update from stable branch. Update from stable branch. Oops! Update from stable branch. Update from stable branch. Use "cont" consistently in cms-examples.pl Typo. Indicate support for digest init ctrl. New function CMS_add1_crl(). Add missing cast. Fix from stable branch. Fix two invalid memory reads in RSA OAEP mode. Submitted by: Ivan Nestlerode Reviewed by: steve Fix from stable branch. Update from stable branch. Update ordinals. Typo. Typo. C++ style comments fixed. Avoid warning about empty structures and always define CHECKED_PTR_OF Avoid "duplicate const" warnings. Fix from stable branch. Stop const mismatch warning in VC++. Stop warning about extra ';' outside of function. Stop const mismatch warning. Recognize LHASH_OF(). Add CryptoAPI ENGINE from stable branch. Add CryptoAPI error file too. More CryptoAPI engine code from stable branch. Update VC-32.pl and load CryptoAPI engine in the right place. Update from stable branch. Update from stable branch. Add support for ENGINE supplied SSL client auth. Update error codes, move typedef of SSL, SSL_CTX to ossl_typ.h Add client cert engine to SSL routines. Update error codes. Allow ENGINE client cert callback to specify a set of other certs, for the rest of the certificate chain. Currently unused. Release engine reference when calling SSL_CTX_free(). Get and note keyspec when signing. Use keyspec for DSA too. Add ctrl for alternative certificate store names. Free old store name (if any). Avoid cast with wrapper function. Revert, doesn't fix warning :-( Avoid case in ca.c fix. Fix indentation. #undef OCSP_RESPONSE: CryptoAPI uses this too. Windows batch file to rebuild error codes for CryptoAPI ENGINE. Update year. Prevent signed/unsigned warning on VC++ Add preliminary SSL client auth callback to CryptoAPI ENGINE. Add support for client cert engine setting in s_client app. Add appropriate #ifdefs round client cert functions in headers. Match empty CA list to anything for ssl client auth in CryptoAPI engine. Add initial support for multiple SSL client certifcate selection in CryptoAPI ENGINE. Avoid name clash. Remove store from Windows build. Update ordinals. Make DSO WIN32 compile again. Tidy up and add comments to selection code. Remove old non-safestack code. Add support for Windoes dialog box based certificate selection. Use an appropriate Window for selection dialog. Compilation option to use a specific ssl client auth engine automatically. Remove test fprintf. Update from stable branch. Link in extra CryptoAPI related libraries if needed. Sync ordinals with stable branch. Update from stable branch. Update from stable branch. Update CHANGES. Update from stable branch. Don't change _WIN32_WINNT and detect GetConsoleWindow() and CryptUIDlgSelectCertificateFromStore() at runtime. Add callback function for selection mechanism. Remove uidlg library from VC-32.pl, it is now bound at runtime. Fix memory leak. The canonical X509_NAME_ENTRY STACK is reallocated rather than referencing existing X509_NAME_ENTRY structures so needs to be completely freed. Sync ordinals. Add acknowledgement. Update from stable branch. Update from stable branch. Update from stable branch. Fix from stable branch. Update ordinals. Update from stable branch. Update from stable branch. Avoid warnings with -pedantic, specifically: X509 verification fixes. We support inhibit any policy extension, add to table. Zero is a valid value for any_skip and map_skip Policy validation fixes. Initial support for alternative CRL issuing certificates. Make explicit_policy handling match expected RFC3280 behaviour. Add support for nameRelativeToCRLIssuer field in distribution point name fields. Correctly handle errors in CMS I/O code. Initial support for name constraints certificate extension. Support for policy mappings extension. Initial code to support distinct certificate and CRL signing keys where the CRL issuer is not part of the main path. Initial support for CRL path validation. This supports distinct certificate and CRL signing keys. Support for certificateIssuer CRL entry extension. Initial indirect CRL support. Add support for freshest CRL extension. Add support for CRLs partitioned by reason code. Initial support for delta CRLs. If "use deltas" flag is set attempt to find a delta CRL in addition to a full CRL. Check and search delta in addition to the base. Perl script to run and verify OpenSSL against PKITS RFC3280 compliance test suite. Make no-tlsext compile. Do not discard cached handshake records during resumed sessions: they are used for mac computation. Fix from stable branch. Add SSL_FIPS flag for FIPS 140-2 approved ciphersuites and add a new strength "FIPS" to represent all FIPS approved ciphersuites without NULL encryption. Update FAQ. Add missing CHANGES entry. Experimental new date handling routines. These fix issues with X509_time_adj() and should avoid any OS date limitations such as the year 2038 bug. Add missing lock definitions. Add missing lock definitions... Ooops... remove code accidentally commited from FIPS version. Fix multiple ; warning. Fix Warning... Fix a shed load or warnings: Reinstate obj_xref.h as it is not auto generated on all platforms. Create function of the form OBJ_bsearch_xxx() in bsearch typesafe macros with the appropriate parameters which calls OBJ_bsearch(). A compiler will typically inline this. Add permanentIdentifier OID. Add support for -crlnumber option in crl utility. Fix warnings and various issues. Win32 fixes... add new directory to build system. Fix warnings. Add install target to crypto/jpake/Makefile Fix warnings about mismatched prototypes, undefined size_t and value computed not used. Fix warnings: printf format mismatches on 64 bit platforms. Change assert to OPENSSL_assert(). Fix e_padlock prototype. Update HMAC functions to return an error where relevant. Fix prototypes. Use stddef.h to pick up size_t def. Fix prototypes. Not sure about this one... seems to be needed to make 64 bit release builds work properly... Don't use clobbered 'i' for checking UTCTime and GeneralizedTime length. Update obsolete email address... PR: 1777 Submitted by: "Alon Bar-Lev" Approved by: steve at openssl.org Make -DKSSL_DEBUG work again. Update from stable branch. Update from stable branch. Tolerate -----BEGIN PKCS #7 SIGNED DATA----- header lines as used by some implementations. Reinstate camellia header fix patch. Update from stable branch. Revert another size_t change. mk1mf.pl update from stable branch. Oops... PR: 1574 Submitted by: Jouni Malinen Approved by: steve at openssl.org Don't disable JPAKE by default in head... Set memory BIOs up properly when stripping text headers from S/MIME messages. Update from stable-branch. Stop warning about different const qualifiers. Update libeay.num Update from stable branch. Don't stop -cipher from working. Handle case where v6stat.zero_pos == 0 correctly. Oops should check zero_pos >= 0. Fix from stable branch. Make no-engine work again. Update steve-debug* options. Add standard .cvsignore file. Update FAQ. Updatde from stable branch. Add a set of standard gcc warning options which are designed to be the minimum requirement for committed code. Added to debug-steve* config targets for now. Fix sign-compare warnings. Fix missing prototype warnings then fix different prototype warnings ;-) Fix warnings properly this time ;-) Add CRYPTO_MDEBUG_ABORT to abort() is there are any memory leaks. This will cause "make test" failures and make resource leaks more obvious. Make PKCS#8 the standard write format for private keys, replacing the ancient SSLeay format. Update certificate hash line format to handle canonical format and avoid MD5 dependency. Typo: just copy across an unknown type. Update from stable branch. Print out UTF8 and NumericString types in ASN1 parsing utility. Just to be awkward Ubuntu 8.10 doesn't like _XOPEN_SOURCE_EXTENDED... Submitted by: Peter Sylvester Reviewed by: steve Add error checking to obj_xref.pl and add command line support for data file locations. Avoid leaks in pkcs8 app, tidy code up. Return correct exit code. PR: 1835 Submitted by: Damien Miller Approved by: steve at openssl.org Make no-engine work again. Stop warning about use of *printf() without a format. PR: 1843 Use correct array size for SHA1 hash. Submitted by: "Victor B. Wagner" Reviewed by: steve at openssl.org PR: 1778 Submitted by: "Victor B. Wagner" Approved by: steve Update from stable branch. Typo. Update from stable branch. Update from stable branch. Update from stable branch. PR: 1854 Submitted by: Oliver Martin Reviewed by: steve at openssl.org Update from stable branch. PR: 1862 Submitted by: Victor Duchovni Reviewed by: steve at openssl.org Update from stable branch. PR: 1864 Submitted by: Ger Hobbelt Reviewed by: steve at openssl.org Update from stable branch. Fix from stable branch. Use correct ctx name. Use OPENSSL_assert() instead of assert. Submitted by: "Victor B. Wagner" Reviewed by: steve at openssl.org Submitted by: Victor B. Wagner Reviewed by: steve at openssl.org Typo in usage message. Update from stable branch. Update from stable branch. Update from stable branch. Update FAQ. Update CHANGES. Update from stable branch. Fix typo in CHANGES. Update NEWS file. Nothing to see here... move along.... Allow use of algorithm and cipher names for dgsts and enc utilities instead of having to manually include each one. Update STATUS and NEWS. HEAD is now 1.1.0 The 1.0.0 branch is now OpenSSL_1_0_0-stable Stop warnings. Update from 0.9.8-stable Ooops reverse previous patch. Fix from 1.0.0-stable Update from 1.0.0-stable Update from 1.0.0-stable. Merge from 1.0.0-stable branch. Update version info. Updates from 1.0.0-stable Updates from 1.0.0-stable Update from 1.0.0-stable Update from 0.9.8-stable. Changes from 1.0.0-stable. Update from 1.0.0-stable Updates from 1.0.0-stable. Updates from 1.0.0-stable branch. Merge from 1.0.0-stable branch. Update from 1.0.0-stable. Update from 1.0.0-stable. Typo. Updates from 1.0.0 stable branch. Fix from 1.0.0-stable. Update from 1.0.0-stable branch. Typo. Typo. Update from stable branch. Update from 1.0.0-stable. Update from stable branch. Update from 1.0.0-stable. Update from 1.0.0-stable. PR: 1929 Submitted by: Robin Seggelmann Approved by: steve at openssl.org Update from 1.0.0 stable branch. Update from 1.0.0-stable. Update from 1.0.0-stable Fix from 1.0.0-stable. Update from 1.0.0-stable. Update from 1.0.0-stable. Update from 1.0.0-stable. Add CHANGES entries from 0.9.8-stable. Update from 1.0.0-stable. Sync ordinals from 1.0.0-stable Update from 1.0.0-stable Update from 0.9.8-stable. Add ignored FIPS options to evp.h change clashing flag value. Update from 1.0.0-stable. Update from 1.0.0-stable. Oops, update CHANGES entry. PR: 1945 Submitted by: Guenter Approved by: steve at openssl.org PR: 1938 Submitted by: Mark Phalan Reviewed by: steve at openssl.org PR: 1946 Submitted by: Guenter Reviewed by: steve at openssl.org Update from 1.0.0-stable. Updates from 1.0.0-stable PR: 1952 Submitted by: Robin Seggelmann Reviewed by: steve at openssl.org Update from 1.0.0-stable. Fix error codes. Update from 0.9.8-stable. Submitted by: Artem Chuprina Reviewed by: steve at openssl.org PR: 1946 Submitted by: Guenter Approved by: steve at openssl.org Submitted by: Peter Gutmann Approved by: steve at openssl.org PR: 1956 Submitted by: Guenter Approved by: steve at openssl.org PR: 1958 Submitted by: Sean Boudreau Approved by: steve at openssl.org Update from 1.0.0-stable. Rename asc2uni and uni2asc functions to avoid clashes. Add beos as a supported DSO scheme. Initialize outlen. Update FAQ with note about online docs. Update from 1.0.0-stable Stop warnings in gcc where "a" is const passed as a non-const argument. Update from 1.0.0-stable. Update from 0.9.8-stable. Fix from 0.9.8-stable. Update from 0.9.8-stable. Allow setting of verify depth in verify parameters (as opposed to the depth implemented using the verify callback). Update from 1.0.0-stable Update from 1.0.0-stable. Update from 1.0.0-stable. Updates from 1.0.0-stable Use common verify parameters instead of the small ad-hoc subset in s_client, s_server. Typo. Update from 0.9.8-stable Update from 1.0.0-stable Update from 1.0.0-stable Update from 1.0.0-stable Update from 1.0.0-stable Update from 1.0.0-stable Update from 1.0.0-stable. Upadte from 1.0.0-stable PR: 1981 Submitted by: Robin Seggelmann Approved by: steve at openssl.org Fix warnings. Delete MD2 from algorithm tables as in 0.9.8-stable. However since this is a new branch we can also disable it by default. Make update. Update from 1.0.0-stable. PR: 1624 Submitted by: "Simon L. Nielsen" Obtained from: steve at openssl.org Update from 0.9.8-stable Use new time routines to avoid possible overflow. Update from 1.0.0-stable. Document MD2 deprecation. Updates from 1.0.0-stable. Updates from 1.0.0-stable Update from 1.0.0-stable. Updates from 1.0.0-stable Use correct extension and OSX detection. Update from 0.9.8-stable Update from 0.9.8-stable Update from 0.9.8-stable. Fix from 0.9.8-stable PR: 1993 Document removal of digest+signature algorithm link. PR: 1990 New debug targets from 1.0.0-stable Fix typos. Remove MD2 test from WIN32 as we don't compile it in by default any more. Update from 0.9.8-stable. Update from 1.0.0-stable Update from 1.0.0-stable. PR: 2001 Submitted by: Tomas Mraz Approved by: steve at openssl.org Update from 1.0.0-stable. Oops! PR: 2002 Submitted by: Tomas Mraz Obtained from: steve at openssl.org Reject leading 0x80 in OID subidentifiers. Fix error code. Add COMP error strings. PR: 2003 Make it possible to install OpenSSL in directories with name other than "lib" for example "lib64". Based on patch from Jeremy Utley. PR: 2004 Submitted by: Peter Sylvester Approved by: steve at openssl.org PR: 1999 Submitted by: "Bayram Kurumahmut" Approved by: steve at openssl.org Typo PR: 1997 Submitted by: Robin Seggelmann Approved by: steve at openssl.org Update README with bug report and contribution details. Enable mdc2 support by default as the patent has now expired. Update default dependency flags. Make error name discrepancies a fatal error. Fix error codes. make update Use SHA1 and not deprecated MD5 in demos. Stop unused variable warning on WIN32 et al. PR: 2015 Submitted by: Robin Seggelmann Approved by: steve at openssl.org PR: 2006 Submitted by: Robin Seggelmann Approved by: steve at openssl.org PR: 2005 Submitted by: steve at openssl.org Missing break. Tidy up and fix verify callbacks to avoid structure dereference, use of obsolete functions and enhance to handle new conditions such as policy printing. PR: 2022 Submitted by: Robin Seggelmann Approved by: steve at openssl.org PR: 2009 Submitted by: "Alexei Khlebnikov" Approved by: steve at openssl.org PR: 2013 Submitted by: steve at openssl.org PR: 2029 Submitted by: Tomas Mraz Checked by: steve at openssl.org PR: 2020 Submitted by: Keith Beckman , Tomas Mraz Checked by: steve at openssl.org Oops, s can be NULL Correction: salt is now default PR: 2028 Submitted by: Robin Seggelmann Approved by: steve at openssl.org PR: 1644 Submitted by: steve at openssl.org Make update, deleting bogus DTLS error code Typo presumably.... PR: 2031 Submitted by: steve at openssl.org Seed PRNG with DSA and ECDSA digests for additional protection against possible PRNG state duplication. Add new option --strict-warnings to Configure script. This is used to add in devteam warnings into other configurations. PR: 2033 Submitted by: Robin Seggelmann Approved by: steve at openssl.org PR: 2038 Submitted by: Artem Chuprina Approved by: steve at openssl.org PR: 1411 Submitted by: steve at openssl.org PR: 2025 Submitted by: Tomas Mraz Approved by: steve at openssl.org PR: 2023 Submitted by: James Beckett , steve Approved by: steve at openssl.org Submitted by: Julia Lawall PR: 2039 Submitted by: Robin Seggelmann Approved by: steve at openssl.org PR: 2048 Submitted by: john blair Approved by: steve at openssl.org add version info for VC-WIN64I too Don't use __try+__except unless on VC++ Ooops, missing close quote PR: 2047 Submitted by: David Lee , steve at openssl.org Approved by: steve at openssl.org PR: 2050 Submitted by: Michael Tuexen Approved by: steve at openssl.org Add attribute to check if return value of certain functions is incorrectly ignored. Add DEBUG_UNUSED to debug-steve* entries Add more return value checking attributes to evp.h and hmac.h Audit libcrypto for unchecked return values: fix all cases enountered Fixup sureware ENGINE to handle new RAND_METHOD Free SSL_CTX after BIO PR: 2064, 728 Submitted by: steve at openssl.org Change version from 0.9.9 to 1.0.0 in docs PR: 2058 Submitted by: Julia Lawall Approved by: steve at openssl.org PR: 2057 Submitted by: Julia Lawall Approved by: steve at openssl.org PR: 2063 Submitted by: Julia Lawall Approved by: steve at openssl.org PR: 2054 Submitted by: Julia Lawall Approved by: steve at openssl.org PR: 2055 Submitted by: Julia Lawall Approved by: steve at openssl.org PR: 2056 Submitted by: Julia Lawall Approved by: steve at openssl.org PR: 2059 Submitted by: Julia Lawall Approved by: steve at openssl.org PR: 2062 Submitted by: Julia Lawall Approved by: steve at openssl.org PR: 2061 Submitted by: Julia Lawall Approved by: steve at openssl.org Yes it is a typo ;-) Typo. Prevent aliasing warning Prevent ignored return value warning Fix warnings about ignoring fgets return value Fix unitialized warnings Allow cross compilation prefix to come from CROSS_COMPILE environment variable Allow uname values to be overridden by the environment Rename CROSS_COMPILE_PREFIX to CROSS_COMPILE PR: 2066 Submitted by: Guenter Approved by: steve at openssl.org Revert extra changes from previous commit. PR: 1847 Submitted by: Tomas Mraz Approved by: steve at openssl.org PR: 2069 Submitted by: Michael Tuexen Approved by: steve at openssl.org Update ordinals. Fix for WIN32 and possibly other platforms which don't define in_port_t. Fixes to CROSS_COMPILE, don't override command line option from environment PR: 2073 Submitted by: Tomas Mraz Approved by: steve at openssl.org PR: 2072 Submitted by: Tomas Mraz Approved by: steve at openssl.org PR: 2074 Submitted by: Bram Neijt Approved by: steve at openssl.org Manual page for X509_verify_cert() Typo. More X509 verification docs. Add docs for X509_STORE_CTX_new() and related functions. Preliminary documentation for X509_VERIFY_PARAM. Clarification. Add "missing" function X509_STORE_set_verify_cb(). Verification callback functions. Document more error codes. take install prefix from the environment Use new X509_STORE_set_verify_cb function instead of old macro. make update PR: 2070 Submitted by: Alexander Nikitovskiy Approved by: steve at openssl.org Need to check <= 0 here. If not checking all certificates don't attempt to find a CRL for the leaf certificate of a CRL path. Add an FAQ. Clarification PR: 2078 Submitted by: Dale Anderson Approved by: steve at openssl.org PR: 2080 Submitted by: Mike Frysinger Approved by: steve at openssl.org PR: 2081 Submitted by: Mike Frysinger Approved by: steve at openssl.org Don't replace whole AR line Add -no_cache option to s_server PR: 2085 Submitted by: Mike Frysinger Approved by: steve at openssl.org oops! Don't attempt session resumption if no ticket is present and session ID length is zero. Fix statless session resumption so it can coexist with SNI Move CHANGES entry to 0.9.8l section Generate stateless session ID just after the ticket is received instead of when a session is loaded. This will mean that applications that just hold onto SSL_SESSION structures and never call d2i_SSL_SESSION() will still work. Add option to allow in-band CRL loading in verify utility. Add function load_crls and tidy up load_certs. Remove useless purpose variable from verify utility: now done with args_verify. Add missing functions to allow access to newer X509_STORE_CTX status information. Add more informative message to verify callback to indicate when CRL path validation is taking place. PR: 2089 Submitted by: Robin Seggelmann Approved by: steve at openssl.org Ooops, revert committed conflict. If it is a new session don't send the old TLS ticket: send a zero length ticket to request a new session. Remove BF_PTR2 from configuration: it doesn't improve performance any more and causes gcc warnings about arrays out of range make udpate update CHANGES First cut of renegotiation extension. (port to HEAD) PR: 2090 Submitted by: Martin Kaiser , Stephen Henson Approved by: steve at openssl.org PR: 2091 Submitted by: Martin Kaiser , Stephen Henson Approved by: steve at openssl.org PR: 1686 Submitted by: Hanno B????????ck Approved by: steve at openssl.org commit missing apps code for reneg fix add missing parts of reneg port, fix apps patch PR: 2098 Submitted by: Corinna Vinschen Approved by: steve at openssl.org set engine to NULL after releasing it PR: 2088 Submitted by: Aleksey Samsonov Approved by: steve at openssl.org PR: 2101 Submitted by: Doug Kaufman Approved by: steve at openssl.org PR: 2101 (additional) Submitted by: Roumen Petrov Approved by: steve at openssl.org PR: 2103 Submitted by: Rob Austein Approved by: steve at openssl.org Include a more meaningful error message when rejecting legacy renegotiation Don't use SSLv2 compatible client hello if we don't tolerate legacy renegotiation Servers can't end up talking SSLv2 with legacy renegotiation disabled Split PBES2 into cipher and PBKDF2 versions. This tidies the code somewhat and is a pre-requisite to adding password based CMS support. Add PBKFD2 prototype. Add OID for PWRI KEK algorithm. Experimental CMS password based recipient Info support. typo PR: 2118 Submitted by: Mounir IDRASSI Approved by: steve at openssl.org PR: 1432 Submitted by: "Andrzej Chmielowiec" , steve at openssl.org Approved by: steve at openssl.org PR: 2115 Submitted by: Robin Seggelmann Approved by: steve at openssl.org check DSA_sign() return value properly Ooops... PR: 2120 Submitted by: steve at openssl.org Check it actually compiles this time ;-) Replace the broken SPKAC certification with the correct version. Update CHANGES. PR: 2111 Submitted by: Martin Olsson Initial experimental TLSv1.1 support PR: 2121 Submitted by: Robin Seggelmann Add support for magic cipher suite value (MCSV). Make secure renegotiation work in SSLv3: initial handshake has no extensions but includes MCSV, if server indicates RI support then renegotiation handshakes include RI. Add ctrl and macro so we can determine if peer support secure renegotiation. Send no_renegotiation alert as required by spec. Add ctrls to clear options and mode. PR: 2124 Submitted by: Jan Pechanec Revert lhash patch for PR#2124 Add patch to crypto/evp which didn't apply from PR#2124 Check s3 is not NULL remove DEBUG_UNUSED from config for now Document option clearning functions. clarify docs Move SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION out of SSL_OP_ALL and move SSL_OP_NO_TLSv1_1 Allow initial connection (but no renegoriation) to servers which don't support RI. New option to enable/disable connection to unpatched servers PR: 2127 Submitted by: Tomas Mraz Alert to use is now defined in spec: update code Traditional Yuletide commit ;-) Update RI to match latest spec. Typo Add simple external session cache to s_server. This serialises sessions just like a "real" server making it easier to trace any problems. return v1.1 methods for client/server Include CHANGES entry for external cache Compression handling on session resume was badly broken: it always used compression algorithms in client hello (a legacy from when the compression algorithm wasn't serialized with SSL_SESSION). Client side compression algorithm sanity checks: ensure old compression algorithm matches current and give error if compression is disabled and server requests it (shouldn't happen unless server is broken). Remove tabs on blank lines: they produce warnings in pod2man PR: 2132 Submitted by: steve Typo PR: 2102 Submitted by: John Fitzgibbon ENGINE_load_capi() now exists on all platforms (but no op on non-WIN32) compress_meth should be unsigned Missing commit from change ofr compress_meth to unsigned Updates to conform with draft-ietf-tls-renegotiation-03.txt: Simplify RI+SCSV logic: PR: 2136 Submitted by: Willy Weisz update and sync ordinals Modify compression code so it avoids using ex_data free functions. This stops applications that call CRYPTO_free_all_ex_data() prematurely leaking memory. Fix version handling so it can cope with a major version >3. PR: 2125 Submitted by: "Alon Bar-Lev" make update convert to Unix EOL form PR: 2133 Submitted by: steve at openssl.org PR: 2144 Submitted by: steve at openssl.org PR: 2135 Submitted by: Mike Frysinger PR: 2144 Submitted by: Robin Seggelmann PR: 2141 Submitted by: "NARUSE, Yui" The use of NIDs in the password based encryption table can result in algorithms not found when an application uses PKCS#12 and only calls SSL_library_init() instead of OpenSSL_add_all_algorithms(). Simple work around is to add the missing algorithm (40 bit RC2) in SSL_library_init(). Support -L options in VC++ link. Update demo update NEWS file oops fix comments typo If legacy renegotiation is not permitted then send a fatal alert if a patched server attempts to renegotiate with an unpatched client. Tolerate PKCS#8 DSA format with negative private key. The fix for PR#1949 unfortunately broke cases where the BIO_CTRL_WPENDING ctrl is incorrectly implemented (e.g. some versions of Apache). As a workaround call both BIO_CTRL_INFO and BIO_CTRL_WPENDING if it returns zero. This should both address the original bug and retain compatibility with the old behaviour. PR: 2153, 2125 Submitted by: steve at openssl.org PR: 2149 Submitted by: Douglas Stebila Typo export OPENSSL_isservice and make update OPENSSL_isservice is now defined on all platforms not just WIN32 Add flags functions which were added to 0.9.8 for fips but not 1.0.0 and later. PR: 2138 Submitted by: Kevin Regan PR: 1949 Submitted by: steve at openssl.org PR: 2157 Submitted by: "Green, Paul" typo Some shells print out the directory name if CDPATH is set breaking the pod2man test. Use ./util instead to avoid this. update documentation to reflect new renegotiation options revert wrongly committed test code reword RI description revert previous change oops revert test code accidentally committed In engine_table_select() don't clear out entire error queue: just clear out any we added using ERR_set_mark() and ERR_pop_to_mark() otherwise errors from other sources (e.g. SSL library) can be wiped. Experimental renegotiation support in s_server test -www server. typo PR: 2159 Submitted by: Robin Seggelmann PR: 2160 Submitted by: Robin Seggelmann PR: 2161 Submitted by: Doug Goldstein , Steve. tolerate broken CMS/PKCS7 implementations using signature OID instead of digest don't assume 0x is at start of string Add missing function EVP_CIPHER_CTX_copy(). Current code uses memcpy() to copy an EVP_CIPHER_CTX structure which may have problems with external ENGINEs who need to duplicate internal handles etc. oops, use new value for new flag make update Initial experimental CMAC implementation. Make CMAC API similar to HMAC API. Add methods for CMAC. Make update. add cvsignore Use supplied ENGINE when initialising CMAC. Restore pctx setting. update year Fix memory leak in ENGINE autoconfig code. Improve error logging. PR: 2170 Submitted by: Magnus Lilja update references to new RI RFC PR: 2164 Submitted by: "Noszticzius, Istvan" add EVP_CIPH_FLAG_LENGTH_BITS from 0.9.8-stable Correct ECB mode EVP_CIPHER definition: IV length is 0 The "block length" for CFB mode was incorrectly coded as 1 all the time. It should be the number of feedback bits expressed in bytes. For CFB1 mode set this to 1 by rounding up to the nearest multiple of 8. PR: 2171 Submitted by: Tomas Mraz Submitted by: Dmitry Ivanov PR: 2100 Submitted by: James Baker et al. Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as initial connection to unpatched servers. There are no additional security concerns in doing this as clients don't see renegotiation during an attack anyway. OR default SSL_OP_LEGACY_SERVER_CONNECT so existing options are preserved clarify documentation The meaning of the X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY and X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT error codes were reversed in the verify application documentation. prevent warning add anyExtendedKeyUsage OID Include self-signed flag in certificates by checking SKID/AKID as well as issuer and subject names. Although this is an incompatible change it should have little impact in pratice because self-issued certificates that are not self-signed are rarely encountered. verify parameter enumeration functions allow setting of verify names in command line utilities and print out verify names in verify utility Experimental support for partial chain verification: if an intermediate certificate is explicitly trusted (using -addtrust option to x509 utility for example) the verification is sucessful even if the chain is not complete. tidy verify code. xn not used any more and check for self signed more efficiently add -trusted_first option and verify flag update FAQ update NEWS oops, use correct date Revert CFB block length change. Despite what SP800-38a says the input to CFB mode does *not* have to be a multiple of the block length and several other specifications (e.g. PKCS#11) do not require this. include TVS 1.1 version string Add Kerberos fix which was in 0.9.8-stable but never committed to HEAD and 1.0.0. Original fix was on 2007-Mar-09 and had the log message: "Fix kerberos ciphersuite bugs introduced with PR:1336." oops, revert verify.c change algorithms field has changed in 1.0.0 and later: update update cryptodev to match 1.0.0 stable branch version load cryptodev if HAVE_CRYPTODEV is set too make USE_CRYPTODEV_DIGESTS work 'typo' oops, reinstate correct prototype use supplied ENGINE in genrsa PR: 2178 Submitted by: "Kennedy, Brendan" don't mix definitions and code Submitted by: Tomas Hoger PR: 2183 option to replace extensions with new ones: mainly for creating cross-certificates Add -engine_impl option to dgst which will use an implementation of an algorithm from the supplied engine instead of just the default one. Fix memory leak: free up ENGINE functional reference if digest is not found in an ENGINE. Add algorithm specific signature printing. An individual ASN1 method can now print out signatures instead of the standard hex dump. fix indent, newline Add PSS algorithm printing. This is an initial step towards full PSS support. don't add digest alias if signature algorithm is undefined update ASN1 sign/verify to use EVP_DigestSign and EVP_DigestVerify add MGF1 digest ctrl add separate PSS decode function, rename PSS parameters to RSA_PSS_PARAMS typo oops, make EVP ctr mode work again although AES is a variable length cipher, AES EVP methods have a fixed key length The OID sanity check was incorrect. It should only disallow *leading* 0x80 values. oops print outermost signature algorithm parameters too correct error code RSA PSS verification support including certificates and certificate requests. Add new ASN1 signature initialisation function to handle this case. reserve a few more bits for future cipher modes PR: 2186 Submitted By: "Joel Rabinovitch" PR: 2188 Submitted By: Jaroslav Imrich don't leave bogus errors in the queue New function X509_ALGOR_set_md() to set X509_ALGOR (DigestAlgorithmIdentifier) from a digest algorithm. update cms code to use X509_ALGOR_set_md instead of internal function Algorithm specific ASN1 signing functions. Extend PSS padding code to support different digests for MGF1 and message. Add support for new PSS functions in RSA EVP_PKEY_METHOD ctrl operations to retrieve RSA algorithm settings typo RSA PSS ASN1 signing method typo alg2 can be NULL Submitted by: Martin Kaiser missing goto meant signature was never printed out PR: 2192 Submitted By: Jaroslav Imrich new sigopt and PSS support for req and x509 utilities add X509_CRL_sign_ctx function add -sigopt option to ca utility update CHANGES clear bogus errors in ca utility free up sigopts STACK print signature parameters with CRLs too workaround for missing definition in some headers PR: 1731 and maybe 2197 initialise buf if wrong_info not used update FAQ PR: 1813 Submitted by: Torsten Hilbrich PR: 1904 Submitted by: David Woodhouse sync ordinals with 1.0.0 PR: 1763 PR: 1696 update HEAD FAQ update FAQ update FAQ fix FAQ update FAQ fix FAQ (again) PR: 2220 PR: 2223 Submitted By: Robin Seggelmann PR: 2219 Submitted By: Robin Seggelmann PR: 2218 Submitted By: Robin Seggelmann PR: 2209 Submitted Daniel Mentz Remove obsolete PRNG note. Add comment about use of SHA256 et al. Add SHA2 algorithms to SSL_library_init(). Although these aren't used directly by SSL/TLS SHA2 certificates are becoming more common and applications that only call SSL_library_init() and not OpenSSL_add_all_alrgorithms() will fail when verifying certificates. make GOST MAC work again PR: 2228 Submitted By: Robin Seggelmann PR: 2229 Submitted By: Robin Seggelmann PR: 2230 Submitted By: Robin Seggelmann check ASN1 type before using it fix bug in ccgost CFB mode code fix signed/unsigned comparison warnings update FAQ PR: 2235 Submitted By: Bruce Stephens PR: 2234 Submitted By: Matthias Andree oops, commit Configure part of PR#2234 oops revert patch not part of Configure diff new function to diff tm structures PR: 2241 Submitted By: Artemy Lebedev experimental function to convert ASN1_TIME to tm, not used or even compiled in yet PR: 2250 Submitted By: Ger Hobbelt PR: 2244 Submitted By: "PMHager" PR: 2230 Submitted By: Robin Seggelmann PR: 2252 Submitted By: Ger Hobbelt PR: 2255 Submitted By: Ger Hobbelt PR: 2253 Submitted By: Ger Hobbelt oops, revert test patch PR: 2259 Submitted By: Artem Chuprina Update cms-test.pl to handle some Unix like Windows environments where calling shlib_wrap.sh doesn't work. oops, typo Stop compiler complaining in pedantic mode: may be a better way to do this... PR: 2251 Submitted by: Ger Hobbelt Approved by: steve at openssl.org PR: 2254 Submitted by: Ger Hobbelt Approved by: steve at openssl.org Avoid use of ex_data free function in Chil ENGINE so it can be safely reloaded. PR: 2266 Submitted By: Jonathan Gray PR: 2258 Submitted By: Ger Hobbelt PR: 2261 Submitted By: De Rudder, Stephen L." PR: 2262 Submitted By: Victor Wagner update NEWS PR: 2278 Submitted By: Mattias Ellert fix PR#2261 in a different way add CVE-2010-0742 and CVS-2010-1633 fixes update FAQ clarify comment no need for empty fragments with TLS 1.1 and later due to explicit IV i variable is used on some platforms PR: 2297 Submitted by: Antony, Benoy Approved by: steve at openssl.org Fix warnings (From HEAD, original patch by Ben). oops, revert wrong patch.. PR: 1830 Submitted By: Robin Seggelmann , Steve Henson Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(), this means that some implementations will be used automatically, e.g. aesni, we do this for cryptodev anyway. Fix WIN32 build system to correctly link ENGINE DLLs contained in a directory: currently the GOST ENGINE is the only case. Add modes.h and cmac to WIN32 build system. Update symhacks. Sync ordinals and update. WIN32 build fix. #if out deleted function from headers so it isn't picked up by WIN32 build system. Add new type ossl_ssize_t instead of ssize_t and move definitions to e_os2.h, this should fix WIN32 compilation issues and hopefully avoid conflicts with other headers which may workaround ssize_t in different ways. Make ctr mode behaviour consistent with other modes. Fix ctr mode properly this time.... PR: 2315 PR: 1833 Submitted By: Robin Seggelmann sync and update ordinals PR: 1833 Submitted By: Robin Seggelmann fix bug in AES_unwrap() make no-gost work on Windows Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(), this means that some implementations will be used automatically, e.g. aesni, we do this for cryptodev anyway. Typo, PR#2346 Minor documentation fixes, PR#2344 Minor documentation fixes, PR#2345 fix warnings fix signature printing routines We can't always read 6 bytes in an OCSP response: fix so error statuses are read correctly for non-blocking I/O. PR: 2314 Submitted by: Mounir IDRASSI Reviewed by: steve move CHANGES entry to correct place PR: 2295 Submitted by: Alexei Khlebnikov Reviewed by: steve Submitted by: Jonathan Dixon Reviewed by: steve PR: 2366 Submitted by: Damien Miller Reviewed by: steve Submitted By: Bogdan Harjoc Add missing debug WIN64 targets. preliminary acknowledgments file Get correct GOST private key instead of just assuming the last one is correct: this isn't always true if we have more than one certificate. Only use explicit IV if cipher is in CBC mode. If EVP_PKEY structure contains an ENGINE the key is ENGINE specific and we should use its method instead of any generic one. add TLS v1.1 options to s_server bring HEAD up to date, add CVE-2010-3864 fix, update NEWS files Don't assume a decode error if session tlsext_ecpointformatlist is not NULL: it can be legitimately set elsewhere. oops, reinstate TLSv1 string PR: 2372 Submitted by: "W.C.A. Wijngaards" Reviewed by: steve fix no SIGALRM case in speed.c compile cts128.c on VMS remove duplicate statement PR: 2374 Submitted by: Guenter Reviewed by: steve PR: 2375 Submitted by: Guenter Reviewed by: steve PR: 2376 Submitted by: Guenter Reviewed by: steve add pice of PR#2295 not committed to HEAD constify EVP_PKEY_new_mac_key() use generalise mac API for SSL key generation oops, revert invalid change add "missing" functions to copy EVP_PKEY_METHOD and examine info VERY EXPERIMENTAL HMAC redirection example in OpenSSL ENGINE. Untested at this stage and probably wont work properly. fix typo in HMAC redirection, add HMAC INIT tracing using_ecc doesn't just apply to TLSv1 PR: 2240 Submitted by: Jack Lloyd , "Mounir IDRASSI" , steve Reviewed by: steve Some of the MS_STATIC use in crypto/evp is a legacy from the days when EVP_MD_CTX was much larger: it isn't needed anymore. apply J-PKAKE fix to HEAD (original by Ben) PR: 2385 Submitted by: Stefan Birrer Reviewed by: steve update FAQ use right version this time in FAQ fix doc typos PR: 2386 Submitted by: Stefan Birrer Reviewed by: steve update FAQ ignore leading null fields Support routines for ASN1 scanning function, doesn't do much yet. avoid verification loops in trusted store when path building PR: 2413 Submitted by: Michael Bergandi Reviewed by: steve PR: 2410 Submitted by: Rob Austein Reviewed by: steve Fix escaping code for string printing. If *any* escaping is enabled we must escape the escape character itself (backslash). PR: 2411 Submitted by: Rob Austein Reviewed by: steve oops missed an assert Since DTLS 1.0 is based on TLS 1.1 we should never return a decryption_failed alert. Don't use decryption_failed alert for TLS v1.1 or later. add X9.31 prime generation routines from 0.9.8 branch move some string utilities to buf_str.c to reduce some dependencies (from 0.9.8 branch). missed change in ACKNOWLEDGEMENTS file stop warning with no-engine add va_list version of ERR_add_error_data Add additional parameter to dsa_builtin_paramgen to output the generated seed to: this doesn't introduce any binary compatibility issues as the function is only used internally. oops, revert mistakenly committed EC changes PR: 1612 Submitted by: Robert Jackson Reviewed by: steve check EC public key isn't point at infinity New function EC_KEY_set_affine_coordinates() this performs all the NIST PKV tests. PR: 2433 Submitted by: Chris Wilson Reviewed by: steve revert Makefile change recalculate DSA signature if r or s is zero (FIPS 186-3 requirement) Move DSA_sign, DSA_verify to dsa_asn1.c and include separate versions of DSA_SIG_new() and DSA_SIG_free() to remove ASN1 dependencies from DSA_do_sign() and DSA_do_verify(). Move BN_options function to bn_print.c to remove dependency for BIO printf routines from bn_lib.c Move RSA encryption functions to new file crypto/rsa/rsa_crpt.c to separate crypto and ENGINE dependencies in RSA library. And so it begins... again. add some missing fips files add fips/Makefile add fips/des/Makefile add fips/aes/Makefile add fips/sha files add fips_sha1_selftest.c add fips_premain.c.sha1 update mkerr.pl for use fips directory, add arx.pl script FIPS_allow_md5() no longer exists and is no longer required Add fipscanisterbuild configuration option and update Makefile.org: doesn't compile yet FIPS mode changes to make RNG compile (this will need updating later as we need a whole new PRNG for FIPS). FIPS mode EVP changes: add new RAND errors FIPS mode RSA changes: FIPS mode DSA changes: FIPS DH changes: selftest checks and key range checks. FIPS mode ERR changes. Redirect errors to tiny FIPS callbacks to avoid ERR library dependencies. Change AR to ARX to allow exclusion of fips object modules FIPS HMAC changes: Use ARX in crypto/Makefile FIPS changes to test/Makefile: rules to build FIPS test applications. Internal version of BN_mod_inverse allowing checking of no-inverse without need to inspect error queue. update .cvsignore use FIPSEVP in some bn and rsa files Move locking and thread ID functions into new files lock.c and thr_id.c, redirect locking to minimal FIPS_lock() function where required. New FIPS_lock() function for minimal FIPS locking API: to avoid dependencies on OpenSSL locking code. Use API in some internal FIPS files. Include thread ID code in fips module. Change OPENSSL_FIPSEVP to OPENSSL_FIPSAPI as it doesn't just refer to EVP any more. Update source files to handle new FIPS_lock() location. Add FIPS_lock() definition. Remove stale function references from fips.h add fips_dsatest.c file Redirect FIPS memory allocation to FIPS_malloc() routine, remove OpenSSL malloc dependencies. add FIPS API malloc/free add .cvsignore Move all FIPSAPI renames into fips.h header file, include early in crypto.h if needed. Add preliminary FIPS information. don't descend fips directory if not in fips mode typo update version to 2.0 use different default fips install directory add fiplibdir and basedir options to Configure Add fips option into Configure, disable endian code for no-asm and FIPS. Make shared library default for fips. Fix shared build for fips stop warnings about no previous prototype when compiling shared engines Provisional, experimental support for DSA2 parameter generation algorithm. Not properly integrated or tested yet. Since FIPS 186-3 specifies we use the leftmost bits of the digest we shouldn't reject digest lengths larger than SHA256: the FIPS algorithm tests include SHA384 and SHA512 tests. update README.FIPS fixes for DSA2 parameter generation Tolerate mixed case and leading zeroes when comparing. Support more DSA2 tests. Add DSA2 support to final algorithm tests: keypair and keyver. Don't try to set pmd if it is NULL. Remove DSA parameter generation from DSA selftest. It is unnecessary and can be very slow on embedded platforms. Hard code DSA parameters instead. Add sign/verify digest API to handle an explicit digest instead of finalising a context. Make no-asm work in fips mode. Add android platform. Fix target config errors. Cope with new DSA2 file format where some p/q only tests are made. Use single X931 key generation source file for FIPS and non-FIPS builds. Add FIPS support to mkdef.pl script, update ordinals. For now disable EC_GFp_nistp224_method() for WIN32 so the WIN32 build completes without linker errors. Add Windows FIPS build utilities. add -stripcr option to copy.pl from 0.9.8 Add FIPS error codes. Include fips header file in err_all.c if needed. Rename crypto/fips_err.c to fips_ers.c to avoid clash with other fips_err.c Transfer error redirection to fips.h, add OPENSSL_FIPSAPI to source files that use it. Add FIPS support to the WIN32 build system. Remove unneeded functions, make some functions and variables static. Fix duplicate code and typo. Use default ASN1 if flag set. Fix memory leak. New flags EVP_CIPH_FLAG_CUSTOM_CIPHER in cipher structures if an underlying cipher handles all cipher symantics itself. Typo. Use 0 not -1 (since type is size_t) for finalisation argument to do_cipher: the NULL value for the input buffer is sufficient to notice this case. Add CRYPTO_gcm128_tag() function to retrieve the tag. Initial *very* experimental EVP support for AES-GCM. Note: probably very broken and subject to change. Link GCM into FIPS module. Check return value in EVP gcm. Experimental incomplete AES GCM algorithm test program. Set values to NULL after freeing them. Equally experimental encrypt side for fips_gcmtest. Currently this uses IVs in the request file need to update it to generate IVs once we have an IV generator in place. Add GCM IV generator. Add some FIPS restrictions to GCM. Update fips_gcmtest. Disable FIPS restrictions when doing GCM testing. Free keys if DSA pairwise error. Return security strength for supported DSA parameters: will be used later. In FIPS mode only use "Generation by Testing Candidates" equivalent. Make Windows build work with GCM. New "fispcanisteronly" build option: only build fipscanister.o and associated utilities. This functionality will be used by the validated tarball. Add Makefile.fips. New option to disable characteristic two fields in EC code. Disable some functions in headers with no-ec2m Make no-ec2m work on Win32 build. Add nexprotoneg support too. Change FIPS source and utilities to use the "FIPS_" names directly instead of using regular OpenSSL API names. Remove dependency of dsa_sign.o and dsa_vrf.o: new functions FIPS_dsa_sig_new and FIPS_dsa_sig_free, reimplment DSA_SIG_new and DSA_SIG_free from ASN1 library. New function BN_nist_mod_func which returns an appropriate function if the passed prime is a NIST prime. Use BN_nist_mod_func to avoid need to peek error queue. Reorganise ECC code for inclusion in FIPS module. Don't use FIPS api for ec2_oct.c Include support for an add_lock callback to tiny FIPS locking API. Add ECDSA functionality to fips module. Initial very incomplete version of algorithm test program. Add .cvsignore. Update ECDSA test program to handle ECDSA2 format files. Correctly handle hex strings with an odd number of digits. Add support for SigGen and KeyPair tests. Ignore final '\n' when checking if hex line length is odd. Add FIPS flags to AES ciphers and SHA* digests. Add non-FIPS algorithm blocking and selftest checking. Update pairwise consistency checks to use SHA-256. Use SHA-256 in fips_test_suite. Add pairwise consistency test to EC. Experimental symbol renaming to avoid clashes with regular OpenSSL. Experimental FIPS symbol renaming. Include openssl/crypto.h first in several other files so FIPS renaming is picked up. Don't need err library for Makefile.fips Remove debugging command. Update auto generated comment. Correct fipssyms.h for more assembly language symbols. Experimental perl script to edit assembly language source files, call the assembler, then restore original file. Make -DOPENSSL_FIPSSYMS work for assembly language builds. AES GCM selftests. add ECDSA POST Move gcm128_context definition to modes_lcl.h (along with some related definitions) so we can use it in EVP GCM code avoiding need to allocate it. Make fipscanisteronly build only required files. *** empty log message *** tools and rehash not needed for fips build. x509v3.h header file not needed in fips algorithm test utilities. Need to link additional directories for fipscanisteronly build. Remove unnecessary dependencies. Create fips links even if not compiling in fips mode. Update dependencies. Remove unnecessary link directories. *** empty log message *** Remove debugging option. Call Makefile.fips when making a fips tarball. Initial perl script to filter out unneeded files for a fips tarball. typo Make "make links" work in fipscanisteronly builds. Don't try and update c_rehash for fipscanisteronly builds. Removing debugging print. Add modes_lcl.h to header list. Remove duplicate test rule. Add fips/ecdsa directory to mkfiles.pl Make fipscanisteronly work with WIN32 build system. Include ms directory for fips distribution. Make mkfiles.pl work with fipscanisteronly. Make -DOPENSSL_FIPSSYMS work under WIN32: run perl script when WIN32 assembly language files are created, add norunasm option to just translate and not run the assembler. Add new symbols to fipssyms.h Add DllMain to fips symbols: will need to call this in FIPS capable OpenSSL. Use more portable options when making links in Makefile.fips Stop warnings. Update status information. Initial, provisional, subject to wholesale change, untested, probably not working, incomplete and unused SP800-90 DRBGs for CTR and Hash modes. Updates to DRBG: fix bugs in infrastructure. Add initial experimental algorithm test generator. Fix couple of bugs in CTR DRBG implementation. Uninstantiate and free functions for DRBG. Remove need for redirection on RNG and DSS algorithm test programs: some platforms don't support it. Remove redirection from fipsalgtest.pl script. Support I/O with files in new fips_gcmtest program. Add file I/O to fips_drbgvs program. Add meaningful error codes to DRBG. New SP 800-56A compliant version of DH_compute_key(). New initial DH algorithm test driver. Typo. Update .cvsignore Update fips_dhvs to handle functional test by generating keys. Enter FIPS mode in fips_dhvs. Support file I/O in fips_ecdsavs. Add ECDH to validated module. Add a few more symbol renames. Make no-ec2m work again. Update status. make no-dsa work again Check requested security strength in DRBG. Add function to retrieve the security strength. Remove redundant check to stop compiler warning. Fix warnings: signed/unisgned comparison, shadowing (in some cases global functions such as rand() ). PR: 2469 Submitted by: Jim Studt Reviewed by: steve Add extensive DRBG selftest data and option to corrupt it in fips_test_suite. Fix broken SRP error/function code assignment. Fix warnings about ignored return values. Implement health checks needed by SP800-90. Implement continuous RNG test for SP800-90 DRBGs. Typo. Free DRBG context in self tests. Use a signed value to check return value of do_cipher(). Typo. Make some Unix builds work again. Fix compiler warnings. Remove unused function. Add .cvsignore Allow setting of get_entropy and get_nonce callbacks outside test mode. Test mode is now set when a DRBG context is initialised. Disable cmac tests by default so the old algorithm test vectors work. Have all algorithm test programs call fips_algtest_init() at startup: this will perform all standalone operations such as setting error callbacks, entering FIPS mode etc. Add .cvsignore Update .cvsignore fix warnings Reorganise DRBG API so the entropy and nonce callbacks can return a pointer to a buffer instead of copying to a fixed length buffer. This removes the entropy and nonce length restrictions. Remove redundant definitions. Give error code if DRBG sefltest fails. Unused, untested, provisional RAND interface for DRBG. Initial switch to DRBG base PRNG in FIPS mode. Include bogus seeding for test applications. Provisional support for auto called OPENSSL_init() function. This can be used to set up any appropriate functions such as FIPS callbacks without requiring an explicit application call. Add additional OPENSSL_init() handling add dummy call to (hopefully) ensure OPENSSL_init() is always linked into an application. Allow FIPS malloc callback setting. Automatically set some callbacks in OPENSSL_init(). Only zeroise sensitive parts of DRBG context, so the type and flags are undisturbed. temporarily update .cvsignore delete lib file restore .cvsignore restore .cvsignore Make WIN32 static builds work again. PR: 2457 Submitted by: Robin Seggelmann Reviewed by: steve PR: 2458 Submitted by: Robin Seggelmann Reviewed by: steve PR: 2462 Submitted by: Robin Seggelmann Reviewed by: steve check RAND_pseudo_bytes return value Change RNG test to block oriented instead of request oriented, add option to test a "stuck" DRBG. Disable test fprintf. Change FIPS locking functions to macros so we get useful line information. Use environment when builds libcrypto shared library so CC value is picked up in FIPS builds. Set error code is additional data callback fails. Updated error codes for FIPS library. FIPS mode support for openssl utility: doesn't work properly yet due to missing DRBG support in libcrypto. Rename deprecated FIPS_rand functions to FIPS_x931. These shouldn't be used by applications directly and the X9.31 PRNG is deprecated by new FIPS140-2 rules anyway. Extensive reorganisation of PRNG handling in FIPS module: all calls now use an internal RAND_METHOD. All dependencies to OpenSSL standard PRNG are now removed: it is the applications resposibility to setup the FIPS PRNG and initalise it. Update fipssyms.h to keep all symbols in FIPS,fips namespace. updated FIPS status check buffer is larger enough before overwriting Remove rand files from fipscanister.o Add missing error code strings. Update OpenSSL DRBG support code. Use date time vector as additional data. Set FIPS RAND_METHOD at same time as OpenSSL RAND_METHOD. Add fips hmac key to dgst utility. Update CHANGES. Only use fake rand once per operation. This stops the EC pairwise consistency test interfering with the test. DH keys have an (until now) unused 'q' parameter. When creating from DSA copy q across and if q present generate DH key in the correct range. New function to return security strength of PRNG. Before initalising a live DRBG (i.e. not in test mode) run a complete health check on a DRBG of the same type. Add error for health check failure. remove ENGINE dependency from ecdh Remove unused build targets from Makefile.fips, add cmac to dist list. Auto configure for fips is from restricted tarball. Clarify README.FIPS. set OPENSSL_FIPSSYMS for restricted buils and auto detect no-ec2m Auto detect no-ec2m add option to make no-ec2m tarball. fix fipscanisteronly autodetect Typo: fix duplicate call. Don't give dependency warning for fips builds. Reorder headers to get definitions before they are used. Set length to 41 (40 hex characters + null). Fix warning. Add mem_clr.c explicity for no-asm builds. Use correct version number. Update copyright year. Update fips_premain.c fingerprint. Update ECDSA selftest to use hard coded private keys. Include tests for prime and binary fields. No need to disable leak checking for FIPS builds now we use internal memory callbacks. Stop warning and fix memory leaks. Fix memory leaks: uninstantiate DRBG during health checks. Cleanup md_ctx when performing ECDSA selftest. Update RSA selftest code to use a 2048 bit RSA and only a single KAT for PSS+SHA256 Complete rewrite of FIPS_selftest_dsa(). Use hardcoded 2048 bit DSA key and SHA384. Use fips_pkey_signature_test(). Update fips_pkey_signature_test: use fixed string if supplies tbs is NULL. Always allocate signature buffer. Provisional AES XTS support. Use consistent FIPS tarball name. Remove duplicate flag. Initial incomplete POST overhaul: add support for POST callback to allow status of POST to be monitored and/or failures induced. Remove several of the old obsolete FIPS_corrupt_*() functions. Update CMAC, HMAC, GCM to use new POST system. Revise fips_test_suite to use table of IDs for human readable strings. Report each cipher used with CMAC tests. Add new POST support to X9.31 PRNG. Add algorithm driver for XTS mode. Fix several bugs in EVP XTS implementation. Add XTS selftest, include in fips_test_suite. Add length limitation from SP800-38E. Add "post" option to fips_test_suite to run the POST only and exit. Remove PSS salt length detection hack from fipslagtest.pl by allowing a regexp search of the file to determine its type. This will be needed for other tests later... Remove shlib_wrap.sh as it is not needed (all algorithm tests are staticly linked to fipscanister.o). Add option to generate a shell script to run all tests: this is useful for platforms that don't have perl. Don't need separate tag buffer for GCM mode: use EVP_CIPHER_CTX buf field which is not unused for custom ciphers. Compile ccm128.c, move some structures to modes_lcl.h add prototypes. Initial untested CCM support via EVP. CCM encrypt algorithm test support. Override flag for XTS length limit. Typo. Fix EVP CCM decrypt. Add decrypt support to algorithm test program. Add fips/cmac directory to WIN32 build. Use 0 for tbslen to perform strlen. Add AES CCM selftest. Warn if lines are truncated in algorithm test utilities. Add partial DH and ECDH primitives only testing to fipsalgtest.pl Add partial GCM tests to fipsalgtest.pl Add periodic DRBG health checks as required by SP800-90. Update DRBG to use new POST scheme. Add continuous RNG test to entropy source. Entropy callbacks now need to specify a "block length". Update ordinals. Fix WIN32 warning. Make fipscanisteronly auto detect work on WIN32. Reconise no-ec-nistp224-64-gcc-128 option. Initial do_fips.bat build script for WIN32 fipscanister. Rewrite OutputValue to avoid use of buffer when printing out hex values. Add XTS test vector support to fipsalgtest.pl Return errors instead of aborting when selftest fails. Add PRNG security strength checking. Always return multiple of block length bytes from default DRBG seed callback. Oops, work out expanded buffer length before allocating it... Make sure overrides work for RSA/DSA. More fixes for DSA FIPS overrides. Clarification. Recognise invalid enable/disable options. Fix warning. Stop warnings about undefined _exit on Android. Don't assume version of rm supports -rf: use RM instead. Initial "opaque SSL" framework. If an application defines OPENSSL_NO_SSL_INTERN all ssl related structures are opaque and internals cannot be directly accessed. Many applications will need some modification to support this and most likely some additional functions added to OpenSSL. Initial incomplete TLS v1.2 support. New ciphersuites added, new version checking added, SHA256 PRF support added. no need to include memory.h Update symbol translation table. Disable SHA256 if not supported. Some changes to support VxWorks in the validted module. For FIPS algorithm test utilities use our own version of strcasecmp and strncasecmp to cover cases where platforms don't support them. Add ppc_cap.c to restricted tarball. Include crypto.h in ppccap.c Rename some more symbols. Handle multiple CPUID_OBJ correctly. Two more symbol renames. Quick hack to time POST. Stop warning in VxWorks. Use more portable clock_gettime() for fips_test_suite timing. Use faster curves for ECDSA self test. Fix do_fips script. PR: 2499 Submitted by: "James 'J.C.' Jones" Remove useless setting. Include fipssyms.h for ARM builds to translate symbols. Fix warning. Remove debugging print. Update status. Remove superfluous PRNG self tests. Fix warning of signed/unsigned comparison. Hide more symbols. Continuing TLS v1.2 support: add support for server parsing of signature algorithms extension and correct signature format for server key exchange. Return error codes for selftest failure instead of hard assertion errors. Don't fail WIN32 builds on warnings. Get OPENSSL_FIPSSYMS from environment in fipsas.pl, include ppccap.c and .S files in fipsdist. Fixes for WIN64 FIPS build. Don't include GF2m source files is NOEC2M set. Omit GF2m properly this time ;-) Remove FIXME comments. Remove gf2m modules from bn_asm if no-ec2m set. allow SHA384, SHA512 wit DSA Call fipsas.pl directly for pa-risc targets. Initial TLS v1.2 client support. Include a default supported signature algorithms extension (including everything we support). Swicth to new signature format where needed and relax ECC restrictions. Initialise rc. Typo. Update instructions. Add NSA sublicense info. Inlcude README.ECC in FIPS restricted tarball. Rename FIPS_mode_set and FIPS_mode. Theses symbols will be defined in the FIPS capable OpenSSL. Set FIPS mode for values other than 1. The only current effect is to return a consistent value. So calling FIPS_module_mode_set(n) for n != 0 will result in FIPS_module_mode() returning n. This will support future expansion of more FIPS modes e.g. a Suite B mode. Reorder signature algorithms in strongest hash first order. make kerberos work with OPENSSL_NO_SSL_INTERN Sync ordinals. Add SSL_INTERN definition. Fix error discrepancy. Process signature algorithms during TLS v1.2 client authentication. Provisional support for TLS v1.2 client authentication: client side only. Enter FIPS mode by calling FIPS_module_mode_set in openssl.c until FIPS_mode_set is implemented. Recognise NO_NISTP224-64-GCC-128 typo Typo. NULL is a valid cspname new flag to stop ENGINE methods being registered set encodedPoint to NULL after freeing it inherit HMAC flags from MD_CTX update date oops Implement FIPS_mode and FIPS_mode_set Add CHANGES entry: add FIPS support to ssl PR: 2295 Submitted by: Alexei Khlebnikov Reviewed by: steve PR: 2522 Submitted by: Henrik Grindal Bakken use TLS1_get_version macro to check version so TLS v1.2 changes don't interfere with DTLS PR: 2505 Submitted by: Robin Seggelmann Reviewed by: steve PR: 2506 Submitted by: Robin Seggelmann Reviewed by: steve PR: 2512 Submitted by: Robin Seggelmann Reviewed by: steve Oops use up to date patch for PR#2506 Some nextproto patches broke DTLS: fix Fix the ECDSA timing attack mentioned in the paper at: Fix the ECDSA timing attack mentioned in the paper at: PR: 2527 Submitted by: Marcus Meissner Reviewed by: steve PR: 2529 Submitted by: Marcus Meissner Reviewed by: steve PR: 2533 Submitted by: Robin Seggelmann Reviewed by: steve Don't advertise or use MD5 for TLS v1.2 in FIPS mode More symbol renaming. Only install FIPS related files for fipscanisteronly build. Install fips_standalone_sha1 and make use of it in fipsld script. In fipsld use FIPSLIBCRYPTO environment variable to specify an alternative location for libcrypto.a, support shared library builds in different source tree. Use FIPSLD_LIBCRYPTO for consistency with other env variables in fipsld. Use current directory for fips_premain_dso Typo. Rename many internal only module functions from FIPS_* to fips_*. Add prototypes for FIPS EVP implementations: for use in FIPS capable OpenSSL. Add FIPS_digestinit prototype for FIPS capable OpenSSL. Prototypes for more FIPS functions for use in FIPS capable OpenSSL. Add more cipher prototypes. Output supported curves in preference order instead of numerically. Don't round up partitioned premaster secret length if there is only one digest in use: this caused the PRF to fail for an odd premaster secret length. Fake CPU caps so fips_standalone_sha1 compiles. set FIPS permitted flag before initalising digest typo Add DSA and ECDSA "clone digests" to module for compatibility with old applications. Clone digest prototypes. Simple automated certificate creation demo. Move FIPS RSA function definitions to fips.h Remove FIPS RSA functions from crypto/rsa. Typo. Constify RSA signature buffer. Add "OPENSSL_FIPSCAPABLE" define for a version of OpenSSL which is FIPS capable: i.e. FIPS module is supplied externally. license correction, no EAY code included in this file fix error discrepancy Move function prototype to fips.h Set SSL_FIPS flag in ECC ciphersuites. Add prototypes for some FIPS EC functions. Set flags in ECDH and ECDSA methods for FIPS. Add flags for DH FIPS method. fix memory leak Add more prototypes. more prototypes in fips.h Install FIPS module in FIPSDIR if set. Remove x509.h from SHA1 clone digests, update dependencies. Update dependencies for m_dss.c too. #undef bn_div_words as it is defined for FIPS builds. CMAC FIPS prototypes. HMAC fips prototypes Use FIPSCAPABLE for FIPS module functions used in FIPS capable OpenSSL. Don't export functions marked as FIPSCAPABLE. sync and update ordinals Allow applications to specify alternative FIPS RAND methods if they are sure they are OK. make sure custom cipher flag doesn't use any mode bits set FIPS allow before initialising ctx Update to mk1mf.pl and ms\do_fips.bat to install relevant files for WIN32 FIPS builds. Don't include des.h any more: it is not needed. Option "fipscheck" which checks to see if FIPS is autodetected in a build. Use this for WIN32 builds. Give parameters names in prototypes. Initial FIPS capable OpenSSL information Strip CRs when installing fips_premain.c Correct compat library rule in FIPS mode. Correction. add null cipher to FIPS module typo make EVP_dss() work for DSA signing Add prototype for null cipher. Don't set FIPS rand method at same time as RAND method as this can cause the FIPS library to fail. Applications that want to set the FIPS rand method can do so explicitly and presumably they know what they are doing... allow MD5 use for computing old format hash links add symbol rename Now the FIPS capable OpenSSL is available simplify the various FIPS test build options. stop complaints about no CVS version typo correctly encode OIDs near 2^32 PR: 2540 Submitted by: emmanuel.azencot at bull.net Reviewed by: steve PR: 2543 Submitted by: Robin Seggelmann Reviewed by: steve PR: 2470 Submitted by: Corinna Vinschen Reviewed by: steve Add sparcv9cap.c to restricted tarball. get the filename right allow KERNEL_BITS to be specified in the environment Add stub for HMAC DRBG. typo Fix CPRNG test for Hash DRBG. auto detect configuration using KERNEL_BITS and CC Recognise fipscheck option and call fipsas for WIN64 builds. Add no-asm argument to Configure if needed. Delete any EXARG value first. Additional error checking. If make clean fails it is not a fatal error. Add functions to return FIPS module version. Rename symbol. PR: 2556 (partial) Reported by: Daniel Marschall Reviewed by: steve Add support for ECCCDH test format. PR: 2550 Submitted by: Robin Seggelmann Reviewed by: steve PR: 2555 Submitted by: Robin Seggelmann Reviewed by: steve PR: 2559 Submitted by: Robin Seggelmann Reviewed by: steve Rename another symbol. stop warnings Make sure OPENSSL_FIPSCANISTER is visible to ARM assembly language files. More symbol renaming. Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support and prohibit use of these ciphersuites for TLS < 1.2 oops, remove debug option Update CHANGES. Fix warnings. recognise ecdsaWithSHA1 OID Expand range of ctrls for AES GCM to support retrieval and setting of invocation field. fix memory leak Initial support for tests for 2.0 module. Not complete and not all working yet. Fix DSA to skip EOL test when parsing mod line. Use "resp" for default directory name for .rsp files. Add HMAC DRBG from SP800-90 Remove redundant assignment. Include armcap.c in fips tarball. prevent compilation errors and warnings aesni TLS GCM support Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA using OBJ xref utilities instead of string comparison with OID name. Enable rsa-pss0 for non-v2 tests. quote LIBS to copy with empty string Delete library install from Makefile.fips: it isn't used. Update instructions to recommend use of included incore script. typo Fix fipsalgtest.pl to still work with old test vectors. Correct maximum request length. SP800-90 quotes maximum bits, not bytes. Rename sparc symbols. Don't use some object files in FIPS build. Fix warning. Add support for canonical generation of DSA parameter g. Modify fips_dssvs to support appropriate file format. Add support for DSA2 PQG generation of g parameter. Fix ecdh primitives test command line. Print private key component is -exout parameter is given. PR: 2586 Submitted by: Thomas Jarosch Reviewed by: steve PR: 2586 Submitted by: Thomas Jarosch Reviewed by: steve PR: 2588 Submitted by: Thomas Jarosch Reviewed by: steve PR: 2589 Submitted by: Thomas Jarosch Reviewed by: steve PR: 2573 Submitted by: Robin Seggelmann Reviewed by: steve Stop warnings. make timing attack protection unconditional PR: 2340 Submitted by: "Mauro H. Leggieri" Reviewed by: steve Sync ordinals with 1.0.1-stable. PR: 2576 Submitted by: Doug Goldstein Reviewed by: steve Don't use *from++ in tolower as this is implemented as a macro on some platforms. Thanks to Shayne Murray for reporting this issue. Rename some more symbols for fips module. Extension of DRBG selftests using new data. Add header to Makefile. Update dependencies. Don't perform full DRBG health check on all DRBG types on power up, just one shorter KAT per mechanism. Place DRBG in error state if health check fails. Check reseed interval before generating output. Update FAQ. Initialise X509_STORE_CTX properly so CRLs with nextUpdate date in the past produce an error (CVE-2011-3207) Add error codes for DRBG KAT failures. Put quick DRBG selftest return after first generate operation. Add /fixed option to linker with fips builds. Add support for Dual EC DRBG from SP800-90. Include updates to algorithm tests and POST code. Fix 3DES Monte Carlo test file output which previously outputted extra bogus lines. Update fipsalgtest.pl to tolerate the old format. Check we recognise DRBG type in fips_drbgvs.c initialised DRBG_CTX if we don't set type in FIPS_drbg_new(). Delete strength parameter from FIPS_drbg_generate. It isn't very useful (strength can be queried using FIPS_drbg_get_strength ) and adds a substantial extra overhead to health check (need to check every combination of parameters). Check length of additional input in DRBG generate function. More extensive DRBG health check. New function to call health check for all DRBG combinations. new function to lookup FIPS supported ciphers by NID Remove fipsdso target: it isn't supported in the 2.0 module. Update CMAC/HMAC sefltests to use NIDs instead of function pointers. Fix warning. Make HMAC kat symbols static. Don't use vpaes in fips builds and exclude from restricted tarball. Minor code tidy and bug fix: need to set t = s after first pass and t and s do not need to have independent values after the first pass so set t = s. clarify comment Sync error codes with 1.0.1-stable. Allow reseed interval to be set. Update error codes. Revise DRBG to split between internal and external flags. Perform health check on all reseed operations not associated with prediction resistance requests. Although SP 800-90 is arguably unclear on whether this is necessary adding an additional check has minimal penalty (very few applications will make an explicit reseed request). Remove unused variable. Don't print out errors in cases where errors are expected: testing DSA parameter validity and EC public key validity. Use function name FIPS_drbg_health_check() for health check function. Typo. Run PQGVer test before DSA2 tests. PR: 2347 Submitted by: Tomas Mraz Reviewed by: steve PR: 2602 Submitted by: Robin Seggelmann Reviewed by: steve PR: 2606 Submitted by: Christoph Viethen Reviewed by: steve use keyformat for -x509toreq, don't hard code PEM make sure eivlen is initialised Handle provable prime parameters for canonical g generation which are sometimes erroneously included. Add a --disable-all option to disable all tests. fix signed/unsigned warning Fix output format for DSA2 parameter generation. Check return codes properly. Remove s = s * P deferral. Add FIPS selftests for ECDH algorithm. make depend Never echo Num lines for PQGGen DSA2 test. Make fips algorithm test utilities use RESP_EOL for end of line character(s). This should be CRLF even under *nix. ? crypto/aes/aes-armv4.S ? crypto/aes/aesni-sha1-x86_64.s ? crypto/aes/aesni-x86_64.s ? crypto/aes/foo.pl ? crypto/aes/vpaes-x86_64.s ? crypto/bn/.bn_lib.c.swp ? crypto/bn/armv4-gf2m.S ? crypto/bn/diffs ? crypto/bn/modexp512-x86_64.s ? crypto/bn/x86_64-gf2m.s ? crypto/bn/x86_64-mont5.s ? crypto/ec/bc.txt ? crypto/ec/diffs ? crypto/modes/a.out ? crypto/modes/diffs ? crypto/modes/ghash-armv4.S ? crypto/modes/ghash-x86_64.s ? crypto/modes/op.h ? crypto/modes/tst.c ? crypto/modes/x.h ? crypto/objects/.obj_xref.txt.swp ? crypto/rand/diffs ? crypto/sha/sha-512 ? crypto/sha/sha1-armv4-large.S ? crypto/sha/sha256-armv4.S ? crypto/sha/sha512-armv4.S Index: crypto/objects/obj_xref.c =================================================================== RCS file: /v/openssl/cvs/openssl/crypto/objects/obj_xref.c,v retrieving revision 1.9 diff -u -r1.9 obj_xref.c --- cryp to/objects/obj_xref.c 5 Nov 2008 18:38:58 -0000 1.9 +++ crypto/objects/obj_xref.c 6 Oct 2011 20:30:21 -0000 @@ -110,8 +110,10 @@ #endif if (rv == NULL) return 0; - *pdig_nid = rv->hash_id; - *ppkey_nid = rv->pkey_id; + if (pdig_nid) + *pdig_nid = rv->hash_id; + if (ppkey_nid) + *ppkey_nid = rv->pkey_id; return 1; } use client version when eliminating TLS v1.2 ciphersuites in client hello New -force_pubkey option to x509 utility to supply a different public key to the one in a request. This is useful for cases where the public key cannot be used for signing e.g. DH. Add fips/ecdh directory. PR: 2482 Submitted by: Rob Austein Reviewed by: steve Sync ordinals with 1.0.1-stable. fix memory leaks fix CHANGES entry Synv ordinals with 1.0.1-stable. Don't disable TLS v1.2 by default now. disable GCM if not available add GCM ciphers in SSL_library_init fix leak properly this time... remove some debugging code def_rsa_finish not used any more. print out subgroup order if present update pkey method initialisation and copy Only include one ECDH selftest. Fix warnings. ECDH POST selftest failure inducing support. Handle broken test on verify too. Updates to handle some verification of v2 tests. Update instructions. Handle partial test where H is absent: needed to check g generation. Skip ECDH sanity check. Add --compare-all to run comparison tests on all files instead of sanity checks. Remove o_init.o special case from Makefile: this doesn't work. Update README.FIPS for new FIPS 2.0 testvectors. increase test RSA key size to 1024 bits Print curve type for signature tests. Add usage messages. Don't use TPREFIX shell variable for minimal script. Allow override of GCCVER and noexecstack checking from environment. more vxworks patches Clarify usage message. L=3072, N=256 provides 128 bits of security not 112. Do global replace to remove assembly language object files. Update premain fingerprint. Recognise new option. Build fipscanister.o only by default. Utility build now needs make build_tests Typo (?) add authentication parameter to FIPS_module_mode_set Add "nopass" for empty password too. Fix error codes. Check for uninitialised DRBG_CTX and don't free up default DRBG_CTX. fix (?) AVX clearing Update error codes. Check for selftest failure in various places. No need for custom flag in XTS mode: block length is 1. typo Use correct tag for SRP username. PR: 2632 Submitted by: emmanuel.azencot at bull.net Reviewed by: steve PR: 2628 Submitted by: Robin Seggelmann Reviewed by: steve PR: 2628 Submitted by: Robin Seggelmann Reviewed by: steve Add fips_algvs utility (from FIPS 2.0 stable branch). Print out an error for "make test" in FIPS builds. (from FIPS stable) Remove duplicate test from health check. Fix memory leaks by uninstantiating DRBG before reinitialising it. Add support for memory leak checking in fips_algvs. Add single call public key sign and verify functions. fix set but unused warnings typo: use key for POST callback make post failure simulation reversible in all cases typo Update fips_test_suite to take multiple command line options and an induced error checking function. check for unset entropy and nonce callbacks portability fix for some perl versions PR: 1794 Submitted by: Peter Sylvester Reviewed by: steve Add RFC5114 DH parameters to OpenSSL. Add test data to dhtest. In EC_KEY_set_public_key_affine_coordinates include explicit check to see passed components do not exceed field order bcmp doesn't exist on all platforms, replace with memcmp move internal functions to ssl_locl.h add strp.h to mkdef.pl headers sync and update ordinals add cryptlib.h to mkdef.pl sync and update ordinals PR: 1794 Submitted by: Peter Sylvester Reviewed by: steve check counter value against 4 * L, not 4096 return error if counter exceeds limit and seed value supplied Correct some parameter values. Update DH_check() to peform sensible checks when q parameter is present. The default CN prompt message can be confusing when often the CN needs to be the server FQDN: change it. [Reported by PSW Group] Initial experimental support for X9.42 DH parameter format to handle RFC5114 parameters and X9.42 DH public and private keys. Document RFC5114 "generation" options. fix error discrepancy transparently handle X9.42 DH parameters Replace expired test server and client certificates with new ones. implement -attime option as a verify parameter then it works with all relevant applications update CHANGES add commented out option to allow use of older PKITS data use different names for asm temp files to avoid problems on some platforms add cofactor ECDH support from fips branch Updates from fips2 branch: close streams in test utilities, use cofactor ECDH add new key and signature generation tests to fips_test_suite. detect and use older PKITS data Add private keys and generation scripts for test certificates in apps directory. PR: 1794 Submitted by: Peter Sylvester Reviewed by: steve update CHANGES PR: 2563 Submitted by: Paul Green Reviewed by: steve New ctrl values to clear or retrieve extra chain certs from an SSL_CTX. New function to retrieve compression method from SSL_SESSION structure. remove prototype for deleted SRP function sync and update ordinals delete unimplemented function from header file, update ordinals recognise DECLARE_PEM_write_const, update ordinals typo PR: 2535 Submitted by: Robin Seggelmann Reviewed by: steve recognise SCTP in mkdef.pl script recognise no-sctp PR: 2326 Submitted by: Tianjie Mao Reviewed by: steve PR: 1794 Submitted by: Peter Sylvester Reviewed by: steve fix deprecated statement fix error code update default depflags make update PR: 2658 Submitted by: Robin Seggelmann Reviewed by: steve update CHANGES recognise HEARTBEATS in mkdef.pl script incomplete provisional OAEP CMS decrypt support only send heartbeat extension from server if client sent one oops, revert wrong patch Submitted by: Adam Langley Reviewed by: steve fix warnings update FAQ Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577) Check GOST parameters are not NULL (CVE-2012-0027) fix CHANGES Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619) Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576) Submitted by: Robin Seggelmann , Michael Tuexen Reviewed by: steve update CHANGES disable heartbeats if tlsext disabled Submitted by: Robin Seggelmann Reviewed by: steve PR: 2671 Submitted by: steve fix warning (revert original patch) fix warning Support for fixed DH ciphersuites. fix CHANGES entry Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. Thanks to Antonio Martin, Enterprise Secure Access Research and Development, Cisco Systems, Inc. for discovering this bug and preparing a fix. (CVE-2012-0050) return error if md is NULL oops revert debug change add support for use of fixed DH client certificates add example for DH certificate generation initialise dh_clnt allow key agreement for SSL/TLS certificates Tidy/enhance certificate chain output code. Revise ssl code to use a CERT_PKEY structure when outputting a certificate chain instead of an X509 structure. code tidy Add support for distinct certificate chains per key type and per SSL structure. typo Modify client hello version when renegotiating to enhance interop with some servers. oops, revert unrelated changes Submitted by: Eric Rescorla add fips blocking overrides to command line utilities only cleanup ctx if we need to, save ctx flags when we do PR: 2714 Submitted by: Tomas Mraz PR: 2710 Submitted by: Tomas Mraz PR: 2704 Submitted by: Peter Sylvester Submitted by: Eric Rescorla PR: 2705 Submitted by: Alexey Melnikov PR: 2703 Submitted by: Alexey Melnikov PR: 2716 Submitted by: Adam Langley PR: 2717 Submitted by: Tim Rice PR: 2713 Submitted by: Tomas Mraz An incompatibility has always existed between the format used for RSA signatures and MDC2 using EVP or RSA_sign. This has become more apparent when the dgst utility in OpenSSL 1.0.0 and later switched to using the EVP_DigestSign functions which call RSA_sign. Additional compatibility fix for MDC2 signature format. Fix bug in CVE-2011-4619: check we have really received a client hello before rejecting multiple SGC restarts. Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert between NIDs and the more common NIST names such as "P-256". Enhance ecparam utility and ECC method to recognise the NIST names for curves. initialise i if n == 0 SSL export fixes (from Adam Langley) [original from 1.0.1] ABI compliance fixes. PR: 2727 Submitted by: Bruce Stephens PR: 2696 Submitted by: Rob Austein PR: 2711 Submitted by: Tomas Mraz ABI fixes from 1.0.1-stable PR: 2730 Submitted by: Arpadffy Zoltan Detect symmetric crypto errors in PKCS7_decrypt. free headers after use in error message PR: 2735 PR: 2739 Submitted by: Robin Seggelmann PR: 2737 Submitted by: Remi Gacogne PR: 2736 Reported by: Remi Gacogne Fix memory leak cause by race condition when creating public keys. PR: 2742 Reported by: Dmitry Belyavsky PR: 2743 Reported by: Dmitry Belyavsky don't do loop check for single self signed certificate PR: 2748 Submitted by: Robin Seggelmann PR: 2755 Submitted by: Robin Seggelmann New ctrls to retrieve supported signature algorithms and curves and extensions to s_client and s_server to print out retrieved valued. check return value of BIO_write in PKCS7_decrypt PR: 2756 Submitted by: Robin Seggelmann Submitted by: Peter Sylvester PR: 2744 Submitted by: Dmitry Belyavsky update NEWS Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and continue with symmetric decryption process to avoid leaking timing information to an attacker. corrected fix to PR#2711 and also cover mime_param_cmp update FAQ, NEWS oops, revert unrelated patches Always use SSLv23_{client,server}_method in s_client.c and s_server.c, the old code came from SSLeay days before TLS was even supported. use client version when deciding whether to send supported signature algorithms extension Submitted by: Markus Friedl fix leak Initial revision of ECC extension handling. don't shadow PR: 2778(part) Submitted by: John Fitzgibbon Update ordinals. Tidy up EC parameter check code: instead of accessing internal structures add utility functions to t1_lib.c to check if EC certificates and parameters are consistent with peer. add FAQ about version numbers Add support for automatic ECDH temporary key parameter selection. When enabled instead of requiring an application to hard code a (possibly inappropriate) parameter set and delve into EC internals we just automatically use the preferred curve. Submitted by: Peter Sylvester update rather ancient EVP digest documentation make reinitialisation work for CMAC fix reset fix use different variable for chain iteration Add options to set additional type specific certificate chains to s_server. Partial workaround for PR#2771. Additional workaround for PR#2771 correct error codes recognise X9.42 DH certificates on servers update FAQ Check for potentially exploitable overflows in asn1_d2i_read_bio BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer in CRYPTO_realloc_clean. PR: 2239 Submitted by: Dominik Oepen correct old FAQ answers check correctness of errors before updating them so we don't get bogus errors added correct error code update NEWS oops, not yet ;-) Submitted by: Peter Sylvester Reviewed by: steve Improved localisation of TLS extension handling and code tidy. Change value of SSL_OP_NO_TLSv1_1 to avoid clash with SSL_OP_ALL and OpenSSL 1.0.0. Add CHANGES entry noting the consequences. update FAQ update NEWS Don't try to use unvalidated composite ciphers in FIPS mode Reported by: Solar Designer of Openwall update FAQ Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and DTLS to fix DoS attack. PR: 2806 Submitted by: PK PR: 2811 Reported by: Phil Pennock PR: 2813 Reported by: Constantine Sapuntzakis print out issuer and subject unique identifier fields in certificates New functions to retrieve certificate signatures and signature OID NID. Initial record tracing code. Print out all fields in SSL/TLS records for debugging purposes. Needs "enable-ssl-trace" configuration option. Make it possible to delete all certificates from an SSL structure. fix clashing error code oops, add -debug_decrypt option which was accidenatally left out Add support for application defined signature algorithms for use with TLS v1.2. These are sent as an extension for clients and during a certificate request for servers. Reorganise supported signature algorithm extension processing. don't use pseudo digests for default values of keys Add new "valid_flags" field to CERT_PKEY structure which determines what the certificate can be used for (if anything). Set valid_flags field in new tls1_check_chain function. Simplify ssl_set_cert_masks which used to have similar checks in it. Function tls1_check_ec_server_key is now redundant as we make appropriate checks in tls1_check_chain. Add certificate callback. If set this is called whenever a certificate is required by client or server. An application can decide which certificate chain to present based on arbitrary criteria: for example supported signature algorithms. Add very simple example to s_server. This fixes many of the problems and restrictions of the existing client certificate callback: for example you can now clear existing certificates and specify the whole chain. recognise OPENSSL_NO_SSL_TRACE Fix Win32 build. remove unnecessary attempt to automatically call OPENSSL_init Separate client and server permitted signature algorithm support: by default the permitted signature algorithms for server and client authentication are the same but it is now possible to set different algorithms for client authentication only. no need to check s->server as default_nid is never used for TLS 1.2 client authentication new function SSL_is_server to which returns 1 is the corresponding SSL context is for a server add support for client certificate callbak, fix memory leak cert_flags is unsigned Fix memory leak. PR: 2840 Reported by: David McCullough add missing evp_cnf.c file Add new ctrl to retrieve client certificate types, print out details in s_client. update trace messages reinclude crypto.h: this is needed in HEAD only to get the __fips_constseg definition New function ssl_set_client_disabled to set masks for any ciphersuites that are disabled for this session (as opposed to always disabled by configuration). Don't ignore (\!) reference count in X509_STORE_free add ssl_locl.h to err header files, rebuild ssl error strings stop warning set ciphers to NULL before calling cert_cb update NEWS Add support for certificate stores in CERT structure. This makes it possible to have different stores per SSL structure or one store in the parent SSL_CTX. Include distint stores for certificate chain verification and chain building. New ctrl SSL_CTRL_BUILD_CERT_CHAIN to build and store a certificate chain in CERT structure: returing an error if the chain cannot be built: this will allow applications to test if a chain is correctly configured. typo check EC tmp key matches preferences Abort handshake if signature algorithm used not supported by peer. Make tls1_check_chain return a set of flags indicating checks passed by a certificate chain. Add additional tests to handle client certificates: checks for matching certificate type and issuer name comparison. add suite B chain validation flags and associated verify errors Rename Suite B functions for consistency. update ordinals Add three Suite B modes to TLS code, supporting RFC6460. PR: 2786 Reported by: Tomas Mraz update debug-steve* configurations New compile time option OPENSSL_SSL_TRACE_CRYPTO, when set this passes all derived keys to the message callback. oops, typo Add compilation flag to disable certain protocol checks and allow use of some invalid operations for testing purposes. Currently this can be used to sign using digests the peer doesn't support, EC curves the peer doesn't support and use certificates which don't match the type associated with a ciphersuite. give more meaningful error if presented with wrong certificate type by server make EC test certificates usable for ECDH perform sanity checks on server certificate type as soon as it is received instead of waiting until server key exchange Don't load GOST ENGINE if it is already loaded. store and print out message digest peer signed with in TLS 1.2 new ctrl to retrive value of received temporary key in server key exchange message, print out details in s_client New -valid option to add a certificate to the ca index.txt that is valid and not revoked Extend certificate creation examples to include CRL generation and sample scripts running the test OCSP responder. update README fix memory leak Minor enhancement to PR#2836 fix. Instead of modifying SSL_get_certificate change the current certificate (in s->cert->key) to the one used and then SSL_get_certificate and SSL_get_privatekey will automatically work. fix memory leak enhance EC method to support setting curve type when generating keys and add parameter encoding option Add ctrl and utility functions to retrieve raw cipher list sent by client in client hello message. Previously this could only be retrieved on an initial connection and it was impossible to determine the cipher IDs of any uknown ciphersuites. Add -brief option to s_client and s_server to summarise connection details. Add -rev test option to s_server to just reverse order of characters received by client and send back to server. Also prints an abbreviated summary of the connection parameters. If OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL is set allow the use of "SCSV" as a ciphersuite to position the SCSV value in different places for testing purposes. New functions to check a hostname email or IP address against a certificate. Add options to s_client, s_server and x509 utilities to print results of checks. oops, fix compilation errors in s_server Don't require tag before ciphertext in AESGCM mode add simple AES GCM code example fix error code fix ASN1_STRING_TABLE_add so it can override existing string table values use correct year automatically New config module for string tables. This can be used to add new multi string components (as used in DN fields or request attributes) or change the values of existing ones. oops, add missing asn_mstbl.c typo correct error function code contify new feature: if ctx==NULL in SSL_CTX_ctrl perform syntax checking only for some operations (currently curves and signature algorithms) add "missing" TLSv1.2 cipher alias new command line option -stdname to ciphers utility initial update of ciphers doc update ciphers documentation to indicate implemented fixed DH ciphersuites typo add SSL_CONF functions and documentation fix typos in SSL_CONF documentation initial decription of GCM/CCM usage via EVP Delegate command line handling for many common options in s_client/s_server to the SSL_CONF APIs. fix error messages remove redundant code from demo PR: 2909 Contributed by: Florian Weimer PR: 2880 Submitted by: "Florian R????chel" add -naccept option to s_server to automatically exit after connections document -naccept option fix manual page file name clarify docs fix typo and warning remove obsolete code don't call gethostbyname if OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL is set make depend new function ASN1_TIME_diff to calculate difference between two ASN1_TIME structures make depend update docs for s_server/s_client document -trace and -msgfile options correct docs update usage messages with -rev close connection if client sends "CLOSE" fix leaks reorganise SSL_CONF_cmd manual page and update some links first parameter is difference in days, not years don't use psec or pdays if NULL fix printout of expiry days if -enddate is used in ca PR: 2908 Submitted by: Dmitry Belyavsky Submitted by: Florian Weimer PR: 2909 Reorganise parameters for OPENSSL_gmtime_diff. only use a default curve if not already set use correct return values when callin cmd curves can be set in both client and server support -quiet with -msg or -trace reject zero length point format list or supported curves extensions Add support for printing out and retrieving EC point formats extension. Don't display messages about verify depth in s_server if -quiet it set. add Suite B 128 bit mode offering only combination 2 option to output corrupted signature in certificates for testing purposes set cmdline flag in s_server set auto ecdh parameter selction for Suite B change inaccurate error message Use default point formats extension for server side as well as client side, if possible. Print out point format list for clients too. New functions to set lookup_crls callback and to retrieve internal X509_STORE from X509_STORE_CTX. Generalise OCSP I/O functions to support dowloading of other ASN1 structures using HTTP. Add wrapper function to handle CRL download. constify add wrapper function for certificate download PR: 2803 Submitted by: jean-etienne.schwartz at bull.net Add new test option set the version in generated certificates: this is needed to test some profiles/protocols which reject certificates with unsupported versions. return error if Suite B mode is selected and TLS 1.2 can't be used. Correct error coded add option to get a certificate or CRL from a URL New option to add CRLs for s_client and s_server. add -badsig option to corrupt CRL signatures for testing too if no error code and -brief selected print out connection closed instead of read error don't check errno is zero, just print out message oops, really check brief mode only ;-) fix leak check mval for NULL too make -subj always override config file initial support for delta CRL generations by diffing two full CRLs don't print verbose policy check messages when -quiet is selected even on error Integrate host, email and IP address checks into X509_verify. Fix two bugs which affect delta CRL handling: remove print_ssl_cert_checks() from openssl application: it is no longer used Add code to download CRLs based on CRLDP extension. fix handling of "automatic" in file mode documentation fixes really fix automatic ;-) typo send out the raw SSL/TLS headers to the msg_callback and display them in SSL_trace allow ECDSA+SHA384 signature algorithm in SUITEB128ONLY mode add -badsig option to ocsp utility too. revert SUITEB128ONLY patch, anything wanting to use P-384 can use SUITEB128 instead add -cert_chain option to s_client add -crl_download option to s_server New verify flag to return success if we have any certificate in the trusted store instead of the default which is to return an error if we can't build the complete chain. Use new partial chain flag instead of modifying input parameters. apps/ocsp.c oops, revert, committed in error Add support for '-' as input and output filenames in ocsp utility. typo Return success when the responder is active. Check chain is not NULL before assuming we have a validated chain. add -rmd option to set OCSP response signing digest Use client version when deciding which cipher suites to disable. correct CHANGES Update test OCSP script "tocsp" to use shell functions and to use December 17th as check date to avoid certificate expiry errors. revert OCSP_basic_verify changes: they aren't needed now we support partial chain verification and can pass verify options to ocsp utility add missing newline Make partial chain checking work if we only have the EE certificate in the trust store. Fix tocsp: we don't need -trust_other any more. typo missing tab Portability fix: use BIO_snprintf and pick up strcasecmp alternative definitions from e_os.h stop warning when compiling with no-comp make JPAKE work again, fix memory leaks make no-comp compile Initial .gitignore Change default bits to 1024 Typo (PR2959). Don't include comp.h if no-comp set. fix domd Don't include comp.h in cmd_cd.c if OPENSSL_NO_COMP set Fix warning: lenmax isn't used any more. Don't use C++ style comments. Fix for trace code: SSL3 doesn't include a length value for encrypted premaster secret value. Timing fix mitigation for FIPS mode. We have to use EVP in FIPS mode so we can only partially mitigate timing differences. Add ordinal for CRYPTO_memcmp: since this will affect multiple branches it needs to be in a "gap". (cherry picked from commit 81ce0e14e72e8e255ad1bd9c7cfaa47a6291919c) typo. (cherry picked from commit 34ab3c8c711ff79c2b768f0b17e4b2a78fd1df5d) Don't access EVP_MD_CTX internals directly. (cherry picked from commit 04e45b52ee3be81121359cc1198fd01e38096e9f) update FAQ Fix in ssltest is no-ssl2 configured (cherry picked from commit cbf9b4aed3e209fe8a39e1d6f55aaf46d1369dc4) Upate FAQ. Update SSL_CONF docs. Demo code for SSL_CONF API Fix error codes. Add function CMS_RecipientInfo_encrypt Fix WIN32 build. Initial CCM code. typo Add CCM ciphers to tables. GCM and CCM test support DTLS trace support. Typo. (cherry picked from commit 1546fb780bc11556a18d70c5fb29af4a9d5beaff) Encode INTEGER correctly. DTLS revision. Use appropriate versions of SSL3_ENC_METHOD Use enc_flags when deciding protocol variations. Typo. Disable compression for DTLS. Enable various DTLS extensions. Extend DTLS method macros. Remove versions test from dtls1_buffer_message Provisional DTLS 1.2 support. DTLS 1.2 cached record support. Update fixed DH requirements. Enable TLS 1.2 ciphers in DTLS 1.2. Call RAND_cleanup in openssl application. (cherry picked from commit 944bc29f9004cf8851427ebfa83ee70b8399da57) Typo. Use $(PERL) when calling scripts in mk1mf.pl Make TLS 1.2 ciphers work again. Fix non-copy builds. Asm build portability. Set s->d1 to NULL after freeing it. Dual DTLS version methods. Always return errors in ssl3_get_client_hello Suite B support for DTLS 1.2 Typo. Reencode certificates in X509_sign_ctx. Reencode with X509_CRL_ctx_sign too. Fix PSS signature printing. Typo. Exetended OAEP support. Add new OID to pSpecified from PKCS#1 Add control to retrieve signature MD. Update to OAEP support. CMS public key parameter support. CMS RSA-OAEP and RSA-PSS support. Add -keyopt option to cms utility. Add new CMS tests. Update cms docs. Update CHANGES Fix duplicate error code. Initialise CMS signature buffer length properly. Fix verify loop with CRL checking. Avoid need to change function code. Typo. EVP support for wrapping algorithms. Set CMS EnvelopedData version correctly. CMS support for key agreeement recipient info. Add new OIDs from RFC5753 Add support for X9.62 KDF. Add support for ECDH KARI. Return correct enveloped data type in ASN1 methods. Custom key wrap option for cms utility. Scripts to recreate S/MIME test certificates. New CMS tests. Temporarily disable ECDSA test. Make ecdsatest work with nonces. Algorithm parameter support. Minor optimisation to KDF algorithm. If present print j, seed and counter values for DH Enhance DH dup functions. Extend DH parameter generation support. Add KDF for DH. CMS RFC2631 X9.42 DH enveloped data support. Add X9.42 DH certificate to S/MIME test Add X9.42 DH test. Update cms docs. Add the server 'hang' issue to the FAQ Return 1 when setting ECDH auto mode. Make no-ec compilation work. Don't run ECDH CMS tests if EC disabled. Add documentation. Typo: don't call RAND_cleanup during app startup. (cherry picked from commit 90e7f983b573c3f3c722a02db4491a1b1cd87e8c) Correct ECDSA example. Document -force_pubkey option. Document supported curve functions. Set TLS v1.2 disabled mask properly. Experimental encrypt-then-mac support. Document extension clash. Partial path fix. Remove ancient PATENTS section and FAQ reference. DTLS version usage fixes. Fix error code clashes. Add functions to set ECDSA_METHOD structure. Sync OID numbers with 1.0.2 branch. RFC7027 (Brainpool for TLS) support. Add test vectors from RFC7027 Fix warning. Add brainpool curves to NID table too. Prevent use of RSA+MD5 in TLS 1.2 by default. Time value for various platforms. Typo. Extend SSL_CONF Add demo for SSL server using SSL_CONF. Modify sample accept.cnf Fix various typos. Update demos/bio/README Constification. Fix argument processing. Add SSL_CONF command to set DH Parameters. Update test server details. Fix warning. Fix warning. Add -ecdh_single option. Add brainpool curves to trace output. (cherry picked from commit bd80d0229c9a154f569b046365bc85d76b59cfc5) Initialise context before using it. (cherry picked from commit a4947e4e064d2d5bb622ac64cf13edc4a46ed196) Sync error codes with 1.0.2-stable Enable PSK in FIPS mode. Experimental workaround TLS filler (WTF) extension. Check for missing components in RSA_check. Add CMS_SignerInfo_get0_signature function. Document RSAPublicKey_{in,out} options. Fix for some platforms where "char" is unsigned. Update FAQ with PGP note. Update FAQ Support setting of "no purpose" for trust. Fix memory leak. Allow match selecting of current certificate. Flag to disable automatic copying of contexts. Constify. (cherry picked from commit 1abfa78a8ba714f7e47bd674db53dbe303cd1ce7) Use correct header length in ssl3_send_certifcate_request Don't define SSL_select_next_proto if OPENSSL_NO_TLSEXT set New functions to retrieve certificate from SSL_CTX Simplify and update openssl.spec Add release dates to NEWS remove obsolete STATUS file Don't use rdrand engine as default unless explicitly requested. (cherry picked from commit 16898401bd47a153fbf799127ff57fdcfcbd324f) Verify parameter retrieval functions. Fix for partial chain notification. Update to pad extension. Add opaque ID structure. Update demo. Check EVP errors for handshake digests. Ignore NULL parameter in EVP_MD_CTX_destroy. (cherry picked from commit a6c62f0c25a756c263a80ce52afbae888028e986) Fix DTLS retransmission from previous session. Canonicalise input in CMS_verify. Update curve list size. (cherry picked from commit cfa86987a8d9d2b8cc5e5fea2d3260c46542cdb9) Don't change version number if session established Use algorithm specific chains for certificates. Add ServerInfoFile to SSL_CONF, update docs. Sync NEWS. Add fix for CVE-2013-4353 (cherry picked from commit 6b42ed4e7104898f4b5b69337589719913b36404) update NEWS update FAQ Fix bug in X509_V_FLAG_IGNORE_CRITICAL CRL handling. Use rdrand as additional entropy source. typo Add new function SSL_CTX_get_ssl_method(). Support retries in certificate callback Certificate callback doc. Add cert callback retry test. Compare encodings in X509_cmp as well as hash. New function to set compression methods so they can be safely freed. Add loaded dynamic ENGINEs to list. Fix demo comment: 0.9.9 never released. Check i before r[i]. typo Clarify docs. Demo of use of errors in applications. New ctrl to set current certificate. Add quotes as CC can contain spaces. Return per-certificate chain if extra chain is NULL. Oops, get selection logic right. Return previous compression methods when setting them. fix error discrepancy (cherry picked from commit a2317c3ffde3f1f73bd7fa3f08e420fb09043905) Add suppot for ASCII with CRLF canonicalisation. Don't do loop detection for self signed check. Include TA in checks/callback with partial chains. Remove duplicate statement. Don't use getcwd in non-copy builds. Restore SSL_OP_MSIE_SSLV2_RSA_PADDING Don't use CRYPTO_AES_CTR if it isn't defined. Remove references to o_time.h make depend Move CT viewer extension code to crypto/x509v3 make depend fix WIN32 warnings (cherry picked from commit b709f8ef54b1c9ad513878ba0213aa651a9acef8) Option to set current cert to server certificate. New chain building flags. Only set current certificate to valid values. Avoid Windows 8 Getversion deprecated errors. Add -show_chain option to print out verified chain. Fix for v3_scts.c Don't use BN_ULLONG in n2l8 use SCTS_TIMESTAMP. (cherry picked from commit 3678161d717d0f46c5b5b052a6d6a33438b1df00) Fix for WIN32 builds with KRB5 (cherry picked from commit 3eddd1706a30cdf3dc9278692d8ee9038eac8a0d) Add function to free compression methods. Fix memory leak. (cherry picked from commit 124d218889dfca33d277404612f1319afe04107e) PKCS#8 support for alternative PRFs. For self signed root only indicate one error. (cherry picked from commit bdfc0e284c89dd5781259cc19aa264aded538492) Remove -WX option from debug-VC-WIN32 (cherry picked from commit 7a3e67f029969620966b8a627b8485d83692cca5) Simplify ssl_add_cert_chain logic. typo Fix for CVE-2014-0076 Update ordinals. Workaround for some CMS signature formats. Update chain building function. Add -no_resumption_on_reneg to SSL_CONF. (cherry picked from commit 1f44dac24d1cb752b1a06be9091bb03a88a8598e) Fix memory leak with client auth. (cherry picked from commit bc5ec653ba65fedb1619c8182088497de8a97a70) Add functions returning security bits. Auto DH support. Allow return of supported ciphers. Check return value of ssl3_output_cert_chain Security framework. Security callback debug print out. Set security level to zero is ssltest Set security level in cipher string. Add initial security framework docs. Don't try and verify signatures if key is NULL (CVE-2013-0166) Add additional check to catch this in ASN1_item_verify too. (cherry picked from commit 66e8211c0b1347970096e04b18aa52567c325200) Document new crl option. Use correct length when prompting for password. Update FAQ. Update security framework docs. For more than 160 bits of security disable SHA1 HMAC Set TLS padding extension value. Document -verify_return_error option. Add heartbeat extension bounds check. Return if ssleay_rand_add called with zero num. Update NEWS ssleay_rand_add returns a value in 1.1.0 Fix free errors in ocsp utility. Add new key fingerprint. Clarify CMS_decrypt behaviour. Extension checking fixes. Document -debug_decrypt option. Set Enveloped data version to 2 if ktri version not zero. Initialize num properly. Return an error if no recipient type matches. Correct example. Enc doesn't support AEAD ciphers. (cherry picked from commit 09184dddead165901700b31eb39d540ba30f93c5) Fix bug in signature algorithm copy. Adding padding extension to trace code. For portability use BUF_strndup instead of strndup. Change default cipher in smime app to des3. Fix for PKCS12_create if no-rc2 specified. Rename vpm_int.h to x509_lcl.h Don't use expired certificates if possible. Set version number correctly. Don't compile heartbeat test code on Windows (for now). Use correct digest when exporting keying material. Set default global mask to UTF8 only. Option to disable padding extension. Recognise padding extension. Allow reordering of certificates when signing. Fix CVE-2014-3470 Fix CVE-2014-0221 Additional CVE-2014-0224 protection. Fix for CVE-2014-0224 Fix for CVE-2014-0195 Update value to use a free bit. Update NEWS. Add official extension value. Make tls_session_secret_cb work with CVE-2014-0224 fix. Update strength_bits for 3DES. SRP ciphersuite correction. Fix null pointer errors. Fix compilation with no-comp Fix Windows build. (cherry picked from commit 5f4c5a902b0508eab235adecb34b236cdc0048a5) Accept CCS after sending finished. Remove ancient obsolete files under pkcs7. Memory leak and NULL dereference fixes. Fix OID encoding for one component. Rebuild OID table. Tolerate critical AKID in CRLs. Fix for EVP_PBE_alg_add(). Don't disable state strings with no-ssl2 Typo. Handle BER length encoding. Clarify protocols supported. Make no-ssl3 no-ssl2 do more sensible things. Show errors on CSR verification failure. Fix memory leak. Don't core dump when using CMAC with dgst. Fix copy for CCM, GCM and XTS. Test copying of contexts in evp_test. Accessor functions for app_data in ECDSA_METHOD Make NO_SYS_UN_H compile. Fix warning. (cherry picked from commit c97ec5631bb08a2171a125008d2f0d2a75687aaa) Windows build fixes. ASN1 sanity check. Update ticket callback docs. Remove all RFC5878 code. typo (cherry picked from commit 2cfbec1caea8f9567bdff85d33d22481f2afb40a) Add license info. Don't limit message sizes in ssl3_get_cert_verify. Sanity check keylength in PVK files. s_server usage for certificate status requests Document certificate status request options. Usage for -hack and -prexit -verify_return_error Fix typo. Use more common name for GOST key exchange. Use case insensitive compare for servername. Don't allow -www etc options with DTLS. Fix DTLS certificate requesting code. Clarify -Verify and PSK. Sanity check lengths for AES wrap algorithm. Make *Final work for key wrap again. RFC 5649 support. Fix documentation for RSA_set_method(3) Windows build fixes. Add test header, sync ordinals with 1.0.2 Don't call setenv in gost2814789t.c Add conditional unit testing interface. Fix SRP ciphersuite DoS vulnerability. Fix SRP buffer overrun vulnerability. Check SRP parameters early. Test SRP authentication ciphersuites. Fix SRP authentication ciphersuites. Include error messages on extension check failure. Revision of custom extension code. fix warning Custom extension revision. Add custom extension sanity checks. Remove serverinfo checks. Callback revision. New extension callback features. New function SSL_extension_supported(). Use consistent function naming. Rename some callbacks, fix alignment. Custom extension documentation. Fix comments, add new test. sync ordinals with 1.0.2 Add CHANGES entry for SCT viewer code. Fix warning. Use correct function name: CMS_add1_signer() Add additional DigestInfo checks. Add additional explanation to CHANGES entry. Parse custom extensions after internal extensions. Disable encrypt them mac for SSL 3.0 and stream ciphers (RC4 only). Remove reference to deleted md4.c Fix for session tickets memory leak. Process signature algorithms in ClientHello late. Copy negotiated parameters in SSL_set_SSL_CTX. Fix WIN32 build by disabling bn* calls. Fix cross reference table generator. Add SSL_CONF support to ssltest. Additional output for ssltest. Prevent use of binary curves when OPENSSL_NO_EC2M is defined Process signature algorithms before deciding on certificate. Only handle RI extension for SSLv3 New option no-ssl3-method which removes SSLv3_*method Fix excert logic. Fix SuiteB chain checking logic. Print out Suite B status. Remove some unnecessary OPENSSL_FIPS references Remove fipscanister from Configure, delete fips directory Remove fipscanister build functionality from makefiles. Remove fips utility build rules from test/Makefile Remove FIPSCANISTERINTERNAL reference. Remove OPENSSL_FIPSCANISTER code. remove unnecessary OPENSSL_FIPS reference remove another FIPSCANISTER reference Remove fips_constseg references. Remove fips.h reference. make depend Remove FIPS error library from openssl.ec mkerr.pl remove FIPS module code from crypto/rsa remove FIPS module code from crypto/dsa Remove FIPS module code from crypto/dh remove FIPS module code from crypto/ecdsa remove FIPS module code from crypto/ecdh remove FIPS module code from crypto/bn remove FIPS module code from crypto/evp remove FIPS_*_SIZE_T remove OPENSSL_FIPSAPI Remove references to deleted fips directory from Makefile.org Remove fips directories from mkfiles.pl Reject invalid constructed encodings. Clear existing extension state. Remove MS SGC Remove SGC restart flag. Fix various certificate fingerprint issues. Constify ASN1_TYPE_cmp add X509_ALGOR_cmp. update ordinals ECDH downgrade bug fix. Only allow ephemeral RSA keys in export ciphersuites. fix compilation error RT3662: Allow leading . in nameConstraints use correct function name use correct credit in CHANGES fix error discrepancy Fix crash in dtls1_get_record whilst in the listen state where you get two separate reads performed - one for the header and one for the body of the handshake record. Unauthenticated DH client certificate fix. For master windows build dsa.h is now needed. Remove use of BN_init, BN_RECP_CTX_init from bntest Emilia Kasper (40): Allow duplicate certs in ssl_build_cert_chain Fix OID handling: make depend Fix build when BSAES_ASM is defined but VPAES_ASM is not define inline for Visual Studio Improve EVP_PKEY_sign documentation RT3061: slightly amend patch RT 3060: amend patch Explicitly check for empty ASN.1 strings in d2i_ECPrivateKey Constant-time utilities Make the inline const-time functions static. Add i2d_re_X509_tbs make update Note i2d_re_X509_tbs and related changes in CHANGES make update RT3066: rewrite RSA padding checks to be slightly more constant time. RT3067: simplify patch RT3425: constant-time evp_enc Add missing tests Fix ssltest logic when some protocols are compiled out. Sync CHANGES Add missing CHANGES interval [1.0.1h, 1.0.1i] Tighten session ticket handling Reset s->tlsext_ticket_expected in ssl_scan_serverhello_tlsext. This ensures that it's zeroed even if the SSL object is reused (as in ssltest.c). It also ensures that it applies to DTLS, too. Set s->hit when resuming from external pre-shared secret. Remove ssl3_check_finished. Always require an advertised NewSessionTicket message. Ensure SSL3_FLAGS_CCS_OK (or d1->change_cipher_spec_ok for DTLS) is reset once the ChangeCipherSpec message is received. Previously, the server would set the flag once at SSL3_ST_SR_CERT_VRFY and again at SSL3_ST_SR_FINISHED. This would allow a second CCS to arrive and would corrupt the server state. Clean up CHANGES Fix broken build Reject elliptic curve lists of odd lengths. Add extra checks for odd-length EC curve lists. Clarify the return values for SSL_get_shared_curve. Fix unused variable warning Check for invalid divisors in BN_div. Build fixes Revert "RT3425: constant-time evp_enc" Add a comment noting the padding oracle. Add a clang build target for linux-x86_64 Only inherit the session ID context in SSL_set_SSL_CTX if the existing context was also inherited (matches that of the existing SSL_CTX). Emilia K??sper (1): Fix DTLS anonymous EC(DH) denial of service Eric Young (1): Fix base64 decoding bug. Erik Auerswald (1): RT3301: Discard too-long heartbeat requests Felix Laurie von Massenbach (18): Add a new target to Configure for me. Strip trailing whitespace from Configure. Remove indentation from the goto targets. Remove static from probable_prime_dh. Add speed test for prime trial division. Tidy up speed.c a little. Run the prime speed tests for 10 seconds. Add a method to generate a prime that is guaranteed not to be divisible by 3 or 5. Generate safe primes not divisible by 3, 5 or 7. Add python script to generate the bits needed for the prime generator. Remove editor barf on updating copyright. Try skipping over the adding and just picking a new random number. Refactor the first prime index. Only count successful generations. Remove unused BIGNUMs. Add a test to check we're really generating probable primes. Fix shadow declaration. Fix signed/unsigned comparisons. Franti??ek Bo????nek (1): Fix memory leak. Fr?d?ric Giudicelli (1): RT783: Minor optimization to ASN1_INTEGER_set Gabor Tyukasz (1): Fix race condition in ssl_parse_serverhello_tlsext Geoff Keating (1): RT1909: Omit version for v1 certificates Geoff Thorpe (421): Gets around VC++ compiler pickiness. (long != double) More VC++ pickiness. (destest.c doesn't have a "return" and the usual signed/unsigned stuff in s3_pkt.c) another one done. This is a set of startup code for the DSO support, it's not yet linked into the build process (an upcoming commit no doubt), and is very much *new* code - what that means is that it compiles ok - usually. It certainly doesn't mean it runs well or even properly yet. Please don't muck round with this unless you're looking to help out and hunt bugs. :-) This commit ties the new DSO code (crypto/dso/) into the build for a variety of platforms. A few are missing, and they will be added in eventually, but as this is new stuff, it was better to not break lots of platforms in one go that we can't easily test. The changes to "Configure" should illustrate how to add support to other systems if you feel like having a go. Better make a note of what's going on ... :-) This helps make the DSO stuff more portable; * "no-dso" option available in Configure so that all DSO methods will return NULL, overriding any support the platform might otherwise have built. * dlfcn_no_h config string now available rather than just dlfcn. This is for platforms that have dlfcn.h functions but do not have (or need) the dlfcn.h header file. I forgot about $openssl_other_defines ... should probably do this for consistency. Not sure though whether HAVE_DLFCN_H should be included too? If we go the autoconf route then this probably wouldn't be included. Constification, and a silly mistake in the comments. This change facilitates name translation for shared libraries. The technique used is far from perfect and alternatives are welcome. Basically if the translation flag is set, the string is not too long, and there appears to be no path information in the string, then it is converted to whatever the standard should be for the DSO_METHOD in question, eg; blah --> libblah.so on *nix, and blah --> blah.dll on win32. Thanks to "make update" ... Previously, the default RSA_METHOD was NULL until the first RSA structure was initialised, at which point an appropriate default was chosen. This meant a call to RSA_get_default_method might have returned FALSE. The handling of DSA_METHOD and DH_METHOD wasn't quite as problematic as with RSA_METHOD (the **_get_default_methods do set the default value if it's not set). However, the code had some duplication and was a bit conter-intuitive. This case in the "dso_unload" handlers should not be reported as an error - if a DSO_load(NULL,...) operation fails, it will have to call DSO_free() on the DSO structure it created and that will filter through to this "unload" call. cvs update oops. This declaration seems to have been added into the header file accidently. There's no trace of it being implemented and it doesn't seem to have been intended given that it is prototyped with a BIO yet there was a BIO- specific version added in at the same time. It seems that mktime does what is required here. Certainly timegm() can not be used because it is not available on all systems (most notably, win32). another warning. Minor corrections to documentation. "make update" All the little functions created by the IMPLEMENT_STACK_OF() macro will cast their type-specific STACK into a real STACK and call the underlying sk_*** function. The problem is that if the STACK_OF(..) parameter being passed in has a "const *" qualifier, it is discarded by the cast. sk_value was also suffering from de-const-ification. Also, add in a couple of missing declarations in pkcs7 code. sk_***_new_null() seems to be there to avoid exactly this sort of thing which is a cast between NULL and a function pointer. This is the first of two commits (didn't want to dump them all into the same one). However, the first will temporarily break things until the second comes through. :-) The previous commit to crypto/stack/*.[ch] pulled the type-safety strings yet tighter, and also put some heat on the rest of the library by insisting (correctly) that compare callbacks used in stacks are prototyped with "const" parameters. This has led to a depth-first explosion of compiler warnings in the code where 1 constification has led to 3 or 4 more. Fortunately these have all been resolved to completion and the code seems cleaner as a result - in particular many of the _cmp() functions should have been prototyped with "const"s, and now are. There was one little problem however; This change will cause builds (by default) to not use different STACK structures and functions for each stack type. The previous behaviour can be enabled by configuring with the "-DDEBUG_SAFESTACK" option. This will also cause "make update" (mkdef.pl in particular) to update the libeay.num and ssleay.num symbol tables with the number of extra functions DEBUG_SAFESTACK creates. "make update" + stripping the type-specific stack functions out of libeay.num and ssleay.num. Enable DSO support on alpha (OSF1), cc and gcc. The atalla functionality doesn't work with the "word" version of BN_mod_exp. Call the regular atalla mod_exp operation instead. Currently the DSO_METHOD interface has one entry point to bind all "symbols" including functions (of all prototypes( and variables. Whilst casting any function type to another violates ANSI C (I believe), it is a necessary evil in shared-library APIs. However, it is quite conceivable that functions in general and data symbols could very well be represented differently to each other on some systems, as Bodo said; 'make update' * This adds some checking to the 'dlfcn' DSO_METHOD that at least lets it cope with OpenBSD which doesn't understand "RTLD_NOW". * Added the dso_scheme config string entry for OpenBSD-x86 to give it DSO support. * 'make update' that has also absorbed some of Steve's mkstack changes for the ASN-related macros. Steve fixed up some strange errors introduced into dso_win32.c, and I'm just converting some spaces to tabs from his fix. :-) Time to get rid of some rather silly code duplication - some DSO_ctrl() commands are common to all DSO_METHODs, hence handle them at the top. None of the DSO_METHOD's were handling anything except generic messages. These are now processed inside DSO_ctrl() itself. DSO_ctrl() changes have removed a couple of DSO_METHOD-specific functions so I've regenerated the error numbers and strings for the DSO functions. This changes the behaviour of the DSO mechanism for determining an appropriate filename translation on the host system. Apart from this point, users should also note that there's a slight change in the API functions too. The DSO now contains its own to-be-converted filename ("dso->filename"), and at the time the DSO loads the "dso->loaded_filename" value is set to the translated form. As such, this also provides an impicit way of determining if the DSO is currently loaded or not. Except, perhaps, VMS .... :-) Add a note about the recent DSO changes in CHANGES. DSO_load() should also work when it is passed a NULL - a new DSO is created automatically, however some code was still referring to the original pointer rather than the internal one (and thus to NULL instead of the created pointer). This is a demo that performs SSL tunneling (client and/or server) and is built using an abstracted state machine with a non-blocking IP wrapper around it. README will follow in the next commit. Explanation, tips, etc. oops, remove comments that are no longer true. Richard moved hw_nuron.c over to DSO-land recently, so this include isn't needed now. Many applications that use OpenSSL with ENGINE support might face a situation where they've initialised the ENGINE, loaded keys (which are then linked to that ENGINE), and performed other checks (such as verifying certificate chains etc). At that point, if the application goes multi-threaded or multi-process it creates problems for any ENGINE implementations that are either not thread/process safe or that perform optimally when they do not have to perform locking and other contention management tasks at "run-time". I have no idea how this comment got there, but it's certainly not applicable to ENGINE_ctrl() Ensure that the "ex_data" member of an RSA structure is initialised before the RSA_METHOD's "init()" handler is called, and is cleaned up after the RSA_METHOD's "finish()" handler is called. Custom RSA_METHODs may wish to initialise contexts and other specifics in the RSA structure upon creation and that was previously not possible - "ex_data" is where that stuff should go and it was being initialised too late for it to be used. It was a small change, but it *could* conceivably affect people - so I'm making a note in the CHANGES file. A typo and a couple of logic errors fixed. I think there may still be one or two kinks lurking around, but it now appears to deal with the basic test cases ok. Minor tweaks and improvements to the tunala demo. Make s_client/s_server-style cert verification output configurable by command line, and make the peer-authentication similarly configurable. More little changes to the tunala demo; Do to DH and DSA what has already been done to RSA. This involves moving the initialisation and cleanup of "ex_data" elements to before an init() handler and after a finish() handler respectively. Amend the original CHANGES log entry. The ex_data handling has been similarly modified now on DH and DSA. * Fix a slight bug in the state-machine. This caused the client end of a tunnel to not pro-actively close down when failing an SSL handshake. First step in tidying up the LHASH code. The callback prototypes (and casts) used in the lhash code are about as horrible and evil as they can be. For starters, the callback prototypes contain empty parameter lists. Yuck. Next step in tidying up the LHASH code. This commit defines DECLARE and IMPLEMENT macros for defining wrapper functions for "hash" and "cmp" callbacks that are specific to the underlying item type in a hash-table. This prevents function pointer casting altogether, and also provides some type-safety because the macro does per-variable casting from the (void *) type used in LHASH itself to the type declared in the macro - and if that doesn't match the prototype expected by the "hash" or "cmp" function then a compiler error will result. Use the new LHASH macros to declare type-safe wrapper functions that can be used as the hash/compare callbacks without function pointer casting. Make the remaining LHASH macro changes. This should leave no remaining cases of function pointer casting in lh_new() calls - and leave only the lh_doall and lh_doall_arg cases to be finished. Make a note of the LHASH changes. Update the documentation to the current state of the LHASH changes. There will probably be more when the lh_doall[_arg] callbacks are similarly tidied up, but this 'pod' should now be current. ANSI C doesn't allow trailing semi-colons after a function's closing brace so these macros probably shouldn't be used like that at all. So, this change removes the misleading comment and also adds an implicit trailing semi-colon to the DECLARE macros so they too don't require one. Sync up with a minor change in lhash.h Next step in tidying up the LHASH code. This is an engine contributed by Broadcom - it is meant to support the BCM5805 and BCM5820 units. So far I've merely taken a skim over the code and changed a few things from their original contributed source (de-shadowing variables, removing variables from the header, and re-constifying some functions to remove warnings). If this gives compilation problems on any system, please let me know. We will hopefully know for sure whether this actually functions on a system with the relevant hardware in a day or two. :-) Make a note of the new engine. Some minor changes to the "tunala" demo. This adds support to 'tunala' for supplying DH parameters (without which it will not support EDH cipher suites). The parameters can either be loaded from a file (via "-dh_file"), generated by the application on start-up ("-dh_special generate"), or be standard DH parameters (as used in s_server, etc). Re-order the options in tunala and add command switches like s_server for disabling different SSL/TLS protocol versions. Whilst in the process of fixing outstanding function-pointer casts in the LHASH code, this evil was uncovered. The cast was obscuring the fact that the function was prototyped to take 2 parameters when in fact it is being used as a callback that should take only one. Anyway, the function itself ignores the second parameter (thankfully). A proper cure is on the way but for now this corrects the inconsistency. This adds macros to implement (and/or declare) type-safe wrapper functions around the callbacks required in the LHASH code for the "doall" functions. Get rid of the function pointer casting in the debugging memory code due to LHASH usage. NB: The callback type used as been suctioned off into crypto.h as CRYPTO_MEM_LEAK_CB to improve clarity. Move all the existing function pointer casts associated with LHASH's two "doall" functions to using type-safe wrappers. As and where required, this can be replaced by redeclaring the underlying callbacks to use the underlying "void"-based prototypes (eg. if performance suffers from an extra level of function invocation). It was correctly pointed out to me that my CHANGES entry was a little thin on details. :-) oops, void functions shouldn't try and return a value. Strangely, gcc didn't even give a warning for this yet HPUX cc considered it an error. Reported by Lutz(@openssl.org). Update the LHASH man page. Insert a missing space to stop pod2man giving stroppy "malformed" warnings. This change was a quick experiment that I'd wanted to try that works quite well (and is a good demonstration of how encapsulating the SSL in a memory-based state machine can make it easier to apply to different situations). Re-order a couple of static functions and "#if 0" out unused ones - this gets rid of gcc warnings. The callbacks in the NAME_FUNCS structure are not used directly as LHASH callbacks, and their prototypes were consistent as they were. These casts need reversing. 'make update' This change allows a callback to be used to override the generation of SSL/TLS session IDs in a server. According to RFC2246, the session ID is an arbitrary value chosen by the server. It can be useful to have some control over this "arbitrary value" so as to choose it in ways that can aid in things like external session caching and balancing (eg. clustering). The default session ID generation is to fill the ID with random data. This adds command-line support to s_server for controlling the generation of session IDs. Namely, passing "-id_prefix " will set a generate_session_id() callback that generates session IDs as random data with block-copied over the top of the start of the ID. This can be viewed by watching the session ID s_client's output when it connects. Note changes re: session ID generation callbacks, etc. If a callback is generating a new session ID for SSLv2, then upon exiting, the ID will be padded out to 16 bytes if the callback attempted to generate a shorter one. The problem is that the uniqueness checking function used in callbacks may mistakenly think a 9-byte ID is unique when in fact its padded 16-byte version is not. This makes the checking function detect SSLv2 cases, and ensures the padded form is checked rather than the shorter one passed by the callback. Fix an oversight - when checking a potential session ID for conflicts with an SSL_CTX's session cache, it is necessary to compare the ssl_version at the same time (a conflict is defined, courtesy of SSL_SESSION_cmp(), as a matching id/id_length pair and a matching ssl_version). However, the SSL_SESSION that will result from the current negotiation does not necessarily have the same ssl version as the "SSL_METHOD" in use by the SSL_CTX - part of the work in a handshake is to agree on an ssl version! I missed one. Don't return an error until the global lock is released. Actually there were two error cases that could return without releasing the lock - stupidly, my last change addressed only one of them. ENGINE_load_[private|public]_key had error handling that could return without releasing a lock. This is the same fix as applied to OpenSSL-engine-0_9_6-stable, minus the ENGINE_ctrl() change - the HEAD already had that fixed. 'make update' This moves string constants out of vendor headers and into C files. Structural references should never be decremented directly - so leave that to ENGINE_free(). Also, remove "#if 0" code that has no useful future. Some more tweaks to ENGINE code. Some more tweaks to ENGINE code. Some more tweaks to ENGINE code. Some more tweaks from ENGINE code. Make the shared library name and function symbol for the "nuron" ENGINE static data where they could be parameterised by ctrl() commands. Make a note of the recent ENGINE developments. Some more tweaks to ENGINE code. Some BIG tweaks to ENGINE code. Some more tweaks to ENGINE code. Changes to "openssl engine" to support the new control command code in ENGINE. Add notes about the new ENGINE functionality. Make update. This change to the "dl", "dlfcn", and "win32" DSO_METHODs adds the filename or symbol name to the error stack in the event a load or bind operation failed. This adds 2 things to the ENGINE code. Make notes about ENGINE changes. "make update" Some fixes to the reference-counting in ENGINE code. First, there were a few statements equivalent to "ENGINE_add(ENGINE_openssl())" etc. The inner call to ENGINE_openssl() (as with other functions like it) orphans a structural reference count. Second, the ENGINE_cleanup() function also needs to clean up the functional reference counts held internally as the list of "defaults" (ie. as used when RSA_new() requires an appropriate ENGINE reference). So ENGINE_clear_defaults() was created and is called from within ENGINE_cleanup(). Third, some of the existing code was logically broken in its treatment of reference counts and locking (my fault), so the necessary bits have been restructured and tidied up. For some inexplicable reason, I'd (a) left the debugging irreversibly turned on, and (b) left a somewhat curious debugging string in the output. In RSA, DSA, DH, and RAND - if the "***_new()" function fails because the ENGINE code does not return a default, set an error. Fix a memory leak in 'sk_dup' in the case a realloc() fails. Also, tidy up a bit of weird code in sk_new. openssl speed is quite useful for testing hardware support (among other things), especially as the RSA keys are fixed. However, DSA only fixes the DSA parameters and then generates the public and private components on the fly each time - this commit hard-codes some sampled key values so that this is no longer the case. Currently, RSA code, when using no padding scheme, simply checks that input does not contain more bytes than the RSA modulus 'n' - it does not check that the input is strictly *less* than 'n'. Whether this should be the case or not is open to debate - however, due to security problems with returning miscalculated CRT results, the 'rsa_mod_exp' implementation in rsa_eay.c now performs a public-key exponentiation to verify the CRT result and in the event of an error will instead recalculate and return a non-CRT (more expensive) mod_exp calculation. As the mod_exp of 'I' is equivalent to the mod_exp of 'I mod n', and the verify result is automatically between 0 and n-1 inclusive, the verify only matches the input if 'I' was less than 'n', otherwise even a correct CRT calculation is only congruent to 'I' (ie. they differ by a multiple of 'n'). Rather than rejecting correct calculations and doing redundant and slower ones instead, this changes the equality check in the verification code to a congruence check. Tidy up "cvs update" output a bit. - New INSTALL document describing different ways to build "tunala" and possible problems. - New file breakage.c handles (so far) missing functions. - Get rid of some signed/unsigned/const warnings thanks to solaris-cc - Add autoconf/automake input files, and helper scripts to populate missing (but auto-generated) files. The indexes returned by ***_get_ex_new_index() functions are used when setting stack (actually, array) values in ex_data. So only increment the global counters if the underlying CRYPTO_get_ex_new_index() call succeeds. This change doesn't make "ex_data" right (see the comment at the head of ex_data.c to know why), but at least makes the source code marginally less frustrating. The indexes returned by ***_get_ex_new_index() functions are used when setting stack (actually, array) values in ex_data. So only increment the global counters if the underlying CRYPTO_get_ex_new_index() call succeeds. This change doesn't make "ex_data" right (see the comment at the head of ex_data.c to know why), but at least makes the source code marginally less frustrating. Give DH, DSA, and RSA functions to "up" their reference counts. Otherwise, dependant code has to directly increment the "references" value of each such structure using the corresponding lock. Apart from code duplication, this provided no "REF_CHECK/REF_PRINT" checking and violated encapsulation. Changes crypto/evp/ and ssl/ code from directly incrementing reference counts in DH, DSA, and RSA structures. Instead they use the new "***_up()" functions that handle this. Make a note of the "up" functions. This changes the "ERR" code to have all access to state (a hash table of error strings and a hash table storing per-thread error state) go via an ERR_FNS function table. The first time an ERR operation occurs, the implementation that will be used (from then on) is set to the internal "defaults" implementation if it has not already been set. The actual LHASH tables are only accessed by this implementation. Note the "ERR" changes. Tidy up some code formatting. gcc can't spot that 'derlst' is not used uninitialised, so appease it. "make update" Make sure "CRYPTO_mem_leaks_fp" doesn't itself create a reportable memory leak. Ensure that failure to create the BIO in 'CRYPTO_mem_leaks_fp' doesn't leave memory debugging turned off. [Spotted by G??tz Babin-Ebell] (A version of) gcc had been giving somewhat odd "trigraph" warnings about this construct, and Ulf provided the following insight as to why; Only OPENSSL_free() non-NULL pointers. First step in fixing "ex_data" support. Warning: big commit log ... Make the necessary changes to work with the recent "ex_data" overhaul. See the commit log message for that for more information. Note the "ex_data" changes. Convert "max" to "mx" for variable names (brought to my attention by Steve Henson). Also, reverse a previous change that used an implicit function pointer cast rather than an explicit data pointer cast in the STACK cleanup code. Correct a typo. Add a new ERR function, "ERR_unload_strings", to complement the existing "ERR_load_strings" function. Note the "ERR_unload_strings" function. This change adds a new ENGINE called "dynamic" that allows new ENGINE implementations to be loaded from self-contained shared-libraries. It also provides (in engine.h) definitions and macros to help implement a self-contained ENGINE. Version control is handled in a way whereby the loader or loadee can veto the load depending on any objections it has with each other's declared interface level. The way this is currently implemented assumes a veto will only take place when one side notices the other's interface level is too *old*. If the other side is newer, it should be assumed the newer version knows better whether to veto the load or not. Version checking (like other "dynamic" settings) can be controlled using the "dynamic" ENGINE's control commands. Also, the semantics for the loading allow a shared-library ENGINE implementation to handle differing interface levels on the fly (eg. loading secondary shared-libraries depending on the versions required). This changes the existing hardware ENGINE implementations to dynamically declare their own error strings so that they can be more easily compiled as external shared-libraries if desired. Also, each implementation has been given canonical "dynamic" support at the base of each file and is only built if the ENGINE_DYNAMIC_SUPPORT symbol is defined. Add a "_up" -> "_up_ref" change to libeay.num that was missing from the recent changes. Also, do the same change to the DSO_up() function. Make the 'dynamic' ENGINE bundle up the loading application/library's locking callbacks to pass to the loaded library (in addition to the existing mem, ex_data, and err callbacks). Also change the default implementation of the "bind_engine" function to apply those callbacks, ie. the IMPLEMENT_DYNAMIC_BIND_FN macro. Update the ENGINE README, and stock it up with extra verbeage for good measure (including info and instructions on "dynamic" ENGINEs). "DH_up" had been changed to "DH_up_ref" in libeay.num but the function declaration and implementation had not. So a recent update recreated the original definition in libeay.num ... this corrects it and changes the "dh" code to the "up_ref" variant. Change DH_up() -> DH_up_ref() Add some missing CHANGES items. ENGINE's init() and finish() handler functions are used when the ENGINE is being enabled or disabled (respectively) for operation. Additionally, each ENGINE has a constructor function where it can do more 'structural' level intialisations such as loading error strings, creating "ex_data" indices, etc. This change introduces a handler function that gives an ENGINE a corresponding opportunity to cleanup when the ENGINE is being destroyed. It also adds the "get/set" API functions that control this "destroy" handler function in an ENGINE. This adds "destroy" handlers to the existing ENGINEs that load their own error strings - the destroy handler functions unload the error strings so any pending error state referring to them will not attempt to reference them after the ENGINE has been destroyed. ENGINEs can now perform structural cleanup. enginetest needs 'memset' defined. Put all "common" initialisation in the apps_startup() and apps_shutdown() macros in apps.h. make update ENGINE files were renamed, and error strings are now in eng_err.c ENGINE uses a very opaque design, so we can predeclare the structure type in "types.h" so that very few headers will need to include engine.h, generally only C files using API functions will need it (reducing the header dependencies quite a lot). Reduce the header dependencies on engine.h in apps/. Updated dependencies from "make update" 'evp_test' needs to initialise and cleanup EVP_CIPHER_CTX structures. Also, fix a typo and add cleanup operations. This also switches on memory leak checking (which is how the rest was found). Add a SHA1 test to evptests.txt - only the MD5 hash algorithm was being tested previously. Fix a typo in the preprocessor logic in eng_list.c that had left RSA, DSA, and DH all conditional upon OPENSSL_NO_RSA. Some of the ENGINE file names were changed for 8.3 filename uniqueness recently. So comments including file names have been fixed, and copyright notices brought up to "2001" at the same time. "make update" Some major restructuring changes to ENGINE, including integrated cipher and digest support, are on their way. Rather than having gigantic commit log messages and/or CHANGES entries, this change to the README will serve as an outline of what it all is and how it all works. This change replaces the ENGINE's underlying mechanics with the new ENGINE_TABLE-based stuff - as described in crypto/engine/README. This commits the changes to STACK macros forced by recent ENGINE surgery. This commits changes to various parts of libcrypto required by the recent ENGINE surgery. DH, DSA, RAND, and RSA now use *both* "method" and ENGINE pointers to manage their hooking with ENGINE. Previously their use of "method" pointers was replaced by use of ENGINE references. See crypto/engine/README for details. Make necessary tweaks to apps/ files due to recent ENGINE surgery. See crypto/engine/README for details. "make update". indentation. This change adds cipher and digest support into ENGINE using the ENGING_TABLE mechanism. The necessary hooks from crypto/evp/ to use this will be committed shortly. This changes EVP's cipher and digest code to hook via the ENGINE support. See crypto/engine/README for details. This change adds dummy RC4 and SHA1 support to the "openssl" ENGINE for testing. Because of the recent changes (see crypto/engine/README), the "openssl" ENGINE is no longer needed nor is it loaded automatically or by ENGINE_load_builtin_engines(). So a explicit ENGINE_load_openssl() call is required by applications or a modification to eng_all.c before this ENGINE will be used. This change will send output to stderr as/when its implementations are used. This change puts the original OpenBSD /dev/crypto support that was in crypto/evp/ into the corresponding ENGINE. This code is currently untested. Fiddling. Put the cipher info back into the "openssl engine" command. Make update to bring in all the cipher/digest-related ENGINE changes. NB: It looks like mkdef.pl is causing certain cvs wars by continually flipping the order of some definitions ... "FALLBACK" handling was a hack that was thrown out long ago in the ENGINE redevelopment. The idea had been that "-1" could be used as a special "ask me later" 'nid' rather than specifying supported cipher and digest 'nid's up front. However the idea turned out to be pretty broken. ENGINE_register_all_complete() will register all implementations of all algorithms present in all loaded ENGINEs. The result is that if any of those ENGINEs successfully initialises, and the ENGINE_TABLE_FLAG_NOINIT flag isn't set, then they will always be used (and cached as defaults) in preference to software implementations. Ie. accidental auto-detection of acceleration hardware :-) Make "openssl engine -c" list any supported digests as well as supported ciphers. Make an (overdue) note about the recent ENGINE restructuring. Apart from a few items however, most of the details are deferred to the crypto/engine/README file. The STACK macros take care of casting to and from the designated item type of the stack, and the (void *) type used in the underlying sk_*** functions. However, declaring a STACK_OF(type) where type is a *function* type implicitly involves casts between function pointers and data pointers. That's a no-no. This changes the ENGINE_CLEANUP handling to use a regular data type in the stack. The cleanup stack in ENGINE changed slightly, so this "make update" is needed. Missing pointer in the eng_table_register function. Reported by Martin Szotkowski. Make sure the "ENGINE_TABLE" cleanup callbacks have correct prototypes. As ENGINE_load_openbsd_dev_crypto() is an API function, it makes sense for it to be defined on all platforms whether or not it is of any practical use on them. This also resolves linker problems on "special" platforms, such as win32. EVP_EncryptInit_ex() and EVP_DecryptInit_ex() had been defined in evp.h but not implemented. (Bug reported by Martin Szotkowski) Change some EVP prototypes to use "cipher" rather than "type" as a variable name. The implementations already use this anyway. evp_test.c and evptests.txt both need to be linked in the test/ directory however for different reasons. This separation should prevent the win32 build from interpreting evptests.txt as source code. 'flags' should only be set inside DSO_load() if constructing a new DSO object - otherwise we overwrite any flags that had been previously set in the DSO before calling DSO_load(). The "openssl" ENGINE is no longer used except as a testing/debugging device. This change enables it for building as a self-contained "dynamic" ENGINE, to help testing such mechanisms. When the "dynamic" ENGINE loads another ENGINE from a shared-library, it essentially overwrites itself with the new ENGINE, with the exception of reference counts, ex_data structures, and other 'admin' elements. However if the new ENGINE doesn't populate certain elements, there's the risk of the "dynamic" ENGINE's elements showing through - the "cmd_defns" were just one of the possibilities. This implements a more comprehensive cleanup. In this particular error condition, the structural reference wasn't being released. Cut "ENGINE_ID" to the more concise "ID". This looks to have been a typo. Constify. - Add the same header stuff to aes_locl.h as is in des_locl.h to avoid undefined functions (memset, etc). - Put a .cvsignore in the aes directory too. - libtool finally annoyed me too much, so I'm nuking it, - tidy up some output, - print a warning when running an SSL server with no cert, - only log each connect/disconnect if the new "-out_conns" switch is used. - Network errors could pollute the buffers because -1 isn't noticed in an "unsigned int". - Remove redundant processing with machine->ssl is NULL. - Remove compiler warnings about uninitialised 'ctx' (it's not used uninitialised, but gcc can't see that). The sample certs had expired, so these are newer ones that should last quite a bit longer. Produce less confusing statistics when "-out_totals" is used. Correct for the recent prototype changes. The 'type' parameter, an EVP_MD pointer, represents the type of digest required as well as a default implementation (when no ENGINE provides a replacement implementation). This change makes sure the correct implementation's "init()" handler is used rather than assuming 'type'. - Add support for cipher suites that require a temporary RSA key for key-agreement. - Tolerate signal interruptions of select(). Make the "ungunk" logic a little more robust. A rough little self-test for tunala. This runs through all cipher-suite / SSL/TLS version combinations looking for mishaps. make update This adds a new ENGINE to support IBM 4758 cards, contributed by Maurice Gittens. This apparently fixes compilation on OSX that was failing in 0.9.7 betas. Make sure any ENGINE control commands make local copies of string pointers passed to them whenever necessary. Otherwise it is possible the caller may have overwritten (or deallocated) the original string data when a later ENGINE operation tries to use the stored values. Correct an error in the README.ENGINE file. oops, there were other cases of "ENGINE_ID" to change too. This documentation change was being written at the same time as Richard's changes. So I'm committing this version to overwrite his changes for now, and he can always take his turn to overwrite my words if he wants :-) Fix "make install_docs" (and thus "make install"). A single monolithic man page for the ENGINE stuff. This is a rough first-cut but provides better documentation than having nothing on the ENGINE API. Various parts of the RSA documentation were inaccurate and out of date and this fixes those that I'm currently aware of. In particular, the ENGINE interference in the RSA API has hopefully been clarified. This still needs to be done for other areas of the API ... typo fix These are updates/fixes to DH/DSA/RAND docs based on the fixes to the RSA docs. There were a couple of other places (including RSA) where the docs were not quite synchronised with the API that are now fixed. One or two still remain to be fixed though ... Fix a bug to allow the 4758 ENGINE to build as a DSO. - Remo Inverardi noticed that ENGINEs don't have an "up_ref" function in the normal 'structural' case (ENGINE_init() satisfies this in the less normal 'functional' case). This change provides such a function. The ENGINE implementations in ./engines/ should be role models on how to write external engines (and thus should require only installed openssl headers and libs to compile without warnings). So this gets rid of recently introduced compilation warnings (no longer including internal headers) by including string.h directly. The loop variable is 'l', not 'i'. We need to propogate SHARED_LIBS to sub-directories for "install" targets now. Another ENGINE implementation dependant on string.h. If dynamically-loadable ENGINEs are linked against a shared-library version of libcrypto, then it is possible that when they are loaded they will share the same static data as the loading application/library. This means it will be too late to set memory/ERR/ex_data/[etc] callbacks, but entirely unnecessary to try. This change puts a static variable in the core ENGINE code (contained in libcrypto) and a function returning a pointer to it. If the loaded ENGINE's return value from this function matches the loading application/library's return value - they share static data. If they don't match, the loaded ENGINE has its own copy of libcrypto's static data and so the callbacks need to be set. Make pod2man happier. Correct and enhance the behaviour of "internal" session caching as it relates to SSL_CTX flags and the use of "external" session caching. The existing flag, "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP" remains but is supplemented with a complimentary flag, "SSL_SESS_CACHE_NO_INTERNAL_STORE". The bitwise OR of the two flags is also defined as "SSL_SESS_CACHE_NO_INTERNAL" and is the flag that should be used by most applications wanting to implement session caching *entirely* by its own provided callbacks. As the documented behaviour contradicted actual behaviour up until recently, and since that point behaviour has itself been inconsistent anyway, this change should not introduce any compatibility problems. I've adjusted the relevant documentation to elaborate about how this works. The last character of inconsistency in my recent commits is hereby squashed. The recent CHANGES note between 0.9.6g and 0.9.6h needs copying into the other branches. Add a HISTORY section to the man page to mention the new flags. Fix a warning, and do some constification as a lucky side-effect :-) This is a first-cut at improving the callback mechanisms used in key-generation and prime-checking functions. Rather than explicitly passing callback functions and caller-defined context data for the callbacks, a new structure BN_GENCB is defined that encapsulates this; a pointer to the structure is passed to all such functions instead. Undefine OPENSSL_NO_DEPRECATED inside openssl application code if we are being built with it defined - it is not a symbol to affect how openssl itself builds, but to alter the way openssl headers can be used from an API point of view. The "deprecated" function wrappers will always remain inside OpenSSL at least as long as they're still being used internally. :-) Nils Larsch submitted; - a patch to fix a memory leak in rsa_gen.c - a note about compiler warnings with unions - a note about improving structure element names This stops a compiler warning from -Wmissing-prototypes. (Noticed by Nils Larsch) Make 'tunala' link with zlib if possible (so it works if openssl was configured with zlib support). The ampersand is not required in these constructs, and was giving AIX warnings. This is the first step in allowing RSA_METHODs to implement their own key generation. This prototype matches the new API function RSA_generate_key_ex(), though both may be subject to change during development before 0.9.8. RSA_METHOD now supports key-generation, but (for now) none of these ENGINEs implement it. As with RSA, which was modified recently, this change makes it possible to override key-generation implementations by placing handlers in the methods for DSA and DH. Also, parameter generation for DSA and DH is possible by another new handler for each method. "openssl engine" will not display ENGINE/DSO load failure errors when testing availability of engines with "-t" - the old behaviour of is produced by increasing the feature's verbosity with "-tt". Commit a slightly modified version of an old experiment to do RSA private key operations using the GMP library. The default is not to build (or use) this code unless OPENSSL_USE_GMP is defined (because it will impose header and linker dependencies that might need specifying too). This glues the GMP wrapper ENGINE into OpenSSL if it is being built (ie. if the OPENSSL_USE_GMP symbol is defined). Also, I've re-ordered the listing of other builtin ENGINEs to be alphabetical (though "dynamic" will still come first). Summarise the last couple of commits. David Brumley noted and corrected a case in the verification step of CRT private key operations in the RSA code - previously no montgomery form was checked or used for 'n', and so it would be generated on the fly each time. As a result, private key operations are now a percent or two faster. We cache a montgomery form for 'n' if the PUBLIC flag is set, not PRIVATE. Declare prototypes for function pointer types, even if they are likely to be cast later on. Session cache implementations shouldn't have to access SSL_SESSION elements directly, so this missing functionality is required. The default implementation of DSA_METHOD has an interdependence on the dsa_mod_exp() and bn_mod_exp() handlers from dsa_do_verify() and dsa_sign_setup(). When another DSA_METHOD implementation does not define these lower-level handlers, it becomes impossible to do a fallback to software on errors using a simple DSA_OpenSSL()->fn(key). Fix a bone-head bug. This warrants a CHANGES entry because it could affect applications if they were passing a bogus 'flags' parameter yet having things work as they wanted anyway. This memset() in the ubsec ENGINE is a bug. Zeroing out the result array should not be necessary in any case, but more importantly the result and input BIGNUMs could be the same, in which case this is clearly a problem. These should be write-locks, not read-locks. Remove duplicate prototypes have already been (correctly) added to rsa.h, as this is already included by x509.h anyway. crypto/evp/evptests.txt is copied to tests/ rather than symlinked because of windows (see checkin 1.75 of crypto/evp/Makefile.ssl), so quiet cvs noise for the copied version. Ignore derived file. make update Add my own debug config target. The "cryptodev" engine preprocessor logic used undefined symbols in comparisons. It's better not to allow this, because it gives false positives when using compiler warnings that detect mistyped symbols. When OPENSSL_NO_DEPRECATED is defined, deprecated functions are (or should be) precompiled out in the API headers. This change is to ensure that if it is defined when compiling openssl, the deprecated functions aren't implemented either. Update any code that was using deprecated functions so that everything builds and links with OPENSSL_NO_DEPRECATED defined. For whatever reason (compiler or header bugs), at least one commonly-used linux system (namely mine) chokes on our definitions and uses of the "HZ" symbol in crypto/tmdiff.[ch] and apps/speed.c as a "bad function cast" (when in fact there is no function casting involved at all). In both cases, it is easily worked around by not defining a cast into the macro and jiggling the expressions slightly. Avoid "empty source file" warnings. Comments out some unimplemented functions instead of redeclaring them. Relax some over-zealous constification that gave some lhash-based code no choice but to have to cast away "const" qualifiers from their prototypes. This does not remove constification restrictions from hash/compare callbacks, but allows destructor commands to be run over a tables' elements without bad casts. Remove redundant declaration. Remove an unnecessary cast that causes certain compilers (eg. mine) some confusion. Also silence a couple of signed/unsigned warnings. remove accidentally committed debugging cruft. BN_CTX is opaque and the static initialiser BN_CTX_init() is not used except internally to the allocator BN_CTX_new(), as such this deprecates the use of BN_CTX_init() in the API. Moreover, the structure definition of BN_CTX is taken out of bn_lcl.h and moved into bn_ctx.c itself. A general spring-cleaning (in autumn) to fix up signed/unsigned warnings. I have tried to convert 'len' type variable declarations to unsigned as a means to address these warnings when appropriate, but when in doubt I have used casts in the comparisons instead. The better solution (that would get us all lynched by API users) would be to go through and convert all the function prototypes and structure definitions to use unsigned variables except when signed is necessary. The proliferation of (signed) "int" for strictly non-negative uses is unfortunate. Some provisional bignum debugging has begun to detect inconsistent BIGNUM structures being passed in to or out of API functions, and this corrects a couple of cases found so far. Make md32_common.h friendlier to compiler warnings. Obtained from: Andy Polyakov Oops, this file already had the "empty source file" workaround but it requires -DPEDANTIC and was hidden at the bottom of the file. This moves it to the top and removes the redundant declaration. Copy-n-paste bug (don't mix variable declarations and code). This sets the callback structure just before it is needed. Remove a line that was causing redundant declarations. Obtained from: Stephen Henson Tighten up my compiler settings. make update This fixes a couple of cases where an inconsistent BIGNUM could be passed as input to a function. When a BN_CTX is used for temporary workspace, the variables are sometimes left in an inconsistent state when they are released for later reuse. This change resets the BIGNUMs when they are released back to the context. bn_div() does some pretty nasty things with temporary variables, constructing BIGNUM structures with pointers offset into other bignums (among other things). This corrects some of it that is too plainly insane, and tries to ensure that bignums are normalised when passed to other functions. This is the least unacceptable way I've found for declaring the bignum data and structures as constant without having to cast away const at any point. There is still plenty of other code that makes gcc's "-Wcast-qual" unhappy, but crypto/bn/ is now ok. Purists are welcome to suggest alternatives. Avoid some shadowed variable names. Submitted by: Nils Larsch Put the first stage of my bignum debugging adventures into CVS. This code is itself experimental, and in addition may cause execution to break on existing openssl "bugs" that previously were harmless or at least invisible. This is a revert of my previous commit to "improve" the declaration of constant BIGNUMs. It turns out that this trips up different but equally useful compiler warnings to -Wcast-qual, and so wasn't worth the ugliness it created. (Thanks to Ulf for the forehead-slap.) Put more debug screening in BN_div() and correct a comment. Add debug-screening of input parameters to some functions I'd missed before. This extends the debugging macros to use "pollution" during bn_correct_top(), previously only bn_check_top() did this. Avoid possible memory leaks in error-handling. General improvements to the ec_asn1.c code. This squashes at least one bug (where it was impossible to create an EC certificate with a compressed public key), and has some style improvements based on some comments from Steve Henson about use of the ASN1 macros. This rewrites two "for" loops in BN_rshift() - equality with zero is generally a more efficient comparison than comparing two integers, and the first of these two loops was off-by-one (copying one too many values). This change also removes a superfluous assignment that would set an unused word to zero (and potentially allow an overrun in some cases). Fix a small bug in str_copy: if more than one variable is replaced, make sure the current length is used to calculate the new buffer length instead of using the old length (prior to any variable substitution). BN_div() cleanup: replace the use of BN_sub and BN_add with bn_sub_words and bn_add_words to avoid using fake bignums to window other bignums that can lead to corruption. This change allows all bignum tests to pass with BN_DEBUG and BN_DEBUG_RAND debugging and valgrind. NB: This should be tested on a few different architectures and configuration targets, as the bignum code this deals with is quite preprocessor (and assembly) sensitive. Some changes for bn_gf2m.c: better error checking plus some minor optimizations. Fix some handling in bn_word. This also resolves the issues observed in ticket 697 (though uses a different solution than the proposed one). This problem was initially raised by Otto Moerbeek. Due to recent debugging bursts, openssl should be more or less solid against inconsistent BIGNUMs coming out of any of its API functions. So this change no longer "fixes" the bn_print.c functions, but it makes for cleaner code. This patch was a part of ticket 697. Get rid of some signed/unsigned comparison warnings. This improves the placement of check_top() macros in a couple of bn_lib functions. Make BN_DEBUG_RAND less painfully slow by only consuming one byte of pseudo-random data for each bn_pollute(). Improve a couple of the bignum macros. Note, this doesn't eliminate tolerance of ambiguous zero-representation, it just improves BN_abs_is_word() and simplifies other macros that depend on it. If BN_STRICT is defined, don't accept an ambiguous representation of zero (ie. where top may be zero, or it may be one if the corresponding word is set to zero). Note, this only affects the macros in bn.h, there are probably similar corrections required in some c files. Add more debugging to my Configure target, and "make update" to incorporate this and a few other changes. bn_fix_top() exists for compatibility's sake and is mapped to bn_correct_top() or bn_check_top() depending on debug settings. For internal source, all bn_fix_top()s should be converted one way or the other depending on whether the use of bn_correct_top() is justified. The bn_set_max() macro is only "used" by the bn_set_[low|high]() macros which, in turn, are used nowhere at all. This is a good thing because bn_set_max() would currently generate code that wouldn't compile (BIGNUM has no 'max' element). Add missing bn_check_top()s to bn_gf2m.c and remove some miscellaneous white-space. Add missing bn_check_top()s to bn_kron.c, remove some miscellaneous white-space, and include extra headers to satisfy debugging builds. Declare the static BIGNUM "BN_value_one()" more carefully. BN_FLG_FREE is of extremely dubious usefulness, and is only referred to once in the source (where it is set for the benefit of no other code whatsoever). I've deprecated the declaration in the header and likewise made the use of the flag conditional in bn_lib.c. Note, this change also NULLs the 'd' pointer in a BIGNUM when it is reset but not deallocated. Use the BN_is_odd() macro in place of code that (inconsistently) does much the same thing. Incremental cleanups to bn_lib.c. - Add missing bn_check_top() calls and relocate some others - Use BN_is_zero() where appropriate - Remove assert()s that bn_check_top() is already covering - Simplify the code in places (esp. bn_expand2()) - Only keep ambiguous zero handling if BN_STRICT isn't defined - Remove some white-space and make some other aesthetic tweaks minor signed/unsigned warning fixes When adding positive elements, we can use BN_uadd() instead of BN_add(). A cleanup of the ecs_ossl.c code and some (doxygen) comments for ecdsa.h Add ECDSA documentation. More changes coming out of the bignum auditing. BN_CTX_get() should ideally return a "zero" bignum as BN_new() does - so reset 'top'. During BN_CTX_end(), released bignums should be consistent so enforce this in debug builds. Also, reduce the number of wasted BN_clear_free() calls from BN_CTX_end() (typically by 75% or so). Minimise the amount of code dependent on BN_DEBUG_RAND. In particular, redefine bn_clear_top2max() to be a NOP in the non-debugging case, and remove some unnecessary usages in bn_nist.c. static Document a change I'd already made, and at the same time, correct the change to work properly; BN_zero() should set 'neg' to zero as well as 'top' to match the behaviour of BN_new(). The efforts to eliminate the dual-representation of zero and to ensure bignums are passed in and out of functions and APIs in a consistent form has highlighted that zero-valued bignums don't need any allocated word data. The use of BN_set_word() to initialise a bignum to zero causes needless allocation and gives it a return value that must be checked. This change converts BN_zero() to a self-contained macro that has no return/expression value and does not cause any expansion of bignum data. Convert openssl code not to assume the deprecated form of BN_zero(). Variety of belt-tightenings in the bignum code. (Please help test this!) Note my bignum hijinx in case app maintainers are using CHANGES for their porting efforts. Also, add Richard's name to the prior change. Protect against gcc's "warning: cast does not match function type". Remove some warnings. Damn, I was a bit hasty with my fix and hadn't spotted the linker dependency from asn1. By adding a BN_CTX parameter to the 'rsa_mod_exp' callback, private key operations no longer require two distinct BN_CTX structures. This may put more "strain" on the current BN_CTX implementation (which has a fixed limit to the number of variables it will hold), but so far this limit is not triggered by any of the tests pass and I will be changing BN_CTX in the near future to avoid this problem anyway. ... and this should likewise fix up those RSA implementations that weren't already built and tested. Adds warnings about two curves and fixes the "seed" value for two other curves. Replace the BN_CTX implementation with my current work. I'm leaving the little TODO list in there as well as the debugging code (only enabled if BN_CTX_DEBUG is defined). Adjust various bignum functions to use BN_CTX for variables instead of locally initialising their own. Avoid undefined results when the parameter is out of range. Reduce header interdependencies, initially in engine.h (the rest of the changes are the fallout). As this could break source code that doesn't directly include headers for interfaces it uses, changes to recursive includes are covered by the OPENSSL_NO_DEPRECATED symbol. It's better to define this when building and using openssl, and then adapt code where necessary - this is how to stay current. However the mechanism exists for the lethargic. (oops) Apologies all, that last header-cleanup commit was from the wrong tree. This further reduces header interdependencies, and makes some associated cleanups. header cleanup in apps/ When generating dependencies in the makefiles, generate the reduced dependencies of the OPENSSL_NO_DEPRECATED mode. This prevents dependencies being reproduced for "deprecated" header behaviour when a developer doesn't define the symbol (with the subsequent CVS wars that can ensue). More updates for the header cleanups (and apologies, again, for not having consolidated these prior to committing). "make update" noticed a new function. make update Extend the index parameter checking from sk_value to sk_set(). Also tidy up some similar code elsewhere. As far as I can tell, the bugfix this comment refers to was committed to 0.9.7-stable as well as HEAD (and doesn't apply to the 0.9.6-engine variant). Allow RSA key-generation to specify an arbitrary public exponent. Jelte proposed the change and submitted the patch, I jiggled it slightly and adjusted the other parts of openssl that were affected. The problem of rsa key-generation getting stuck in a loop for (pointlessly) small key sizes seems to result from the code continually regenerating the same prime value once the range is small enough. From my tests, this change fixes the problem by setting an escape velocity of 3 repeats for the second of the two primes. With the new dynamic BN_CTX implementation, there should be no need for additional contexts. The new BN_CTX code makes this sort of abuse unnecessary. Fix realloc usage in ec_curve.c This file implements various functions that have since been redefined as macros. I'm removing this from the NO_DEPRECATED build. Make some more API types opaquely available from ossl_typ.h, meaning the corresponding headers are only required for API functions or structure details. This now includes the bignum types and BUF_MEM. Subsequent commits will remove various dependencies on bn.h and buffer.h and update the makefile dependencies. Moving opaque definitions to ossl_typ.h lets us reduce header dependencies. Deprecate inclusion of crypto.h from ui.h. Reduce dependencies on crypto.h by moving the opaque definition of CRYPTO_EX_DATA and the new/free/dup callback prototypes to ossl_typ.h. Deprecate some recursive includes from the store.h API header, and put back required includes back via the internal header and str_lib.c. Deprecate quite a few recursive includes from the ssl.h API header and remove some unnecessary includes from the internal header ssl_locl.h. This then requires adding includes for bn.h in four C files. The inclusion of bn.h from the engine.h API header has been deprecated, so the engine implementations need to include bn.h to manipulate bignums. I can't verify this directly, but recent changes will probably require that the cryptodev implementation include bn.h directly (when building with OPENSSL_NO_DEPRECATED that is). Because of recent reductions in header interdependencies, these files need to include crypto.h directly. Remove some unnecessary recursive includes from the internal apps.h header, and include bn.h in those C files that need bignum functionality. Deprecate the recursive includes of bn.h from various API headers (asn1.h, dh.h, dsa.h, ec.h, ecdh.h, ecdsa.h, rsa.h), as the opaque bignum types are already declared in ossl_typ.h. Add explicit includes for bn.h in those C files that need access to structure internals or API functions+macros. After the latest round of header-hacking, regenerate the dependencies in the Makefiles. NB: this commit is probably going to generate a huge posting and it is highly uninteresting to read. This fixes the installation target for dynamic engines, which was trying to install to a different location than it had created. (BTW, VMS will need a matching fix in eng_list.c.) Note, these aren't ssl-specific, so I'm putting "engines/" into the libs directory rather than at the "--prefix" level or inside "ssl/". "no-engine" was being ignored, so remove it from the advertised syntax. Also remove some commented-out lines of code that deny CVS its purpose. Correct the return codes for ecdsatest. BN_div_word() was breaking when called from BN_bn2dec() (actually, this is the only function that uses it) because it would trip up an assertion in bn_div_words() when first invoked. This also adds BN_div_word() testing to bntest. As Nils put it; Tweak my debug target flags. Get rid of signed/unsigned warnings, and teach CVS about new things to ignore. Actually, that last change to BN_get_word() was a little too simple. Minor change to group like functions together. Attempt to bring the 'engine' documentation up to date w.r.t missing prototypes, etc. Also, some fairly significant edits were made to the text (who wrote this crap anyway? oh wait ...), removing stuff which is overkill, rewriting stuff that was opaque, correcting things that were just downright false, etc. Deprecate unused cruft, and "make update". Incomplete initial sweep over the engine code. Mainly reducing some comment-noise to managable levels and inverting the sense of the "uptodate" boolean (which was counter-intuitive the way I'd left it). Tidy up, including; - Remove unused and unuseful debug cruft. - Remove unnecessary 'top' fudging from BN_copy(). - Fix a potential memory leak and simplify the expansion logic in BN_bin2bn(). Improve error handling if decompression of an ec point fails, and cleanup ec_curve.c (unify comments, etc). Using Horner's algorithm to evaluate the ec polynomial (suggested by Adam Young ) Quick fix. Make a note of the new engine. Make -Werror happy again. Two TODO comments taken care of. Nils pointed out that one of them had already been done, and took care of the other one (which hadn't). Remove distracting comments and code. Thanks to Nils for picking up on the outstanding ticket. Nils Larsch reported that this include is required. Strange that this had gone unnoticed ... Update ECDSA and ECDH for OPENSSL_NO_ENGINE. Fix typos in the ecparam doc. Handle differences between engine IDs and their dynamic library names (and source files, for that matter) by tolerating the alternatives. It would be preferable to also change the generated shared library names, but that will be taken up separately. Change the source and output paths for 'chil' and '4758cca' engines so that dynamic loading is consistent with respect to engine ids. Fix some signed/unsigned warnings. Fix 64-bit compilation when PQ_64BIT_IS_INTEGER isn't defined. Fix PEDANTIC compilation, using the same trick as elsewhere. Fix signed/unsigned warnings. Fix compilation when HAVE_LONG_LONG isn't defined. Change my debug build for amd64. "make update" add a .cvsignore Silence two more generated files. Fix my debug-geoff configuration. Fix a nasty cast issue that my compiler was choking on. Fix a variety of warnings generated by some elevated compiler-fascism, OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff... Fork my debug configuration into 32-bit and 64-bit versions. Comment out a (currently) unused CMS function. (Sorry Steve, but I need -Werror right now to help me code-by-domino :-) Update tunala so it builds ok with OPENSSL_NO_DEPRECATED, and improve the autoungunk.sh logic (autobits have grown since I last tried this...). There was a need to support thread ID types that couldn't be reliably cast to 'unsigned long' (ie. odd platforms/compilers), so a pointer-typed version was added but it required portable code to check *both* modes to determine equality. This commit maintains the availability of both thread ID types, but deprecates the type-specific accessor APIs that invoke the callbacks - instead a single type-independent API is used. This simplifies software that calls into this interface, and should also make it less error-prone - as forgetting to call and compare *both* thread ID accessors could have led to hard-to-debug/infrequent bugs (that might only affect certain platforms or thread implementations). As the CHANGES note says, there were corresponding deprecations and replacements in the thread-related functions for BN_BLINDING and ERR too. Paul Sheer optimised the OpenSSL to/from libGMP conversions for the case where they both use the same limb size. I've tweaked his patch slightly, so blame me if it breaks. Fix auto-discovery of ENGINEs. See the CHANGES entry for details (and/or ticket #1668). Revert my earlier CRYPTO_THREADID commit, I will commit a reworked version some time soon. If --prefix="C:\foo\bar" is supplied to Configure for a windows target, then the backslashes need escaping to avoid being treated as switches in the auto-generated strings in opensslconf.h. Perl users are welcome to suggest a less hokey way of doing this ... Fix signed/unsigned warning. Remove the dual-callback scheme for numeric and pointer thread IDs, deprecate the original (numeric-only) scheme, and replace with the CRYPTO_THREADID object. This hides the platform-specifics and should reduce the possibility for programming errors (where failing to explicitly check both thread ID forms could create subtle, platform-specific bugs). Correct the FAQ and the threads man page re: CRYPTO_THREADID changes. Fix build warnings. Use of a 'top' var creates "shadow variable" warnings. Apparently '__top' is also risky, obfuscate further. (All this to avoid inlines...) Revert the size_t modifications from HEAD that had led to more knock-on work than expected - they've been extracted into a patch series that can be completed elsewhere, or in a different branch, before merging back to HEAD. Allow the CHIL engine to load even if dynamic locks aren't registered. Clarify a 'chil' engine param that is a little unintuitive. Fix compilation with -DOPENSSL_NO_DEPRECATED. util/mkdef.pl: o_time.h doesn't exist any more util/mkerr.pl: fix perl warning apps: constify some string parameters make depend bignum: fix boundary condition in montgomery logic dso: eliminate VMS code on non-VMS systems apps/s_server: document '-naccept' cmd-line argument bignum: allow concurrent BN_MONT_CTX_set_locked() evp: prevent underflow in base64 decoding s_client/s_server: support unix domain sockets Remove demos/tunala Fix no-ssl3 configuration option Include instead of "foo.h" Guenter (1): NetWare compilation fix. G??nther Noack (1): Avoid out-of-bounds write in SSL_get_shared_ciphers Hans Wennborg (1): RT3023: Redundant logical expressions Hubert Kario (10): add description of -no_ecdhe option to s_server man page add description of -attime to man page add ECC strings to ciphers(1), point out difference between DH and ECDH Document -trusted_first option in man pages and help. smime man page: add missing options in SYNOPSIS add description of missing options to verify man page sort the options in verify man page alphabetically add references to verify(1) man page for args_verify() options document -nextprotoneg option in man pages Add support for Camellia HMAC-Based cipher suites from RFC6367 Huzaifa Sidhpurwala (1): Make sure BN_sqr can never return a negative value. Ingo Schwarze (1): RT3239: Extra comma in NAME lines of two manpages Istvan Noszticzius (1): Fix use after free bug. Jake Goulding (1): RT2301: GetDIBits, not GetBitmapBits in rand_win Jakub Wilk (1): Create ~/.rnd with mode 0600 instead of 0666 James Westby (1): RT1941: c_rehash.pod is missing Jan Hykel (1): Don't use msg on error. Jan Schaumann (1): RT1804: fix EXAMPLE in EVP_EncryptInit.pod Janpopan (1): Fix a wrong parameter count ERR_add_error_data Jean-Paul Calderone (1): Correct the return type on the signature for X509_STORE_CTX_get_ex_data given in the pod file. Jeff Trawick (3): typo typo typo in SSL_get_peer_cert_chain docs Jeff Walton (1): Fix multiple cosmetic typos. Jeffrey Walton (9): Add information to BUGS section of enc documentation. PR#3354 Fix grammar error in verify pod. PR#3355 Clarify docs. Clarified that the signature's buffer size, `s`, is not used as an IN parameter. Added reference to platform specific cryptographic acceleration such as AES-NI Fix typo, add reference. PR2401: Typos in FAQ PR2401: Typos in FAQ RT3142: Extra initialization in state_machine Jim Reid (2): RT 2820: Case-insensitive filenames on Darwin RT2880: HFS is case-insensitive filenames John Fitzgibbon (1): RT2724: Remove extra declaration John Gardiner Myers (1): RT2942: CRYPTO_set_dynlock_create_callback doc fix Jonas Maebe (42): SetBlob: free rgSetBlob on error path ASN1_verify, ASN1_item_verify: cleanse and free buf_in on error path mime_hdr_new: free mhdr, tmpname, tmpval on error path mime_hdr_addparam: free tmpname, tmpval and mparam on error path, and check whether sk_MIME_PARAM_push succeeds BIO_new_dgram_sctp, dgram_sctp_read: zero entire authchunks multi_split: check for NULL when allocating parts and bpart, and for failure of sk_BIO_push() rtcp_new: return failure if allocation of bi->ptr failed cms_SignerInfo_content_sign: free sig on failure path cryptodev_digest_update: don't leak original state->mac_data if realloc fails cryptodev_digest_copy: return error if allocating dstate->mac_data fails dev_crypto_init_key: return error if allocating CDATA(ctx)->key failed dev_crypto_cipher: return immediately if allocating cin/cout failed dev_crypto_md5_update: check result of realloc(md_data->data) and don't leak memory if it fails dev_crypto_md5_copy: return error if allocating to_md->data fails old_hmac_encode: check for NULL result when allocating *pder JPAKE_CTX_new: check for NULL result when allocating ctx hashbn: check for NULL result when allocating bin and return an error if it fails all (in)direct callers of hashbn: propagate potential error in hashbn UI_construct_prompt: check for NULL when allocating prompt get_cert_by_subject: check for NULL when allocating hent NETSCAPE_SPKI_b64_encode: free der_spki and b64_str on error path do_othername: check for NULL after allocating objtmp do_ext_i2d: free ext_der or ext_oct on error path process_pci_value: free (*policy)->data before setting to NULL after failed realloc engine_md_copy: check for NULL after allocating to_md->HashBuffer pub_decode_gost94, pub_decode_gost01: check for NULL after allocating databuf pub_encode_gost94, pub_encode_gost01: check for NULL after allocating databuf and octet pkey_gost_ctrl: check for NULL after allocating pctx->shared_ukm pkey_gost_mac_keygen: check for NULL after allocating keydata capi_get_provname: free name on error if it was malloc'ed capi_cert_get_fname: check for NULL after allocating wfname capi_get_key: check for NULL after allocating key dtls1_process_heartbeat: check for NULL after allocating buffer dtls1_heartbeat: check for NULL after allocating s->cert->ctypes ssl_cert_dup: Fix memory leak ssl_create_cipher_list: check whether push onto cipherstack succeeds SSL_COMP_add_compression_method: exit if allocating the new compression method struct fails ssl3_get_certificate_request: check for NULL after allocating s->cert->ctypes ssl3_digest_cached_records: check for NULL after allocating s->s3->handshake_dgst serverinfo_process_buffer: check result of realloc(ctx->cert->key->serverinfo) and don't leak memory if it fails SSL_set_session: check for NULL after allocating s->kssl_ctx->client_princ tls1_process_heartbeat: check for NULL after allocating buffer tls1_heartbeat: check for NULL after allocating buf tree_print: check for NULL after allocating err Juli Mallett (1): Fix cast of boolean where cast of LHS intended. Justin Blanchard (1): RT1815: More const'ness improvements Kaspar Brand (3): Fix for PEM_X509_INFO_read_bio. Omit initial status request callback check. Fix SSL_CTX_get{first,next}_certificate. Ken Ballou (2): Remove redundant check. Typo. Klaus-Peter Junghanns (1): Add support for aes-128/192/256-ctr to the cryptodev engine. This can be used to speed up SRTP with libsrtp, e.g. on TI omap/sitara based devices. Krzysztof Kwiatkowski (1): Delete duplicate entry. Kurt Cancemi (4): Fix off-by-one errors in ssl_cipher_get_evp() RT3508: Remove unused variable introduced by b09eb24 RT3506: typo's in ssltest RT3547: Add missing static qualifier Kurt Roeckx (23): Fix additional pod errors with numbered items. Use defaults bits in req when not given Set authkey to NULL and check malloc return value. Check sk_SSL_CIPHER_num() after assigning sk. Link heartbeat_test with the static version of the libraries RT2626: Change default_bits from 1K to 2K Keep old method in case of an unsupported protocol Fix spelling of EECDH Fix warning about negative unsigned intergers Use the SSLv23 method by default Remove SSLv2 support Update changes to indicate that SSLv2 support has been removed dtls1_new: free s on error path capi_get_provname: Check return values Replace GOST_R_MALLOC_FAILURE and GOST_R_NO_MEMORY with ERR_R_MALLOC_FAILURE capi_ctrl, capi_vtrace: check for NULL after allocating and free it Allow using -SSLv2 again when setting Protocol in the config. Return error when a bit string indicates an invalid amount of bits left Fix memory leak in the apps dlfcn: always define _GNU_SOURCE Make "run" volatile Add missing include of sys/time.h Make build reproducible Laszlo Papp (3): RT2489: Remove extra "sig" local variable. RT2492: Remove extra NULL check. PR2490: Remove unused local variable bn ecp_nist.c Libor Krystek (2): Corrected OPENSSL_NO_EC_NISTP_64_GCC_128 usage in ec_lcl.h. PR#3370 Add support for SHA2 in CAPI ENGINE. Lubomir Rintel (2): POD: Fix item numbering POD: Fix list termination Luiz Angelo Daros de Luca (1): OpenSSL is able to generate a certificate with name constraints with any possible subjectAltName field. The Name Contraint example in x509v3_config(5) even use IP as an example: Lutz Jaenicke (1): FAQ/README: we are now using Git instead of CVS (cherry picked from commit f88dbb8385c199a2a28e9525c6bba3a64bda96af) Lutz J??nicke (300): HP-UX shared libraries do not build any longer, as EX_LIBS contains "-Wl,+s" instead of +s: * Hardcoded necessary references to -ldld/-ldl into the build rules and removed EX_LIBS. Some platforms (namely HP-UX) require the 'x' bit set for shared libraries. For performance reasons, it is also recommended to make the (mmap'ed) shared library 'read-only'. -> New permissions for installed shared libraries = 555 Fill in missing information about the string returned from SSL_CIPHER_description(), as there is no other API function to find out details about the cipher used besides the number of bits or protocol used. Store verify_result with sessions to avoid potential security hole. For the server side this was already done one year ago :-( Log security relevant change. Add EXAMPLES for SSL_CIPHER_description() output. Typo and additional information about cert-chain building. Add manual pages for certficate/key loading and friends. Add description of SSL_[CTX_]_check_private_key(). Don't cheat: when only getting several bytes from each source, n is incremented correctly, but RAND_add(..,n) counts the increasing n several times. Only RAND_add(..,n) once entropy collection is finished. Add automatic query of EGD sockets to RAND_poll(). The EGD sockets are only queried when the /dev/[u]random devices did not return enough entropy. Only the amount of entropy missing to reach the required minimum is queried, as EGD may be drained. Queried locations are: /etc/entropy, /var/run/egd-pool Documentation about SSL_get_ex_data_X509_STORE_CTX_idx and SSL_get_ex_new_index() functionality. Extended verify_callback() example to show the usage. Add entries for new manpages... Copy over just written manpage to the ones still missing. New manual page for a hardly known but important item :-) Document session caching, first step. If the source has already been succesfully queried, do not try to open it again as file. Typo: on my screen it nicely wrapped around at 80 :-) Clarify why SSL_CTX_use_certificate_chain_file() should be preferred. Documenting session caching, 2nd step. Fix typo preventing correct usage of -out option. Change preferences for sockets of EGD-style entropy daemons to a more reasonable selection. Modify access to EGD socket to deal with EINTR etc that can appear during connect() and other calls. First seen on Unixware-7. Update documentation to match the state at 0.9.6 _and_ the recent changes. Fix "wierd" typo as submitted by Jeroen Ruigrok/Asmodai . Typo New Option SSL_OP_CIPHER_SERVER_PREFERENCE allows TLS/SSLv3 server to override the clients choice; in SSLv2 the client uses the server's preferences. Manual page for SSL_CTX_set_options(). Unfortunately for some of the options someone much longer working with OpenSSL/SSLeay is needed. Update for 0.9.7 with SSL_OP_CIPHER_SERVER_PREFERENCE. Include information that automatic query is a new feature. More about session caching. New manual page: SSL_CTX_set_mode. Finish first round of session cache documentation. Add "-rand" option to s_client and s_server. Don't forget to mention minor change. Move entry to match chronologic orderering. SSL_get_version() was an easy one :-) Describe new callback for session id generation. Typo, spotted by "Greg Stark" . Add newly learned knowledge from yesterday's discussion. Forgot "cvs add", so only the surrounding changes made it... sigh. Add forgotten "-passin" option to smime.c usage help. OpenSSH 1.2.2p1 is dead and gone. Errors detecting the OpenSSL library are however still common and are solved by checking config.log. Some clarifications about $RANDFILE usage. Typo (Jun-ichiro itojun Hagino ) Fix wrong information with respect to CAs listed to the client (follows from technical discussion with Amit Chopra ). Missing link ("Greg Stark" ) Constify (Jason Molenda ) Clarify request of client certificates. This is a FAQ. Typo (reported by Petr Lancaric ) Update changelog to reflect additional changes made to the egd-locations. Clarify behaviour of SSL_write() by mentioning SSL_MODE_ENABLE_PARTIAL_WRITE flag as discussed on the mailing list. Clarify behaviour with respect to SSL/TLS records. One more point to clarify, pointed out by "Greg Stark" Typos. Increase ENTROPY_NEEDED to support Rijndael's larger key size. Add missing item(s) SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT. Don't forget responsible person so that its clear who is to blame. ERR_peek_error() returns "unsigned long". When only the key is given to "enc", the IV is undefined (found by Andy Brown ). Clarify! (based on recent mailing-list discussions) What is an '-engine' version? Typo... Clarify actual state. Some more documentation bits. Updated explanation. Documentation about ephemeral key exchange Add missing reference. Additional inline reference. Fix wrong information about SSL_set_connect_state()... Fix problem occuring when used from OpenSSH on Solaris 8. Another uninitialized static that may lead to problems on Solaris under some circumstances. Forgot to mention second fix. Fix inconsistent behaviour with respect to verify_callback handling. Don't miss files... Indent. Reworked manual pages with a lot of input from Bodo Moeller. Remove SSL_OP_NON_EXPORT_FIRST: It did not work, it was deactivated by #if 0/#endif anyway _and_ we now have the working SSL_OP_CIPHER_SERVER_PREFERENCE. Mention removed option. Don't disable rollback attack detection as a recommended bug workaround. Oops, one SSL_OP_NON_EXPORT_FIRST was left. Fix typos (shinagawa at star.zko.dec.com) Better description of the behaviour of SSL_shutdown() as it is now, broken or not. Bugfixes provided by "Stephen Hinton" . Unidirectional shutdown is allowed according to the RFC. One more step on the way for complete documentation... SSL_shutdown() has even more properties... One more function documented. More details about session timeout settings. Alert description strings for TLSv1 and documentation. More interdependencies with respect to shutdown behaviour. Checked in from the wrong !@#$%&*() copy... Documentation on how to handle compression methods. Hopefully it is clear enough, that it is currently not recommended. One more manual page... Make clear, that using the compression layer is currently not recommended. As discussed recently on openssl-users. More manual pages. Constify. Typo. -passin argument not used when actually loading the key (found by Massimiliano Pala ). More docs. Needed for build on SunOS 4.1.x with gcc (Jeffrey Hutzelman ). Wording of comment... Allow client certificate lists > 16kB ("Douglas E. Engert" .) Build shared libaries for Unixware-7 and OpenUNIX-8 in old (pre 0.9.7) style (Boyd Lynn Gerber ). Support for shared libraries on Unixware-7 and OpenUNIX-8 (Boyd Lynn Gerber ). Sort out mess of colons... Even more corrections for OpenUNIX 8 Completely reworked SVR5 shared library support. Recognize OpenUNIX-8 with compiler Make maximum certifcate chain size accepted from the peer application settable (proposed by "Douglas E. Engert" ). Rework section about return values another time (based on hints from Bodo Moeller). One more manual page. Typo. Typos (Chris Pepper ) Small documentation fixes (Howard Lum ) Update information as a partial response to the post From: "Chris D. Peterson" Subject: Implementation Issues with OpenSSL To: openssl-users at openssl.org Date: Wed, 22 Aug 2001 16:13:17 -0700 The patch included in the original post may improve the internal session list handling (and is therefore worth a seperate investigation). No change to the list handling will however solve the problems of incorrect SSL_SESSION_free() calls. The session list is only one possible point of failure, dangling pointers would also occur for SSL object currently using the session. The correct solution is to only use SSL_SESSION_free() when applicable! Flush buffers to prevent mixed output (Adam Back ). Clarify reference count handling/removal of session (shinagawa at star.zko.dec.com). Support for QNX (wrat at jump.net (the wharf rat)). HPUX 9.X on m68k with gcc ("Anton J. Gamel" ) Add information as provided by Richard Levitte on openssl-users :-) Tsss, SSLeay_version() was already documented, it just was not linked in. Fix incorrect BIO_*_ctrl() macros (Shay Harding ). Typos (jsyn ). Document the current behaviour of the DES interface. Remove blanks at begin of empty lines irritating epv_test.c Superflous '\' messes up with HP-UX make. Make SHLIB_TARGET available in subdirs (here: apps/) HP-UX 32bit: * When linking against shared libraries, the absolute path is remembered. - When linking against -L.., '..' is remembered inside the executable, so it will fail after "make install" or when not called from inside the "apps/" subdirectory of the build tree. - When using the "+cdp" option of "ld", the ".." information can be exchanged against $(INSTALL_TOP)/lib. In this case the executable will however refuse to work before "make install" has been called. This makes testing the 'openssl' executable a problem. * Solution 1: Relink the "openssl" executable, when "make install" is called. This would however require significant changes to the toplevel Makefile and the apps/ Makefile. * Solution 2: Statically link against libssl and libcrypto, so that the "openssl" executable is no longer dependant on the openssl shared libraries. Shut up compiler warnings for inconsistent declarations. Do not store unneeded data. Make removal from session cache more robust. Even though it is not really practical people should know about it. Make sure to remove bad sessions in SSL_clear() (found by Yoram Zahavi). SSL_clear != SSL_free/SSL_new Fix the fix (Yoram Zahavi)... Add missing strength entries. Map new X509 verification errors to alert codes (Tom Wu ). Remove superflous (and buggy) statement . Fix buggy if-condition (thomas poindessous ). Fix typo (Craig Davison ). Make short names of objects RFC2256-compliant. Fix buggy object definitions (Svenning Sorensen ). Apply OID fixes for elliptic curves as supplied by Nils Larsch . Keep my own specially optimized HP-UX shared library building up to date. Synchronize with 0.9.7-stable branch Synchronize with 0.9.7-stable. Fix CRLF problem in BASE64 decode. Some more OID enhancements. Use the "mail" short name according to RFC2798 (Michael Bell ). Document OID changes. Handle headings uniformly to allow automatic processing. Optimize: better shortcut evaluation ("Howard Chu" ). Missing "Configure" entry (Jean-Marc Desperrier ). Add cygwin build script (Corinna Vinschen ). ERR_file_name is no longer being used. Add generationQualifier OID (proposed by Fiel Cabral). Add information about -nameopt option for x509. Fix escaping when using the -subj option of "openssl req", document 'hidden' -nameopt support. (Robert Joop ) Add missing ";" after fi Submitted by: bryanh at giraffe-data.com Reviewed by: PR: [openssl.org #18] Recognize PPC64 target. Submitted by: Reviewed by: PR: 26 Add missing '"' Submitted by: Boyd Gerber Use the indirect way to the actual request tracker, so that people also are informed about the credentials required for guest access and the operation instructions. Fix incorrect =over 4 location. Submitted by: David Waitzman Reviewed by: Lutz Jaenicke PR: [openssl.org #38] Remove item listed twice . 0.9.7-beta1 is just being released. Typo. PR: 72 The correct PERL interpreter is passed via commandline. On some systems the default "perl" may still be perl4, use the correct version determined by "config" instead. There is no continuation at this point. New OID for X509 usage: pseudonym Submitted by: Michael Bell Reviewed by: Lutz Jaenicke PR: 83 Make sure that settings are passed back and forth when walking around in the tree during build. Reinstall default PERL settings in Makefiles, as the real reason for the failure was that the settings were not passed. For the main directory, Makefile.org is significant :-) Make sure that flags are passed to "make" subprocesses. Support building the distribution .tar file on platforms with limited argument list length. This requires Gnu-tar. As we use the non-standard "tardy" software anyway, it doesn't hurt too much to require Gnu-tar. "make dist" will probably only be used by team-members anyway. Correct wrong usage information. PR: 95 Make change uniqueIdentifier -> x500UniqueIdentifier clearly visible. Submitted by: Reviewed by: PR: 82 Clarify formulation (proposed by Bodo Moeller). Add OIDs for Secure Electronic Transactions (SET) Submitted by: Vadim Fedukovich Reviewed by: Lutz Jaenicke PR: 80 Add missing prototypes. Submitted by: Goetz Babin-Ebell PR: 89 Some more prototype fixes. Use DECLARE macros in asn1* instead of direct declaration. Submitted by: Goetz Babin-Ebell Reviewed by: PR: 89 Initial support for hpux64-parisc-gcc Submitted by: ross.alexander at uk.neceur.com Reviewed by: PR: 96 OpenSSL_add_all_algorithms has been replaced by configuration dependent functions and is redirected by macros. Switch it off now, possible removal later. Use -dumpversion to obtain gcc's version. Submitted by: ross.alexander at uk.neceur.com, allenh at eecs.berkeley.edu Reviewed by: PR: 96 Roll out OpenSSL-0.9.7-beta2 beta2, not beta1 load_netscape_key is static. AIX (V3) requires (included via e_os.h) for fd_set. Submitted by: Bernhard Simon Reviewed by: PR: Fix path to find util/pod2man.pl from the execution directory. Make sure to use the predefined PERL. Submitted by: Bernhard Simon Reviewed by: PR: HP-UX: shared libraries MUST be +x and SHOULD be -w. is included for AIX, when USE_SOCKETS is defined. Submitted by: Bernhard Simon Reviewed by: PR: README and INSTALL should contain information about the request tracker (noted by Jonathan Louie ). Ciphers with NULL encryption were not properly handled because they were not covered by the strength bit mask. Submitted by: Reviewed by: PR: 130 Reorder inclusion of header files: Minor typos Submitted by: jufi at nerdnet.de Reviewed by: PR: 138 Sun's official statement with respect to /dev/random support. Submitted by: Garrett Anderson garrett at dirsec.com Reviewed by: PR: 120 Typos in links between manual pages Submitted by: Richard.Koenning at fujitsu-siemens.com Reviewed by: PR: 129 Discussion about Redhat's specialties for the FAQ. Submitted by: John.Airey at rnib.org.uk Reviewed by: PR: 128 Rewording: some algorithms are also patented in Europe, so choose more defensive phrases... Manual page for SSL_do_handshake(). Submitted by: Martin Sj??gren PR: 137 The behaviour is undefined when calling SSL_write() with num=0. Submitted by: Reviewed by: PR: 141 HP-UX shared libraries must be +x and should be -w. It doesn't hurt on other platforms. Submitted by: Reviewed by: PR: 134 New cipher selection options COMPLEMENTOFALL and COMPLEMENTOFDEFAULT. Submitted by: Reviewed by: PR: 127 Only use DSA-functions if available. Submitted by: "Hellan,Kim KHE" Reviewed by: PR: 167 0.9.6e and 0.9.7-beta3 are out. "make update" OpenSSL Security Advisory [30 July 2002] Typo. Submitted by: Jeffrey Altman Reviewed by: PR: 169 Reorder cleanup sequence in SSL_CTX_free() to leave ex_data for remove_cb(). Submitted by: Reviewed by: PR: 212 Consequently use term URI instead of URL Submitted by: TJ Saunders Reviewed by: PR: 268 Add missing brackets. Submitted by: "Chris Brook" Corrected exchanged parameters in example for EVP_EncryptInit_ex() Submitted by: "Marcus Carey" Reviewed by: PR: 265 More information to the important issue of seeding the PRNG Submitted by: Reviewed by: PR: 285 Make sure permissions are friendly when building release tar file. Submitted by: Reviewed by: PR: 171 Typo. Submitted by: assar Reviewed by: PR: Missing =back Submitted by: Reviewed by: PR: Correct reference to section name. Submitted by: Reviewed by: PR: Opportunistic change to work around pod2latex bug: rename NAME OPTIONS section to SUBJECT AND ISSUER NAME OPTIONS Submitted by: Reviewed by: PR: 333 Don't declare 2 WARNINGS sections Submitted by: Reviewed by: PR: No such reference to link to (found running pod2latex). Submitted by: Reviewed by: PR: Use =back to finish =over (found using pod2latex). Submitted by: Reviewed by: PR: The pointer to the cipher object is not yet set, when session was reloaded from external cache (using d2i_SSL_SESSION). Perform comparison based on the cipher's id instead. Submitted by: Steve Haslam Reviewed by: PR: 288 Fix buggy #! magic and update ssleay->openssl Submitted by: Reviewed by: PR: 305 Better workaround to the "=head1 NAME OPTIONS" pod2latex problem: NAME OPTIONS are a subset of OPTIONS, so just make it =head2! Submitted by: Reviewed by: PR: 333 Fix bug introduced by the attempt to fix client side external session caching (#288): now internal caching failed (#351): Make sure, that cipher_id is set before comparing. Submitted by: Reviewed by: PR: 288 (and 351) Missing ")" Submitted by: Christian Hohnstaedt Reviewed by: PR: Fix wrong URI. Submitted by: assar at kth.se Reviewed by: PR: 390 Update -Olimit setting. Submitted by: Bernhard Simon Reviewed by: PR: Fix Kerberos5/SSL interaction Submitted by: "Kenneth R. Robinette" Reviewed by: PR: Some more adjustments Submitted by: Jeffrey Altman , "Kenneth R. Robinette" Fix wrong handling of session ID in SSLv2 client code. Add information about AES cipher suites to ciphers manual page. Third argument to shl_load() is "long address", not a pointer. (Didn't influence functionality, as on HP-UX 32bit the NULL pointer is a 32bit 0-value and thus is identical to the required 0L.) Document hpux-parisc2-cc problems, probably due to optimizer bug. Really fix SSLv2 session ID handling Fix initialization sequence to prevent freeing of unitialized objects. Submitted by: Nils Larsch ncr-scde target needs -lc89 for strcasecmp() and ftime() (Tim Rice, Martin Megele). Armor against systems without ranlib... Submitted by: Thierry Lelegard Add SCO5 shared library scripts. Upate SVR5 scripts for the upcoming 0.9.7b. Submitted by: Boyd Lynn Gerber Add warning about unwanted side effect when calling SSL_CTX_free(): sessions in the external session cache might be removed. Submitted by: "Nadav Har'El" Fix ordering of compare functions: strncmp() must be used first, a the cipher name in the list is not guaranteed to be at least "buflen" long. PR: 567 Submitted by: "Matt Harren" Move header file inclusion to prevent irritation of users forgetting to call "make depend" after enabling or disabling ciphers... Submitted by: Tal Mozes Add minimum POP3 STLS hack to s_client.c (as was provided for STARTTLS before) Submitted by: dg at sunet.ru (Daniel Ginsburg) Clarify ordering of certificates when using certificate chains Clarify return value of SSL_connect() and SSL_accept() in case of the WANT_READ and WANT_WRITE conditions. Clarify wording of verify_callback() behaviour. Provide ASFLAGS in the subdirectories handling assembler code. Catch error condition to prevent NULL pointer dereference. Submitted by: Goetz Babin-Ebell Make sure to initialize AES counters to obtain proper results. Submitted by: Kirill Kochetkov Free "engine" resource in case of failure to prevent memory leak PR: #778 Submitted by: George Mitchell Some more ASFLAGS settings required PR: #735 Submitted by: Tim Rice Restructure make targets to allow parallel make. Submitted by: Witold Filipczyk unintptr_t and are not strictly portable with respect to ANSI C 89. Undo change to maintain compatibility. Update URI Submitted by: Gertjan van Oosten Add s_time manual page Submitted by: "Martin Witzel" Updates to s_time manual page PR: #570 Submitted by: Martin Witzel Cover all DSA setups when running tests PR: #748 Submitted by: Kirill Kochetkov More precise explanation of session id context requirements. Fix hang in EGD/PRNGD query when communication socket is closed prematurely by EGD/PRNGD. PR: 1014 Submitted by: Darren Tucker Fix typo on blowfish manual page PR: 1010 Submitted by: Marc Balmer Typo Update to new home page Fix incorrect handling of special characters PR: 1459 Submitted by: tnitschke at innominate.com Reviewed by: steve at openssl.org Add support for m68k linux PR: 1277 Submitted by: Mike Frysinger Add automatic detection for Linux on SuperH PR: 1152 Submitted by: Mike Frysinger Extend SMTP and IMAP protocol handling to perform the required EHLO or CAPABILITY handshake before sending STARTTLS Fix problem with multi line responses in -starttls by using a buffering BIO and BIO_gets(). Do not use uninitialized memory to seed the PRNG as it may confuse code checking tools. PR: 1499 Initialize "buf" to 0 to make valgrind happy :-) Note: the RAND_bytes() manual page says: RAND_bytes() puts num cryptographically strong pseudo-random bytes into buf. It does not talk about using the previous contents of buf so we are working as documented. Port from 0.9.8-stable Typos PR: 1578 Submitted by: Charles Longeau Release OpenSSL 0.9.8g with various fixes to issues introduced with 0.9.8f Add OIDs by CMP (RFC 4210) and CRMF (RFC 4211) Typos in man pages: dependant->dependent Add missing colon in manpage Fix URI of OpenSSL Request Tracker information PR: 1661 Apply mingw patches as supplied by Roumen Petrov an Alon Bar-Lev PR: 1552 Submitted by: Roumen Petrov , "Alon Bar-Lev" Correctly handle case of bad arguments supplied to rsautl PR: 1659 Fix incorrect return value in apps/apps.c:parse_yesno() PR: 1607 Submitted by: "Christophe Mac????" Another minor update from the mingw development PR: 1552 Submitted by: Roumen Petrov Add missing 'extern "C" {' to some _err.h files in crypto/engines/ PR: 1609 Another occurance of possible valgrind/purify "uninitialized memory" complaint related to the PRNG: with PURIFY policy don't feed uninitialized memory into the PRNG. Typo. (From 0.9.8-stable/S. Henson) PR: 1672 Provide information about "openssl dgst" -hmac option. Document "openssl s_server" -crl_check* options Correctly adjust location of comment Remove all root CA files (beyond test CAs including private key) from the OpenSSL distribution. Clear error queue when starting SSL_CTX_use_certificate_chain_file PR: 1417, 1513 Submitted by: Erik de Castro Lopo Reword comment to be much shorter to stop other people from complaining about "overcommenting". Add README about removed root CA certificates. Refer to SSL_pending from the man page for SSL_read Fix incorrect command for assember file generation on IA64 When the underlying BIO_write() fails to send a datagram, we leave the offending record queued as 'pending'. The DTLS code doesn't expect this, and we end up hitting an OPENSSL_assert() in do_dtls1_write(). Half of the commit for 0.9.8 as the bitmap handling has changed. (Firstly... ommitted) Remove the DTLS1_BAD_VER thing from 0.9.9-dev. It is present in 0.9.8 but has been omitted from HEAD (0.9.9), see commit http://cvs.openssl.org/chngview?cn=16627 by appro. Add missing "-d" to option list of openssl version. Allow detection of input EOF in quiet mode by adding -no_ign_eof option to s_client application. PR: #1761 Submitted by: David Woodhouse Clarify (non-)blocking behavior of EGD socket interface used by RAND_egd(). apps/speed.c: children should not inherit buffered I/O PR: 1787 Submitted by: Artur Klauser Fix compilation with -no-comp by adding some more #ifndef OPENSSL_NO_COMP Mark J. Cox (19): Fixes to BN code. Previously the default was to define BN_RECURSION but the BN code had some problems that would cause failures when doing certificate verification and some other functions. fix typo Fix some more typos Add new function, EVP_MD_CTX_copy() to replace frequent use of memcpy. add what I'm doing and a vote Updates to the new SSL compression code [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] Fix assembler for Alpha (tested only on DEC OSF not Linux or *BSD). The problem was that one of the replacement routines had not been working since SSLeay releases. For now the offending routine has been replaced with non-optimised assembler. Even so, this now gives around 95% performance improvement for 1024 bit RSA signs. This corrects the reference count handling in SSL_get_session. Previously, the returned SSL_SESSION didn't have its reference count incremented so the SSL_SESSION could be freed at any time causing seg-faults if the pointer was subsequently used. Code that uses SSL_get_session must now make a corresponding SSL_SESSION_free() call when it is done to avoid memory leaks (or blocked up session caches). I've still got one left; the backport of the Broadcom UBSEC driver to 0.9.6 that we've got - just waiting for clearance on that one Submitted by: Reviewed by: PR: Phew, finished Submitted by: Reviewed by: PR: Mention that the keys likely to have signed the distribution are now listed on the web site for easy finding and downloading Make sure head CHANGES is up to date, we refer to this in announce.txt one time CAN->CVE update Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher (CVE-2006-4339) Fix buffer overflow in SSL_get_shared_ciphers() function. (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team] Fix ASN.1 parsing of certain invalid structures that can result in a denial of service. (CVE-2006-2937) [Steve Henson] Initialise ctx to NULL to avoid uninitialized free, noticed by Steve Kiernan This entry was in 0.9.8m changelog but missing from here, since it's security relevent we'd better list it. Remove latest version, it's pretty redundant and just one more thing to keep up to date with releases. Reported because http://www.openssl.org/support/faq.html#MISC1 was out of date Martin Brejcha (2): dgram_sctp_ctrl: authkey memory leak Fix memory leak. Martin Kaiser (3): Add an NSS output format to sess_id to export to export the session id and the master key in NSS keylog format. PR#3352 Modify the description of -noout to match the manpage. PR#3364 remove duplicate 0x for default RSASSA-PSS salt len Martin Nowak (1): remove duplicate defines Martin Olsson (5): RT2513: Fix typo's paramter-->parameter RT2848: Remove extra NULL check RT2847: Don't "check" uninitialized memory RT2842: Remove spurious close-comment marker. RT2843: Remove another spurious close-comment token Mat (1): typo Matt Caswell (131): Make binary curve ASN.1 work in FIPS mode. Document updates from wiki. PKCS5_PBKDF2_HMAC documentation submitted by Jeffrey Walton Fixed minor errors in docs Fix SSL_CONF_cmd missing =back Fixed spelling error in error message. Fix supplied by Marcos Marado Fixed NULL pointer dereference in PKCS7_dataDecode reported by David Ramos in PR#3339 Fixed CRLF in file Move length check earlier to ensure we don't go beyond the end of the user's buffer. PR#3320 Fixed NULL pointer dereference. See PR#3321 Moved note about lack of support for AEAD modes out of BUGS section to SUPPORTED CIPHERS section (bug has been fixed, but still no support for AEAD) Fixed unterminated B tag, causing build to fail with newer pod2man versions Fixed minor copy&paste error, and stray space causing rendering problem Fix for non compilation with TLS_DEBUG defined Fixed error in args for SSL_set_msg_callback and SSL_set_msg_callback_arg Added -strictpem parameter to enable processing of PEM files with data prior to the BEGIN marker Changed -strictpem to use PEM_read_bio Added SSLErr call for internal error in dtls1_buffer_record Fixed minor duplication in docs Fixed incorrect return code handling in ssl3_final_finish_mac Added OPENSSL_assert check as per PR#3377 reported by Rainer Jung Revert "Fixed incorrect return code handling in ssl3_final_finish_mac" Fixed incorrect return code handling in ssl3_final_finish_mac. Based on an original patch by Joel Sing (OpenBSD) who also originally identified the issue. Tidied up, added include to stdlib, removed "goto bad" usage Fix minor typos Fixed Windows compilation failure Revert "Fix off-by-one errors in ssl_cipher_get_evp()" Fixed error in pod files with latest versions of pod2man Fix memory leak in BIO_free if there is no destroy function. Based on an original patch by Neitrino Photonov Fixed valgrind complaint due to BN_consttime_swap reading uninitialised data. This is actually ok for this function, but initialised to zero anyway if PURIFY defined. Add Matt Caswell's fingerprint, and general update on the fingerprints file to bring it up to date Disabled XTS mode in enc utility as it is not supported Added comment for the frag->reassembly == NULL case as per feedback from Emilia Fix DTLS handshake message size checks. Applying same fix as in dtls1_process_out_of_seq_message. A truncated DTLS fragment would cause *ok to be clear, but the return value would still be the number of bytes read. RT1665: Fix podpath to get xref's right Fixed out-of-bounds read errors in ssl3_get_key_exchange. Typo fixes to evp documentation. RT3065: automatically generate a missing EC public key Fixed double inclusion of string.h RT3192: spurious error in DSA verify Removed duplicate definition of PKCS7_type_is_encrypted Fix for SRTP Memory Leak Fix SRTP compile issues for windows Updates CHANGES file Updates to NEWS file Fix free of garbage pointer. PR#3595 Updated comment references to draft-ietf-tls-ecc-12 to refer to RFC4492 instead Fixed cms-test.pl for no-ec2m Added references to RFC 7027 Fix s_server -ssl2. Previously this reported "Error setting EC curve" When using EVP_PKEY_derive with a KDF set, a negative error from ECDH_compute_key is silently ignored and the KDF is run on duff data Corrected comments in ssl.h about SSLv23_method and friends Fixed memory leak due to incorrect freeing of DTLS reassembly bit mask Add include of ssl.h which is required by srtp.h Updates to EVP_PKEY_encrypt.pod submitted by user Bernardh via the wiki Minor changes made by Matt Caswell. Updates to X509_NAME_add_entry_by_txt.pod submitted by user Bernardh via the wiki Minor changes made by Matt Caswell. Updates to X509_NAME_get_index_by_NID.pod submitted by user Bernardh via the wiki Minor changes made by Matt Caswell Tidy up ocsp help output Remove redundant checks in ssl_cert_dup. This was causing spurious error messages when using GOST Add checks to the return value of EVP_Cipher to prevent silent encryption failure. Delete unused file Check EVP_Cipher return values for SSL2 Remove more references to dtls1_enc Fix warning in ssl2_enc Verify that we have a sensible message len and fail if not RT#3592 provides an instance where the OPENSSL_assert that this commit replaces can be hit. I was able to recreate this issue by forcing the underlying BIO to misbehave and come back with very small mtu values. This happens the second time around the while loop after we have detected that the MTU has been exceeded following the call to dtls1_write_bytes. The SSL_OP_NO_QUERY_MTU option is supposed to stop the mtu from being automatically updated, and we should use the one provided instead. Unfortunately there are a couple of locations where this is not respected. The first call to query the mtu in dtls1_do_write correctly checks that the mtu that we have received is not less than the minimum. If its less it uses the minimum instead. The second call to query the mtu does not do that, but instead uses whatever comes back. We have seen an instance in RT#3592 where we have got an unreasonably small mtu come back. This commit makes both query checks consistent. There are a number of instances throughout the code where the constant 28 is used with no explanation. Some of this was introduced as part of RT#1929. The value 28 is the length of the IP header (20 bytes) plus the UDP header (8 bytes). However use of this constant is incorrect because there may be instances where a different value is needed, e.g. an IPv4 header is 20 bytes but an IPv6 header is 40. Similarly you may not be using UDP (e.g. SCTP). This commit introduces a new BIO_CTRL that provides the value to be used for this mtu "overhead". It will be used by subsequent commits. Remove instances in libssl of the constant 28 (for size of IPv4 header + UDP) and instead use the value provided by the underlying BIO. Also provide some new DTLS_CTRLs so that the library user can set the mtu without needing to know this constant. These new DTLS_CTRLs provide the capability to set the link level mtu to be used (i.e. including this IP/UDP overhead). The previous DTLS_CTRLs required the library user to subtract this overhead first. Fix dtls_query_mtu so that it will always either complete with an mtu that is at least the minimum or it will fail. There were some instances in dtls1_query_mtu where the final mtu can end up being less than the minimum, i.e. where the user has set an mtu manually. This shouldn't be allowed. Also remove dtls1_guess_mtu that, despite having logic for guessing an mtu, was actually only ever used to work out the minimum mtu to use. If we really get a situation where the underlying mtu is less than the minimum we will support then dtls1_do_write can go into an infinite loop. This commit fixes that. Updates to s_client and s_server to remove the constant 28 (for IPv4 header and UDP header) when setting an mtu. This constant is not always correct (e.g. if using IPv6). Use the new DTLS_CTRL functions instead. Only use the fallback mtu after 2 unsuccessful retransmissions if it is less than the mtu we are already using Remove "#if 0" code Remove incorrect code inadvertently introduced through commit 59669b6ab. Add support for OCB mode as per RFC7253 Add EVP support for OCB mode Add tests for OCB mode Add documentation for OCB mode Added OPENSSL_NO_OCB guards Add CHANGES entry for OCB Fix memory leak in SSL_new if errors occur. Fixed memory leak in the event of a failure of BUF_MEM_grow Remove internal bn dependancies from speed.c Prepare for bn opaquify. Implement internal helper functions. Prepare exptest for bn opaquify Implement internally opaque bn access from asn1 Implement internally opaque bn access from dh Implement internally opaque bn access from dsa Implement internally opaque bn access from ec Implement internally opaque bn access from evp Implement internally opaque bn access from rsa Implement internally opaque bn access from srp Implement internally opaque bn access from ts Disable engines that will fail to build when bn is made opaque Update apps for bn opaque change Make bn opaque Update documentation following BN opaquify Move bn internal functions into bn_int.h and bn_lcl.h make update Fixed memory leak if BUF_MEM_grow fails DTLS fixes for signed/unsigned issues Remove extraneous white space, and add some braces Add OPENSSL_NO_ECDH guards Add missing OPENSSL_NO_EC guards Rename gost2814789t.c to gost2814789test.c. The old name caused problems for dummytest if gost is compiled out, since the name of the test is not standard (dummytest segfaults). Also the old name caused problems for git because the executable was not in the .gitignore file Add more meaningful OPENSSL_NO_ECDH error message for suite b mode The dtls1_output_cert_chain function no longer exists so remove it from ssl_locl.h Turn on OPENSSL_NO_DEPRECATED by default. Also introduce OPENSSL_USE_DEPRECATED. If OPENSSL_NO_DEPRECATED is defined at config stage then OPENSSL_USE_DEPRECATED has no effect - deprecated functions are not available. If OPENSSL_NO_DEPRECATED is not defined at config stage then applications must define OPENSSL_USE_DEPRECATED in order to access deprecated functions. Also introduce compiler warnings for gcc for applications using deprecated functions Remove redundant OPENSSL_NO_DEPRECATED suppression Change all instances of OPENSSL_NO_DEPRECATED to OPENSSL_USE_DEPRECATED Introduce use of DECLARE_DEPRECATED make update following changes to default config settings Update CHANGES for deprecated updates Made it an error to define OPENSSL_USE_DEPRECATED if OpenSSL has been built with OPENSSL_NO_DEPRECATED defined Fix a problem if CFLAGS is too long cversion.c fails to compile when config is run with --strict-warnings. Additional fix required for no-srtp to work Remove blank line from start of cflags character array in buildinf.h Further comment amendments to preserve formatting prior to source reformat Follow on from CVE-2014-3571. This fixes the code that was the original source of the crash due to p being NULL. Steve's fix prevents this situation from occuring - however this is by no means obvious by looking at the code for dtls1_get_record. This fix just makes things look a bit more sane. A memory leak can occur in dtls1_buffer_record if either of the calls to ssl3_setup_buffers or pqueue_insert fail. The former will fail if there is a malloc failure, whilst the latter will fail if attempting to add a duplicate record to the queue. This should never happen because duplicate records should be detected and dropped before any attempt to add them to the queue. Unfortunately records that arrive that are for the next epoch are not being recorded correctly, and therefore replays are not being detected. Additionally, these "should not happen" failures that can occur in dtls1_buffer_record are not being treated as fatal and therefore an attacker could exploit this by sending repeated replay records for the next epoch, eventually causing a DoS through memory exhaustion. Fix build failure on Windows due to undefined cflags identifier Update .gitignore with windows files to be excluded from git Further windows specific .gitignore entries Remove redundant DSO_METHOD_beos declaration in dso.h. BEOS support has been removed. make update Fix no-deprecated on Windows Ensure internal header files are used from mk1mf based builds Avoid deprecation problems in Visual Studio 13 Fix warning where BIO_FLAGS_UPLINK was being redefined. This warning breaks the build in 1.0.0 and 0.9.8 Make output from openssl version -f consistent with previous versions Matt Smart (1): Fix doc typo. Matthias Andree (1): RT2272: Add old-style hash to c_rehash Matthieu Crapet (1): RT 1505: Use SSL3_AL_FATAL not "2" Michael Tuexen (4): Avoid unnecessary fragmentation. DTLS handshake fix. DTLS message_sequence number wrong in rehandshake ServerHello Fix incorrect OPENSSL_assert() usage. Michal Bozon (2): Corrected POD syntax errors. PR#3353 Correct timestamp output when clock_precision_digits > 0 Mihai Militaru (1): RT2210: Add missing EVP_cleanup to example Mike Bland (16): Unit/regression test for TLS heartbeats. More through error checks in set_up Zero-initialize heartbeat test write buffer Fix heartbeat_test for -DOPENSSL_NO_HEARTBEATS Create test/testutil.h for unit test helper macros test/testutil.c test registry functions. Use testutil registry in heartbeat_test Update heartbeat_test #includes Check the test registry size during add_test() Add cscope.out and .d files to .gitignore Emit PERLASM_SCHEME to fix GitMake on OS X {,darwin64-}debug-test-64-clang Configure targets Improve variable parsing when generating MINFO Remove redundant test targets outside of test/ Add missing SRC variable Add whrlpool and camellia .s files to perlasm list Mike Frysinger (1): Have the .pc files depend on each other rather than duplicating the various link settings. PR#3332 Miod Vallat (1): Fix off-by-one errors in ssl_cipher_get_evp() Naftuli Tzvi Kay (1): Added custom PBKDF2 iteration count to PKCS8 tool. Nick Alcock (1): Fix POD errors to stop make install_docs dying with pod2man 2.5.0+ Nick Lewis (1): PR 2580: dgst missing current SHA algorithms Nick Mathewson (2): Do not include a timestamp in the Client/ServerHello Random field. Fix another gmt_unix_time case in server_random Nick Urbanik (1): RT2609: Typo in EXAMPLE section of req.pod Nils Larsch (197): some const fixes add new curves to the loop (with some cleanup from me) test, remove unnecessary const cast when building with OPENSSL_NO_DEPRECATED defined BN_zero is a macro which cannot be evaluated in an if statement the second argument of EVP_SealInit is const update docs (recent constification) Makefile.ssl doesn't exist anymore fix header use SSL3_VERSION_MAJOR instead of SSL3_VERSION etc. really clear the error queue here use SHA-1 as the default digest for the apps/openssl commands remove unused recp method some const fixes and cleanup fix example in docu update progs.pl to reflect changes in progs.h some const fixes const fixes make sure error queue is totally emptied get rid of very buggy and very imcomplete DH cert support improve docu of SSL_CTX_use_PrivateKey() add support for DER encoded private keys to SSL_CTX_use_PrivateKey_file() and SSL_use_PrivateKey_file() include limits.h for UINT_MAX etc. Makefile.ssl -> Makefile EVP_CIPHER_CTX_init is a void function + fix typo const fixes the pointer to the message digest is const - use BN_set_negative and BN_is_negative instead of BN_set_sign and BN_get_sign - implement BN_set_negative as a function - always use "#define BN_is_zero(a) ((a)->top == 0)" make update more const change prototype of the ecdh KDF: make input parameter const and the outlen argument more flexible make asn.1 field names const update remove false positive some updates for the blinding code; summary: - possibility of re-creation of the blinding parameters after a fixed number of uses (suggested by Bodo) - calculatition of the rsa::e in case it's absent and p and q are present (see bug report #785) - improve the performance when if one rsa structure is shared by more than a thread (see bug report #555) - fix the problem described in bug report #827 - hide the definition ot the BN_BLINDING structure in bn_blind.c add docu for BN_BLINDING functions add missing parentheses no Makefile.ssl anymore get rid of Makefile.ssl in util/ avoid warnings when building on systems where sizeof(void *) > sizeof(int) add reference to BN_BLINDING_new.pod add 192 bit prime curve to the command line options hide the definition of ECDSA_METHOD and ECDSA_DATA (and mutatis mutandis for ecdh) remove some false positive check return value of RAND_pseudo_bytes; backport from the stable branch remove false positive don't let BN_CTX_free(NULL) segfault backport fix from the stable branch fix typo rewrite of bn_nist.c, disable support for some curves on 64 bit platforms for now (it was broken anyway) remove BN_ncopy, it was only used in bn_nist.c and wasn't particular useful anyway remove false positive fix compiler warning; pow10 is also in math.h give EC_GROUP_*_nid functions a more meaningful name EC_GROUP_get_nid -> EC_GROUP_get_curve_name EC_GROUP_set_nid -> EC_GROUP_set_curve_name improve command line argument checking give EC_GROUP_new_by_nid a more meanigful name: EC_GROUP_new_by_nid -> EC_GROUP_new_by_curve_name use 'p' as conversion specifier for printf to avoid truncation of pointers on 64 bit platforms. Patch supplied by Daniel Gryniewicz via Mike Frysinger . ecc api cleanup; summary: - hide the EC_KEY structure definition in ec_lcl.c + add some functions to use/access the EC_KEY fields - change the way how method specific data (ecdsa/ecdh) is attached to a EC_KEY - add ECDSA_sign_ex and ECDSA_do_sign_ex functions with additional parameters for pre-computed values - rebuild libeay.num from 0.9.7 simplify EC_KEY_dup make the type parameter const when ID2_OF_const() is used fix "dereferencing type-punned pointer will break strict-aliasing rules" warning when using gcc 4.0 update ecdsa doc fix potential memory leak fix typo, add prototype include opensslconf.h if OPENSSL_NO_* is used changes from 0.9.8 fix assertion clear error queue on success and return NULL if no cert could be read check return value ssl_create_cipher_list should return an error if no cipher could be collected (see SSL_CTX_set_cipher_list manpage). Fix handling of "cipher1+cipher2" expressions in ssl_cipher_process_rulestr. use "=" instead of "|=", fix typo - let SSL_CTX_set_cipher_list and SSL_set_cipher_list return an error if the cipher list is empty - fix last commit in ssl_create_cipher_list - clean up ssl_create_cipher_list replace the deprecated "-m486" gcc option with "-march=i486" update FAQ update for the cswift engine: - fix the problem described in bug report 825 - fix a segfault when the engine fails to initialize - let the engine switch to software when keysize > 2048 clear dso pointer in case of an error remove OPENSSL_NO_ASM dependency initialize newly allocated data the second argument of d2i_X509, d2i_X509_CRL and d2i_X509_REQ is const add missing entries for "-multivalue-rdn" and "-utf8" in ca.pod and req.pod make ./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa] make depend all test work again bugfix: 0 - w (w != 0) is actually negative fix typo the final byte of a pkcs7 padded plaintext can never be 0 set correct bn->top value fix BN_mod_word and give a more reasonable return value if an error occurred improved error checking and some fixes remove unused variable add comment fix potential memory leak + improved error checking avoid infinite recursion if dynamic engine isn't loaded remove unused internal foo_base_method functions a ssl object needs it's own instance of a ecdh key; remove obsolete comment Let the TLSv1_method() etc. functions return a const SSL_METHOD pointer and make the SSL_METHOD parameter in SSL_CTX_new, SSL_CTX_set_ssl_version and SSL_set_ssl_method const. add missing file initialize cipher/digest methods table in SSL_library_init() and hence remove the need for a lock Keep cipher lists sorted in the source instead of sorting them at runtime, thus removing the need for a lock. Add a test to ssltest to verify that the cipher lists are sorted. fix warnings when building openssl with the following compiler options: -Wmissing-prototypes -Wcomment -Wformat -Wimplicit -Wmain -Wmultichar -Wswitch -Wshadow -Wtrigraphs -Werror -Wchar-subscripts -Wstrict-prototypes -Wreturn-type -Wpointer-arith -W -Wunused -Wno-unused-parameter -Wuninitialized don't try to load cert/key when the "-nocert" option is set fix typo in sbgp names fix function name in error bugfix: register engine as default engine in ENGINE_set_default_DSA fix typos add some doxygen comments cleanup doxygen comments protect BN_BLINDING_invert with a write lock and BN_BLINDING_convert with a read lock successfully updating the db shouldn't result in an error message compile sstrsep only if HAVE_FORK is defined; patch supplied by Johan Gill fix typo, pointed out by Patrick Guio 2 is a prime fix comment support numeric strings in ASN1_generate_nconf recent changes from 0.9.8: fix cipher list order in s3_lib.c, make "no-ssl2" work again add additional checks + cleanup fix if statement: call conn_state() if the BIO is not in the BIO_CONN_S_OK state p could be uninitialized remove unnecessary check fix typo: pass pre-computed parameters to the underlying signature function; thanks to Lucas Newman fix warning fix warning: add missing prototype use stricter prototypes, fix warnings don't use the l length modifier for int use asn1 callbacks for new, free and d2i fix typos make some internal functions static; patch supplied by Kurt Roeckx fix no-dh configure option; patch supplied by Peter Meerwald fix "#ifndef HZ" statement force C locale when using [a-z] in sed expressions make some parameters const no need to cast away the const constify some print and ts functions fix function name in error message add initial support for RFC 4279 PSK SSL ciphersuites make update fix signed vs. unsigned warning fix "missing initializer" warning fix signed vs. unsigned warning note that SSL_library_init() is not reentrant use BIO_snprintf() instead of snprintf + use BIO_FP_TEXT for text output fix comment remove unused variables signed vs. unsigned fix error found by coverity: check if ctx is != NULL before calling BN_CTX_end() fix error found by coverity: check if ctx is != NULL before calling BN_CTX_end() create BN_CTX object fix problems found by coverity: remove useless code fix for OPENSSL_NO_EC remove unnecessary code check if con != NULL before using it ensure the pointer is valid before using it fix last commit: return NULL is TS_RESP_CTX_set_status_info_cond() failed make local function static as we encrypt every bit separately we need to loop through the number of bits; thanks to Michael McDougall undo accidental commit return an error if the supplied precomputed values lead to an invalid signature fix OPENSSL_NO_foo defines update md docs remove SSLEAY_MACROS code fix warning register the engine as default engine in ENGINE_set_default() replace macros with functions add support for whirlpool in apps/speed add "Certificate Issuer" and "Subject Directory Attributes" OIDs allocate a new attributes entry in X509_REQ_add_extensions() if it's NULL (in case of a malformed pkcs10 request) return 0 if 'noout' is used and no error has occurred avoid duplicate entries in add_cert_dir() fix documentation use const ASN1_TIME * properly initialize SSL context, check return value fix order remove trailing '\' add support for ecdsa-with-sha256 etc. update fix order update pkcs12 help message + manpage fix typos use OPENSSL_NO_DYNAMIC_ENGINE macro, disable debug messages fix return value of get_cert_chain() remove undefined constant fix potential memory leaks fix documentation add support for DSA with SHA2 add note about 56 bit ciphers fix typo ensure that a ec key is used remove unused variable remove unreachable code use user-supplied malloc functions for persistent kssl objects avoid shifting input - use OPENSSL_malloc() etc. in zlib - move zlib_stateful_ex_idx initialization to COMP_zlib() ensure that the EVP_CIPHER_CTX object is initialized remove dead code allow EVP_PKEY_CTX_free(NULL) remove unused file size_t -> int check if pointer is != NULL before dereferencing it (Coverity CID 40) check correct pointer before freeing it (Coverity CID 79,86) check return value of ASN1_item_i2d(), Coverity ID 55 Oscar Jacobsson (1): Add 3072, 7680 and 15360 bit RSA tests to openssl speed PK (1): Add SHA256 Camellia ciphersuites from RFC5932 Paul C. Sutton (11): Makefiles updated to exit if an error occurs in a sub-directory make (including if user presses ^C) Make the installation documentation easier to follow. Add votes ssldir.pl did not correctly set the directory in utils/mk1mk.pl when perl5 was used. Some more changes for renaming the binary from ssleay to openssl. I wonder what eay.c is? A couple more ssleay.cnf to openssl.cnf changes Binary is now apps/openssl not apps/ssleay so use the new name when rehashing the test certs Various ssleay to openssl fixups Reflect change from "ssleay" to "openssl" as the main binary name. Also document "sh config" as an easier alternative to "./Configure system". Update scripts to use "openssl" instead of "ssleay" The dir is named util/ and better to explicitly call the perl interpreter because not everyone has it in /usr/local/bin/perl. Paul Suhler (1): RT2841: Extra return in check_issued Peter Mosmans (2): Fix for test_bn regular expression to work on Windows using MSYS. PR#3346 Add names of GOST algorithms. Phil Mesnier (1): RT3334: Fix crypto/LPdir_win.c Piotr Sikora (4): Fix SSL_OP_SINGLE_ECDH_USE Fix compilation with no-nextprotoneg. Retry callback only after ClientHello received. Fix building with no-srtp Ralf S. Engelschall (189): This commit was generated by cvs2svn to track changes on a CVS vendor branch. Import of old SSLeay release: SSLeay 0.8.1b This commit was generated by cvs2svn to track changes on a CVS vendor branch. Import of old SSLeay release: SSLeay 0.8.1b This commit was generated by cvs2svn to track changes on a CVS vendor branch. Import of old SSLeay release: SSLeay 0.9.0b This commit was generated by cvs2svn to track changes on a CVS vendor branch. Import of old SSLeay release: SSLeay 0.9.0b Import of old SSLeay release: SSLeay 0.9.1b (unreleased) This commit was generated by cvs2svn to track changes on a CVS vendor branch. Import of old SSLeay release: SSLeay 0.9.1b (unreleased) This commit was generated by cvs2svn to track changes on a CVS vendor branch. Various cleanups and fixed by Marc and Ralf to start the OpenTLS project *** empty log message *** Incorporation of RSEs assembled patches OpenTLS ready *** empty log message *** Fix unused variable warning of GCC Switch to OpenSSL name *** empty log message *** Switch version string to SSLeay/OpenSSL Add include dir *** empty log message *** *** empty log message *** *** empty log message *** Test for new CVS repository Test remote CVS commit... Import the first cut for manual pages. Fix an error message Replace AUTHOR with a better HISTORY as in FreeBSD's manpages Create a STATUS file to coordinate us. Feel free to edit Cleanup of doc/ directory: The old/obsolete SSLeay files are now assembled together in a ssleay.txt file. Ops, forgot to commit the changes entry in recent commit... MIME encoding and ISO chars at the same time messes up the stuff Fix version stuff: Puhhh... now we've documented the prototypes of all 214 API "functions". This is a pain to do, because of the various macro definitions which I had to expand manually to get their prototype :-( More structuring and sorting of the SSL API documentation. And the first steps to descriptions in prosa. Some issues for voting A hint about the license Remove more old temporary files from CVS cleanup of apps/ and an answer Make GCC happy by removing an unused variable defintion. First cut of a cleanup for apps/. First the `ssleay' program is now named `openssl' and second, the shortcut symlinks for the `openssl ' are no longer created. This way we have a single and consistent command line interface `openssl ', similar to `cvs '. A few train of thoughts about the build procedure mess More .cvsignore stuff to make CVS quiet on our generated files. The dir is named util/ and better to explicitly call the perl interpreter because not everyone has it in /usr/local/bin/perl. Make sure the already existing X509_STORE->depth variable is initialized in X509_STORE_new(), but document the fact that this variable is still unused in the certificate verification process. Start keeping track of wishes people make on our mailing lists to make sure we don't forget them and this way we have them bundled together. Fix names in usage page of s_time, s_server and s_client One more incorrect name in usage page Fill in more contents for the openssl(1) manpage. Fixed ms/32all.bat script: `no_asm' -> `no-asm' Add CygWin32 platform information to Configure script. Change address now that we've the mailing lists established Update Ignore crypto/x509v3/lib Make sure `make rehash' target really finds the `openssl' program. Update README file a little bit... Reflect correct filename Ops, one more reference to 0.9.1c. Make sure we don't forget it... First cut for a very conservative source tree cleanup: Remember the cleanup Ignore mx86unix.cpp which is generated on Intel platforms Overhauled the Perl interface (perl/*): What is on my ToDo list... Remove three more bogus files (2x temp file, 1x trash) Remove one more totally bogus source file. This one is exactly the same as ssl_sess.c. Thanks to Adam Goodman for hint. Make sure latest Perl versions don't interpret some generated C array as Perl array code in the crypto/err/err_genc.pl script. Ok, propose a release date of March 15th with a code freeze a few days before so we have enough time for final testing and tarball rolling. Remember some open issues and available patches Make gcc -Wall happy ("might be used uninitialized...") Fix usage message on gendsa: 1. The dsaparam argument is mandatory and not optional 2. Add a little text what this actually is: a filename Get rid of a nasty debugging message which was forgotten here... Make `openssl x509 -noout -modulus' functional also for DSA certificates (in addition to RSA certificates) to match the behaviour of `openssl dsa -noout -modulus' as it's already the case for `openssl rsa -noout -modulus'. For RSA the -modulus is the real "modulus" while for DSA currently the public key is printed (a decision which was already done by `openssl dsa -modulus' in the past) which serves a similar purpose. Additionally the NO_RSA no longer completely removes the whole -modulus option; it now only avoids using the RSA stuff. Same applies to NO_DSA now, too. Remember good pointers to Montgomery multiplication algorithm descriptions as pointed out by Dave Carman Don't hard-code path to Perl interpreter on shebang line of Configure script. Instead use the usual Shell->Perl transition trick. More CVS ignore stuff... Change type of another md_len variable in pk7_doit.c:PKCS7_dataFinal() from `int' to `unsigned int' because it's a length and initialized by EVP_DigestFinal() which expects an `unsigned int *'. Fix 'port' variable from `int' to `unsigned int' in crypto/bio/b_sock.c Fix the cipher decision scheme for export ciphers: the export bits are *not* within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within SSL_EXP_MASK. So, the original variable has to be used instead of the already masked variable. Typo Move s_server -dcert and -dkey options out of the undocumented feature area because they are useful for the DSA situation and should be recognized by the users. Thanks to Steve for the original hint. Add a bunch of SSL_xxx() functions for configuring the temporary RSA and DH private keys and/or callback functions which directly correspond to their SSL_CTX_xxx() counterparts but work on a per-connection basis. This is needed for applications which have to configure certificates on a per-connection basis (e.g. Apache+mod_ssl) instead of a per-context basis (e.g. s_server). Remember one more wish from the users Use consistent and existing addresses Ops, the logic of the second argument has to be coupled with the != test to work correctly for the SSL_CTX_xxx situations, too. Now "make test" passes again fine. Get rid of remaining C++-style comments which strict C compilers hate. (Pointed out by Carlos Amengual). Don't install bss_file.c under PREFIX/include/. It was introduced by Eric between SSLeay 0.8 and 0.9 and just looks useless and confusing. Remove confusing variables in function signatures in files ssl/ssl_lib.c and ssl/ssl.h. At least the double ctx-variable confused some compilers. Added the new `Includes OpenSSL Cryptography Software' button as doc/openssl_button.{gif,html} which is similar in style to the old SSLeay button and can be used by applications based on OpenSSL to show the relationship to the OpenSSL project. Fix GCC warning... t_req.c: In function `X509_REQ_print': t_req.c:181: warning: suggest explicit braces to avoid ambiguous `else' General source tree makefile cleanups: Made `making xxx in yyy...' display consistent in the source tree and replaced `/bin/rm' by `rm'. Additonally cleaned up the `make links' target: Remove unnecessary semicolons, subsequent redundant removes, inline point.sh into mklink.sh to speed processing and no longer clutter the display with confusing stuff. Instead only the actually done links are displayed. Ralf is now using FreeBSD 3.1 which runs ELF instead of a.out... Cleaned up the LICENSE document: The official contact for any license questions now is the OpenSSL core team under openssl-core at openssl.org. And add a paragraph about the dual-license situation to make sure people recognize that _BOTH_ the OpenSSL license _AND_ the SSLeay license apply to the OpenSSL toolkit. Bring the README file in sync and shape a little bit more... Add a first cut for a NEWS document similar to what other packages (mostly GNU packages) provide. The idea is that because of the large number of CHANGES entries, this file summarizes the major changes for a brief overview. just a little typo Reshape the README file out of the existing README stuff into a single file. Need more cleanup for final release IMHO. Move the SSL_CTX_xxx defines at the top of ssl.h to the location of other SSL_CTX_xxx defines. What was the reason to move them to the top, even before the copyright and #ifdef HEADER_SSL_H? Hmmm... when there was and still is a good reason feel free to reverse this patch, but please document why it is needed this way. Allow DSO flags like -fpic, -fPIC, -KPIC etc. to be specified on the `perl Configure ...' command line. This way one can compile OpenSSL libraries with Position Independent Code (PIC) which is needed for linking it into DSOs. Typo :-) Add a useful kludge to allow package maintainers to specify compiler and other platforms details on the command line without having to patch the Configure script everytime: One now can use ``perl Configure :
'', i.e. platform ids are allowed to have details appended to them (seperated by colons). This is treated as there would be a static pre-configured entry in Configure's %table under key with value
and ``perl Configure '' is called. So, when you want to perform a quick test-compile under FreeBSD 3.1 with pgcc and without assembler stuff you can use ``perl Configure "FreeBSD-elf:pgcc:-O6:::"'' now, which overrides the FreeBSD-elf entry on-the-fly. Notice freeze state and update my entry Two more .cvsignore files for the assembler stuff Second round of fixing the OpenSSL perl/ stuff. It now at least compiled fine under Unix and passes some trivial tests I've now added. But the whole stuff is horribly incomplete, so a README.1ST with a disclaimer was added to make sure no one expects that this stuff really works in the OpenSSL 0.9.2 release. Additionally I've started to clean the XS sources up and fixed a few little bugs and inconsistencies in OpenSSL.{pm,xs} and openssl_bio.xs. Fix Win32 symbol export lists for BIO functions: Added BIO_get_ex_new_index, BIO_get_ex_num, BIO_get_ex_data and BIO_set_ex_data to ms/libeay{16,32}.def. I'm not a Win32 hacker, but I think I've done it correctly. Let us start with some platform test list... Start with some more tarball rolling preparation to make sure it's not overlooed next Monday: - rmlinks is no longer existing - use openssl as the name and not rse - don't roll the STATUS file into the tarball Make `openssl version' output lines consistent. typo Solaris 2.6 makes still problems. Details were posted. Make it more clear what option -WWW to s_server does. Update to current state... Two more things we should look at before release Update platform test list Update Let util/clean-depend.pl work also with older Perl 5.00x versions. Be less restrictive and allow also `perl util/perlpath.pl /path/to/bin/perl' in addition to `perl util/perlpath.pl /path/to/bin', because this way one can also use an interpreter named `perl5' (which is usually the name of Perl 5.xxx on platforms where an Perl 4.x is still installed as `perl'). Just cosmetics: replace a tab with a normal space because the tab always looked too estoeric to my eyes while building... ;) Some more source tree cleanups (removed obsolete files crypto/bf/asm/bf586.pl, test/test.txt and crypto/sha/asm/f.s; changed permission on "config" script to be executable) and a fix for the INSTALL document. Remove confusing hint to non-existing file. Instead make it clear that one shouldn't change it manually just here. The util/ssldir.pl script does more and has to be used for this. Pointed out by Jacques Supcik . Add missing pipe char to "make dist" target. Found by Richard Levitte Print a little bit more information Remove obsolete references to SSLeay and change default PLATFORM from "FreeBSD" to the generic "dist" as it's done implicitly by "make dist". Be consistent: 0.9.2b More 0.9.2 -> 0.9.2b up_ver.pl is now obsolete Remove up_ver.pl call Bring style of INSTALL* documents in sync with README file and fix some inconsistencies. Add latest changes to NEWS file Final polishing for README file One more 0.9.2b function names recently changed - consistency. Add two recently added functions Merge ext-conf.txt and buffer.txt into a global openssl.txt because we shouldn't again start with thousend little text files or we quickly come back to the old SSLeay days ;-) update list Ops, interrupted commit. Fixed Typo Update after release... Move definitions of IS_SET/IS_SEQUENCE inside crypto/asn1/asn1.h so they no longer are missing under -DNOPROTO. Make sure the RSA OAEP test is skipped under -DRSAref because OAEP isn't supported when OpenSSL is built with RSAref. Add .cvsignore in new pkcs12 directory Fix a typo in the X.509v3 docs: cRLSign instead of cRLCertSign is correct according to the sources.... found by Steffen Dettmer . Fix a few typos and tabs while I'm poking around in ca.c... Make sure a corresponding plain text error message exists for the X509_V_ERR_CERT_REVOKED/23 error number which can occur when a verify callback function determined that a certificate was revoked. Fix `openssl crl -noout -text' combination where `-noout' killed the `-text' option at all and this way the `-noout -text' combination was inconsistent in `openssl crl' with the friends in `openssl x509|rsa|dsa'. Add `openssl ca -revoke ' facility which revokes a certificate specified in by updating the entry in the index.txt file. This way one no longer has to edit the index.txt file manually for revoking a certificate. The -revoke option does the gory details now. SSL_ALLOW_ENULL was renamed to SSL_FORBID_ENULL some time ago by Ben. Start with some plans... Start assembling some NEWS entries.... Better to not have blanks in .cvsignore files consistency cosmetics Convert casted X509_INFO stacks to type-safe STACK_OF(X509_INFO). Add missing sk__unshift() function to safestack.h Bundle stack'ification entries on Bens request Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Winline'' with EGCS 1.1.2+ Ok, give us more time.... Don't forget that it's freeze time now... Protect applications from failing to compile when they try to directly include opensslv.h. Puhhh... today is a very hot day. Fix determination of Perl interpreter: A perl or perl5 _directory_ in $PATH was also accepted as the interpreter. First cut for a proposed code freeze and release dates (from Steve and me). All OpenSSL developers: Please feel free to adjust the dates if they still do not fit into your personal scheduling. typo while I poke around... consistent style A few more ``#ifndef NO_FP_API / #endif'' pairs for consistency. Hint from: Andrija Antonijevic I don't think this is a real showstopper. Our internal verify procedure lacks even more and I consider this more a useful feature request than a release showstopper. Let us prepare for tomorrow... Remove the perl stuff also optically from the build procedure, because it could confuse people (which then send us bug reports)... Fix two remaining prototype-related warnings Backout the following change: Install libRSAglue.a when OpenSSL is build with RSAref. This should now finally make the RSAref users happy... Ok, final fix for `config' script to detect all flavors of FreeBSD in a more general way. Ok, I'll do a few more final platform tests and then I'll roll the 0.9.4 tarball baby for us. PLEASE DO NOT COMMIT ANYTHING UNTIL YOU SEE MY FINAL COMMITS TO `STATUS' INDICATING THAT WE'VE REACHED 0.9.5-dev. Bump version to 0.9.4 Bump after tarball rolling. Friends, feel free to start again hacking for 0.9.5... ;) Add prototypes for new DSA functions Steve added recently. Make gcc 2.95.2 happy again, even under ``-Wall -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Winline''. Add an evil cast, because POSIX/SUSv2 define connect(2) require the second argument to be of type ``struct sockaddr *''. Make gcc 2.95.2 happy here, too. Add missing prototypes for new functions Added configuration support for Linux/IA64 Fix Blowfish URL. test blank-line commit after migration -- just ignore test commit (removing trailing blanks) after migration test commit (just removing tailing blanks) #2 after migration Fix prime generation loop in crypto/bn/bn_prime.pl by making sure the loop does correctly stop and breaking ("division by zero") modulus operations are not performed. The (pre-generated) prime table crypto/bn/bn_prime.h was already correct, but it could not be re-generated on some platforms because of the "division by zero" situation in the script. small cosmetics: align title with the other similar manual page ignore a few additionally generated files remove a doubled entry for '-binary' in the usage message Raphael Spreitzer (1): RT2400: ASN1_STRING_to_UTF8 missing initializer Rich Salz (91): RT 487. Mention that generated primes are "at least" B long. Fix typo in message (RT 3107) Merge branch 'master' of git.openssl.org:openssl Fix RT 3193 Fix RT 2430; typo's in ca.pod Fix RT 2567; typo in pkeyutl page. Fix RT 3211; "and are" -->"are" RT 3245; it's "bitwise or" not "logical or" RT 1229; typo in comment "dont't"->"don't" RT 1530; fix incorrect comment RT 1528; misleading debug print, "pre-master" should be "master key" Close a whole bunch of documentation-related tickets: 298 424 656 882 939 1630 1807 2263 2294 2311 2424 2623 2637 2686 2697 2921 2922 2940 3055 3112 3156 3177 3277 Merge branch 'rsalz-docfixes' RT3408; fix some (not all suggested) typo's in openssl.cnf RT 1638; EVP_*Final() should mention they no longer cleanup the ctx. Close 3170, remove reference to Ariel Glenn's old 0.9.8 doc Add tags/TAGS; approved by tjh Merge branch 'master' of git.openssl.org:openssl Remove DJGPP (and therefore WATT32) #ifdef's. Undo a90081576c94f9f54de1755188a00ccc1760549a Add README.md Undo 77bf69dced875200f6f0e385a4a270298f8d3c45 Merge branch 'master' of git.openssl.org:openssl Revert "RT 2820: Case-insensitive filenames on Darwin" Merge branch 'master' of git.openssl.org:openssl Merge branch 'master' of git.openssl.org:openssl RT2751: Declare get_issuer_sk() earlier. Merge branch 'master' of git.openssl.org:openssl Merge branch 'master' of git.openssl.org:openssl Add tags/TAGS target; rm tags/TAGS in clean RT2308: Add extern "C" { ... } wrapper Merge branch 'master' of git.openssl.org:openssl RT3102: Document -verify_error_return flag RT1665,2300: Crypto doc cleanups RT3246: req command prints version number wrong RT2379: Bug in BIO_set_accept_port.pod RT2379: Additional typo fix RT2119,3407: Updated to dgst.pod RT2820: case-insensitive filenames on Darwin Remove some outdated README files, to avoid confusing people. Add explanatory note to crypto/store/README RT1832: Fix PKCS7_verify return value RT1834: Fix PKCS7_verify return value Merge branch 'master' of git.openssl.org:openssl RT2849: Redundant check of "dsa" variable. RT3108: OPENSSL_NO_SOCK should imply OPENSSL_NO_DGRAM RT992: RSA_check_key should have a callback arg RT468: SSL_CTX_sess_set_cache_size wrong RT2600: Change Win line-endings to Unix. RT3271: Don't use "if !" in shell lines RT3271: Don't use "if !" in shell lines Merge branch 'master' of git.openssl.org:openssl RT2196: Clear up some README wording RT2560: missing NULL check in ocsp_req_find_signer RT3271 update; extra; semi-colon; confuses; some; RT2772 update: c_rehash was broken RT3291: Add -crl and -revoke options to CA.pl RT3544: Remove MWERKS support RT3544: Must update TABLE after Configure change Remove #ifdef's for IRIX_CC_BUG RT2309: Fix podpage MMNNFFPPS->MNNFFPPS RT2910: Remove des.c and its Makefile target RT3549: Remove obsolete files in crypto RT3462: Document actions when data==NULL RT3488: Update doc for OPENSSL_config Remove all .cvsignore files New location on website for binaries. Remove old private pod2man RT3543: Remove #ifdef LINT RT3497: Clean up "dclean" targets Minor doc fixes. RT1688: Add dependencies for parallel make RT3497: Fix; don't remove header files RT3497: The ticket that keeps on giving. RT3544: Restore MWERKS for NetWare RT3548: Remove some obsolete platforms Fix yet anoither 'make clean' breakage. RT3548: Remove some obsolete platforms RT3548: Remove outdated platforms RT3548: Remvoe unsupported platforms RT3548: Remove unsupported platforms. RT3548: unsupported platforms RT3548: Remove unsupported platforms RT2914: NULL check missing in X509_name_canon RT3546: Remove #define IRIX_CC_BUG Some cleanup of L<> markup in pod files RT478: Add uninstall make target RT3548: Remove some unsupported platforms. Allow multiple IDN xn-- indicators RT3548: Remove unsupported platforms Cleanup OPENSSL_NO_xxx, part 1 Richard Levitte (2344): Make sure installed files are world readable adjust to changes in test/testssl adjust to changes in test/Makefile.ssl DIFFERENCE doesn't handle long (>255 chars) lines well. Use BACKUP instead. No, I'm not joking. Adjust to changes in apps/Makefile.ssl Adjust to changes in apps/openssl.cnf Some new names in asn1.h are longer than 31 chars, which disturbs the VMS C compilers... Avoid silly compiler warnings about functions not being declared and an int missing. It's possible that considering the configuration file as a binary file works on Unix and MS-DOS/Windows. It does not under VMS, so open it as text. Some crypto applications are now being built on Unix, so they should on VMS as well. Not by default, however. Two changes have been made: Avoid some silly compiler warnings, and add the change log I forgot :-) The info removal code was overcomplicated, and error-prone (references being wrongly decreased). Fixed. Add compilation of x509_trs Synchronise VMS scripts with Unix Makefiles Use MemCheck_start() instead of CRYPTO_mem_ctrl(), and generate a small leak to test (conditional) Rebuild of the OpenSSL memory allocation and deallocation routines. With this change, the following is provided and present at all times (meaning CRYPTO_MDEBUG is no longer required to get this functionality): Clear out license confusion. - Made sure some changed behavior is documented in CHANGES. - Moved the handling of compile-time defaults from crypto.h to mem_dbg.c, since it doesn't make sense for the library users to try to affect this without recompiling libcrypto. - Made sure V_CRYPTO_MDEBUG_TIME and V_CRYPTO_MDEBUG_THREAD had clear and constant definitions. - Aesthetic correction. - Added more documentation in CHANGES. - Made CRYPTO_MDEBUG even less used in crypto.h, giving MemCheck_start() and MemCheck_stop() only one possible definition. - Made the values of the debug function pointers in mem.c dependent on the existence of the CRYPTO_MDEBUG macro, and made the rest of the code understand the NULL case. Synchronising Make sure that generated files are labeled as such (except in dofile(), for now) Add more info to the memory allocation change log. Suggested by Bodo. Added a comment about Win32. Typo... Typo Tell the truth about list separators. Synchronise with the makefiles. Cut'n'paste error Another name longer than 31 chars Beautification and a few entries added. It doesn't make sense to try see if these variables are negative, since they're unsigned. Give the user the possibility to ask for compilation of only the files that are directly in crypto/, and prepare for a possible disabling of certain messages that DEC C spews out. Prepare for a possible disabling of certain messages that DEC C spews out. Build the crypto test applications as well. SOCKETSHR is showing bad declarations again. However, a simple cast which does no harm fixes that problem. Build the test apps after all of the library has been built. A test script to check on the header files Avoid converting void * to a function pointer when NULL is defined as ((void *)0), by have a 0 instead. Compaq C 6.2 for VMS will complain when we want to convert non-function pointers to function pointers and vice versa. The current solution is to have unions that describe the conversion we want to do, and gives us the ability to extract the type of data we want. Correct indentation Let's make all the example formated the same, shall we? Add the PID to the output on Win32. Man page section forgotten... Update all links so they will be rendered better. Made link of reference Update all links so they will be rendered better. Since pod2man is still evolving, and some sites (among others dev.openssl.org) don't have a version that will handle the L construct yet, here is a copy from my laptop (slightly modifed to work independently of the place where perl itself resides). Use the pod2man that comes with OpenSSL. Make it so config(5) really ends up in section 5. Added a configuration for myself... It works much better when you don't press shift at the wrong moment... Declare BN_pseudo_rand(). Put config in section 5, where it belongs. Synchronise with Unix code Finally found a form that I like... Reimplement so only one synchronous stack is used. The benefit is that function pointers are nicely tucker in their structure. Synchronise Correct one link. Typo corrected... A proposed freeze and release time has come up. First try at documenting the DES (and other algorithms) modes des_modes is a section 7 manual, so let's make sure that's where it ends up Constify Move down the attributions Add references to the new passwd utility. Add compilation of the new passwd utility. A hack to make sure access() will give us the correct answer about the accessability of an "empty" directory. Thsi *is* weird, and a better solution will be provided in apps/ca.c, when I get time to hack at it. Add a couple of forgotten $(PERL), and make the code to run pod2html a tad more readable. Time ran away... Remove the access() call altogether for VMS, since it doesn't quite work for directory specifications (this will be reported as a bug to DEC^H^H^HCompaq). It could as well be removed for all others as well, since stat() and open() will return appropriate errors as well, but I leave that to someone else to decide. Cosmetic change. No, openssl.h.in is not autogenerated :-) Make Configure add the configuration options that it was copmiled with. Move the registration of callback functions to special functions designed for that. This removes the potential error to mix data and function pointers. Blowfish docs. Sync with Unix Avoid saving any macros starting with a _, since that can create trouble if header files are included in some "impropper" order. It's much better if the application programmer has to specify on his or her own if _REENTRANT shall be defined and when. make update Correct a couple of command errors. Make it possible to have differing tar versions. 0.9.5beta1 Remove structures that are no longer used. Status update Changes to synchronise with Unix. (actually, much more is needed, like a real config script) Enhance consistency by using BIO_flush() instead of fflush(). Another test passed Some time in history, SSL_CTX_sessions() disappeared. It is now restored, but not as a macro this time... Update the two threads modules to conform to our recommendations (use CRYPTO_num_locks() instead of CRYPTO_NUM_LOCKS!), and correct all the inconsistencies with the rest of OpenSSL. New script to compile on systems that already have pthreads in the system. Adjust all the old scripts to deal with the new location. Small error fix. Since a stack with quite long name is declared here, vms_idhacks.h is also needed to get around C compilers on VMS that set the symbol limit to 31 characters. Bot the macros VMS and __VMS are checked, since there's no real way to know if e_os.h has been included yet. Correct small typo For safety, check __VMS as well. Compile rand_egd.c on VMS as well. Let's avoid compiler warnings over types. ftruncate() and fileno() are not supported on all versions of OpenVMS (they don't really exist before version 7), so that solution was toast. Instead, let's do it the way it's done on Unix, but then remove older versions of the file. Add support for Unixware 7. Thanks to Ron Record for the patch. The OpenVMS library is most definitely not built for anything but files, unless it's all in unixly syntax. We can't guarantee that right now, so let's skip the whole test suit. There are other places (like the open()) where errors are detected anyway. Don't include sys/types.h if NO_SYS_TYPES_H is defined. Typo corrected. Just as in Unix, make sure to generate some kind of "random data". Move to using the same perl code as Makefile.ssl Make sure that all test files are gone before starting the tests, or backup will complain about some version not existing. Perhaps. make update Make sure there's some entropy, and log a few more errors. A small script to compile mttest.c on VMS as well. Add and change docs for the changes that have been made. New "target": CONFIG. This will build the opensslconf.h file from what is known about VAX and Alpha running VMS, and from the opensslconf.h.in (in VMS often named OPENSSLCONF.H_IN) file. New logical names to skip algorithms are now supported. Also, on Alpha, vms.mar is no longer used (it produced a lot of confusing messages) for BN. Instead, the assembler part of bn_lcl.h is used. New logical names to skip algorithms are now supported. Stop logging all the files that are copied all over the place... Change version string to reflect the release of beta 2. For lack of a better name, this is now called 0.9.5beta3-dev until the release. OpenVMS often has problems with files with more than on period in it. Here's instructions on what to do if you get into trouble because of that. A new beta has been released, and one test is documented. One test passed for VMS. OpenSSL doesn't compile well on OpenVMS/VAX, it seems. AIX and HP-UX are passing the tests. Update config for the unixware targets by looking at what was done in Apache's GuessOS (from Apache 1.3.1). Make sure to catch UnixWare 7, even if the version is 7.1.1 or something like that. No, the VAX is not a 64 bit architecture. Works with gcc 2.8.0 as well. Update the OpenVMS/VAX status More platforms passed the test. Include rand.h so RAND_pseudo_bytes may be declared. Remove one ampersand so the compiler may complain less. Make rand() static so it will not conflict with the C RTL. Make bug() static too, for good measure. Short is always promoted to int when passed as a function argument. This is especially true when it's part of a '...'. Typo corrected. A few more tests were reported. Time for a release Tagging has been done, time to switch to 0.9.6-dev. Forgot to check correctly for the new options I'm experimenting with a hack in dopr() and friends b_printf.c to make it work like asprintf(). It started with finding a misplaced #endif. Then I wanted to see the structure better. I hope noone minds, and that it still works. Steve? Make bss_log.c a bit more readable, and implement it for VMS as well. Hack b_print.c to implement asprintf() functionality. Not enabled by default yet, I wanna play with it a bit more. Synchronise Let's care about the compiler warnings for both cases, shall we? Beautifying. Sorry, but code that's slammed to the far left is not very readable in my opinion. Let's not lie to the people. Check that a password was actually passed, or the user will just get mysterious crashes. Protect variables from potential misinterpretations, for example a colon which may bite the lesser knowleged... Add the possibility (with -ign_eof) to ignore end of file on input but still not be quiet. Also make it clear that -quiet implicitely means -ign_eof as well. Correct a potential bug. Synchronise with Unix. Synchronise with Unixly tests Make sure strcmp() gets declared. Typo corrected bss_log has dollars, so compile it with that warning flag disabled. Typo corrected Bugs corrected, and a couple of include files to get declarations for lib$-functions and sys$-functions. Target added. Make it possible top build just a part of the crypto library. Typos corrected. Typo corrected. The previous exit code handling was completely bogus for VMS. Bugs corrected Make sure to complete the cleanup of names. e_os.h: don't do double work with status codes. openssl.c: make damn sure e_os.h knows about OPENSSL_C Small bugs in the test scripts removed. Keep in sync with Unix code, and prepare for a misfeature fix. Change the notation and coding of the version to be able to contain both a patch level and a beta status. IMHO, it also makes more sense to have beta status be part of the development status than to have it be an alternate name for patch levels under special conditions. Make sure an error condition is returned if, for some reason, the file couldn't be opened. Change the version text, it's time to release the first beta of 0.9.5a. make update Beta 1 of 0.9.5a building. Tagging done, we move to the next possible. New status There are a few new features in 0.9.5a... And I've probably forgotten a few. I just got a not very pleasant report. Ref: Message-ID: <20000320070111.A90876 at wiz.Sendmail.COM> Jaenick Lutz reports that hpux-parisc-cc with +02 passed. Ulf M????ller reports OpenBSD-x86 and solaris-sparcv9-cc passed. A quick hack to have ssize_t work with gcc under SunOS 4 (tested on SunOS 4.1.4). Corrected. It said before that ivec had to be initialised to zero, which isn't true. What is true, however, is that SSH assumes it is. Clean up context, even if an error occured. New FAQ for the OpenSSH configuration problem. Time for version 0.9.5a beta2 I almost forgot... Tagging has been done, update to next probable version... Update status Surround the diff with the new snippage delimiters VMS on Alpha passed Another VMS/Alpha with a much more evil compiler passed as well... Geoff Thorpe reports a whole bunch of tests passing. A couple of corrections concerning HPUX 10 and shared libraries. Contributed by Lutz Jaenicke. More info in the Win32 test One VAX environment passed VI gave me 4-space tabs... Corrected Another VAX environment passed Info on proposed release date Vi, again Beautifying code. Removed, especially since it conflicts with des.pod on case-insensitive file systems. Don't force the use of GNU make with Borland C++ Builder. Contributed by Joon Radley Add a default banner. Contributed by Joon Radley Since ssleay_rand_initialize() unlocks then locks CRYPTO_LOCK_RAND, it's a good thing if ssleay_rand_status() would do the corresponding lock and unlock as everyone else... _lrotl and _lrotr are defined in MSVC but nowhere else that we know off. Building version 0.9.5a Version and name changes, and a last minute changelog Tagging has now been done, update to the next possible version (I keep a low profile, so we don't get discontinuity in the numbering...) Tagging has now been done, update to the next version (it's not quite as important to keep a low profile here :-)) Release done, change status. I've always wanted to make the CONF library more adaptable. Here's the result. "make update" I forgot to update the change log OpenVMS, not OpenVSM... Clarifications and removal of double declaration... Use CONFerr, not RSAerr, in the conf library... In Message-ID: <003201bfb332$14a07520$0801a8c0 at janm.transactionsite.com>, "Jan Mikkelsen" correctly states that the OpenSSL header files have #include's and extern "C"'s in an incorrect order. Thusly fixed. In Message-ID: <003201bfb332$14a07520$0801a8c0 at janm.transactionsite.com>, "Jan Mikkelsen" correctly states that the OpenSSL header files have #include's and extern "C"'s in an incorrect order. Thusly fixed. In Message-ID: <003201bfb332$14a07520$0801a8c0 at janm.transactionsite.com>, "Jan Mikkelsen" correctly states that the OpenSSL header files have #include's and extern "C"'s in an incorrect order. Thusly fixed. Initialise. Being sick and tired of the hogging Efence does on my laptop, I decided to provide an alternative... Add a new file where all the standards and other documents that we try to adhere to are listed. It should be regarded as a complement to whatever is out on the web, including the docs in http://www.openssl.org/ Add a note about the new document. Add a couple of macros that make OpenSSL compilable on SunOS 4.1.4. Contributed by SAKAI Kiyotaka Remove extra comma (creates a unnessecary null element, right?). 'make update' Add the target system linux-m68k Configuration for linux on ARM (contributed by Jeremy Norris ) You must have an empty line between =item's config can now detect ARM Linux automagically. Contributed by Jeremy Norris This seems to become a FAQ... Result of "make update" Small fix to enable reading from stdin as well. Contributed by Yoichiro Okabe Small documentation bug, probably a cut'n'paste, corrected. There have been a number of complaints from a number of sources that names like Malloc, Realloc and especially Free conflict with already existing names on some operating systems or other packages. That is reason enough to change the names of the OpenSSL memory allocation macros to something that has a better chance of being unique, like prepending them with OPENSSL_. Typo... According to Gordon Atwood , stdlib.h is needed, or size_t won't be defined on SunOS 4.1.4. According to Gordon Atwood , GNU C on SunOS 4.1.4 uses libiberty to define strtoul and strerror. Using checks of the existence of HEADER_{foo}_H in other header files was a really bad idea. For example, the following: Add info on what some other people are currently working on. Make sure that bs is not getting free'd again. Reported by Robert Eiglmaier This seems to work better with enums... Change to have a single library that works on both Win9x and WinNT. As far as I understand, it still needs to be compiled on NT... Contributed by Arne Ansper First of all, with the current macros, we should never get any type-specific stack function. Second, even when we don't build any of those functions, DECLARE_STACK_OF lines should not find themselves into $def. Add support for dynamically created and destroyed mutexes. This will be needed in some ENGINE code, and might serve elsewhere as well. Note that it's implemented in such a way that the locking itself is done through the same CRYPTO_lock function as the static locks. Modifications for VMS. With the new stack hack macros, there's no need to shorten the names any more. Redo the support for dynamic locks. First of all, it was terribly insecure, so a static lock is added to isolate the sensitive parts. Also, to avoid one thread freeing a lock that is used by another, a reference counter is added. The dynamic thread API changed, and so does the documentation. Add the missing callback pointer handling functions. Also, make sure empty slots of the dynamic lock stack are used. Actually, I'm not really sure this is the right thing to do, and may remove it, with an endlessly growing stack as result... 'make update' Small change to accept the command line parameter '-rand file'. This parameter takes precedence over the RANDFILE option in the configuration file. Document the change in req. Forgot the self-documentation within req. Move the certificate and key loading functions to apps.c, so they can be shared by several applications. On case-insensitive systems, the 'install' target gets matched against the 'INSTALL' file, which means that 9 times of 10, the BlowFish headers won't get installed. Avoid this in the same way it's done in crypto/des/Makefile.ssl, where someone apparently has thought of this... Change req so the new parameter '-rand file' uses the given file in addition to the file given through the RANDFILE option or environment variable. Document the change in req. Move add_oid_section to apps.c, so it can be shared by several applications. Also, have it and the certificate and key loading functions take a BIO argument for error output. Added references to RFCs 1421 to 1424, that describe PEM. Suggested by Randolph Bentson Make sure we use /usr/sbin/sysctl, especially since /usr/sbin is not always in the users $PATH... That's it, I've seen questions about this one time too many for today. Time to add extra info so the poor users know where to go with their troubles. Make it possible for people to tell where the EGD socket is through the RANDEGD environment variable. Make it possible for users of the openssl applications to specify the EGD should be used as seeding input, and where the named socket is. Document my latest changes. Undo the changes I just made. I'm not sure what I was thinking of. The message to everyone is "Do not hack OpenSSL when stressed"... Give the user the option to measure real time instead of user CPU time. Add a blurb on how to solve the problem with failing compiltaion of sha_dgst.c on Alpha True64 Unix Beautification I got sick and tired of having to keep track of NIDs when such a thing could be done automagically, much like the numbering in libeay.num and ssleay.num. The solution works as follows: Document the change. Change the FAQ entry a bit, giving the details as I observed them. More experiments show that you can set your data segment size soft limit higher and thereby get through compilation of sha_dgst.c. Corrected small bug that could add ',L' when it shouldn't FAQ about ar "missing" on Solaris. We do PKCS8 as well Redo and enhance the support for building shared libraries. Currently there's support for building under Linux and True64 (using examples from the programming manuals), including versioning that is currently the same as OpenSSL versions but should really be a different series. Show the running line count and definition cont in debug mode. That has helped me a bit when I ran into trouble. Add a note on installation under Win32. "make update" This isn't entirely necessary if you do everything right from the start, but can save you some trouble. Just ignore "shared" if it comes up among the given options, at least for now... Avoid loops, and make sure that it's possible to still build shared libraries even if the "shared" configuration option wasn't chosen. Add support for solaris shared libraries, currently just experimental (there's no way to get it through configuration yet). Avoid a race condition if another thread happens to remove the error state at the same time. Darrel Hankerson correctly discovered that of the result pointer to bn_mul was the same as one of the two arguments, That argument might have it's sign destroyed. He provided this fix. There's a deadlock when ssleay_rand_bytes is called the first time, since it wants to stir the pool using ssleay_rand_add. This fix provides the possibility to call ssleay_rand_add inside a locked state by simply telling it not to do any locking through a static variable. This isn't the most elegant way one could do this, but it does retain thread safety during the stirring process. When data are written out in very small blocks (less than 3 bytes in size) through the base64 filter, b64_write() messes up it's parameters in such a way that instead of writing correct base64 output, the first 4 characters of that output is repeated over and over. This fix corrects that problem. Add the possibility to get hexdumps of unprintable data when using 'openssl asn1parse'. As a side effect, the functions ASN1_parse_dump and BIO_dump_indent are added. Looks like Win32 builds do not define THREADS. However, they're still supporting threads, which means that th assertion is supperbly dangerous, so make sure it's not compiled under Win32, period. In the case where a < 0 and |a| < w, the result (assigned to a) from BN_add_word becomes wrongly negative... This was discovered by Darrel Hankerson There's a slight possibility that a is 0 in BN_sub_word(), and might therefore have unallocated parts. Therefore, a check for the 0 case is needed, resulting with the same thing as when a is negative. If a ip address is successfully parsed, the WSA structure under Win32 wasn't properly initialised. Fixed. Bug reported by DeJuan Jackson Remove casts that are no longer needed. Make it so we can dynamically enable memory allocation debugging through the environment variable OPENSSL_DEBUG_MEMORY (existence is sufficient). At the same time, it makes sure that CRYPTO_malloc_debug_init() gets expanded some- where and thereby tested for compilation. A few corrections with the shared library support: Add support for shared libraries on Solaris. I had completely forgotten that print_table_entry also needed to read the two "shared" variables on it's own... "make update" It's probably a good idea to make the shared libraries depend in EX_LIBS. We've now covered the shared library support for Solaris, so the -shared hack in config is no longer needed. Added and corrected documentation for the 'shared' option *mumble* unicos 10.0.0.3 with Cray Standard C Version 6.2.0.0 has a syslog.h where the openlog() is declared like this: Unicos doesn't have sys/timeb.h. Fix it by defining the TIMEB macro unless on Unicos. On Unicos, openlog() isn't constified, so let's not do that in xopenlog() On Unicos, shorts are 8 bytes, so instead, use a structure with 2 32-bit ints, just as in destest.c For n > 7, we might get uninitialized (unzeroed) data. Spotted by "Kyoungho Jeon" . Make sure that 'initialized' is zeroed as well when cleaning up. Duplicate names detected... Abdelilah Essiari reports that for very small records, EVP_EncodeUpdate() may misbehave. This happens when there's a record boundary between the two ending b64 equal signs, which makes EVP_EncodeUpdate think there has been more than one EOF, and therefore add an extra NUL at the end of the output buffer. This fix corrects that problem. The pkcs12 had no way of getting a CA file or path to be used when building a complete chain. Now added through the -CAfile and -CApath arguments. Memory leaks fix. There seems to be more in other parts of OpenSSL... Memory leaks fix. It now looks like all memory leaks, at least around building complete chains, are gone. MD4 implemented. Assar Westerlund provided the digest code itself and the test utility, I added the bits to get a EVP interface, the command line utility and the speed test I forgot this file that Assar provided as well... IBMcxx complains that maxmem is as low as 2048 for certain modules (like all the digests). Setting maxmem to 16K seems to give the compiler enough space to do all the optimization it wants. Correct the title. This also fooled the automatic documentation builder that this was actually the pkcs7 document... Allow reconfiguration. This can be useful if some source update requires that you configure again, but you don't want to reenter all those configuration arguments again. Document the reconfiguratoin option for Configure. New option 'ctestall' for mkdef.pl, that makes it not only generate existing functions, but really all functions that exist in libeay.num and ssleay.num. This is a good check on how much we should actually clean up the number files. make update Added md4 to the VMS compilation Add more diversity to the possible log levels. Now we have full coverage for all syslog level. Document the added diversity to the possible log levels. NULL is not an integer... Added BIO_vprintf() and BIO_vsnprintf(). The former because I've found myself needing it a number of times, the latter for completeness. Assar wanted an address change. Added OIDs from RFC 2247, 1155, and a few from 1700 Change the printing mahine used by BIO_printf() and friends so it can handle an externally provided "static" buffer as well a a dynamic buffer. The "static" buffer is filled first, but if overflowed, the dynamic buffer is used instead, being allocated somewhere i the heap. Another thing I'm working on. It's not just VMS that needs some symbols to be hacked. Let's centralise those hacks in crypto/symhacks.h and use it everywhere it's needed. Major hack of mkdef.pl. There should be no more need to redo the process when some symbols are missing. Instead, all needed info is saved in the .num files, including what conditions are needed for a specific symbol to exist. *.num rewitten to include the extra information. 'make update' Two places where I forgot to change vms_idhacks to symhacks. Synchronise the VMS build with the Unix one. Clarify how one should behave when make fails. The fault is not necessarely ours. More VMS synchronisation Marin Kraemer sent us patches to make the OpenSSL commands x50 and req work better on a EBCDIC system. A cast is needed or Borland C will complain. I started with a make update, but a rewrite was actually needed. Perhaps we should make rewrites the default thing to do? Time to release a beta. Change the version numbers and dates accordingly. Time to release a beta. Change the status accordingly. Last minute update, in time to make it to 0.9.6-beta1 Reports for OpenBSD 2.7 and HP-UX 10.20 Don't include e_os.h before the system headers OpenBSD doesn't support timeb. linux-elf passed mkdef.pl has erroneous conditions to check if a symbol is excluded from the given target. Fixed, I hope. mkdef.pl still needed better logic. Also, the semantics of the platforms list is clarified (it's however not quite followed in the RSAREF case...). Failure on Solaris when using the CSwift card. debug-linux-elf and debug-linux-elf-efence need to be linked with libdl just as linux-elf... A couple more HP-UX targets tested. DSA_verify() and DSA_sign() might return -1... SCO 5.0.5 with both gcc and cc passed Linux in Sparc v7 passed Better error checking for RSA and DSA signature and verification speed tests. This was required to not get mysterious errors when they wouldn't quite want to work. FreeBSD and solaris with gcc passed Note the failure on Win32 Holger Reif reports a few more Solaris successes. A few more systems reported successfull. 3 changes: - Make sure PCURSORINFO is defined even on systems that do not provide it. - Change the reference to Peter Gutmann's paper. - Make sure we don't walk the whole heap lists for performance reasons. Jeffrey Altman suggests following Peter Gutmann's advice to keep it to 50 heap entries per heap list. Make sure that Configure will defined DSO_WIN32 for the Win32 targets. I feel a bit unsure if this should really be done for Mingw32 and CygWin32 Update info on what has been fixed, and switch format for failure data Update info on what has been fixed One more passed test Jeffrey Altman convinced me this patch was really needed, or there is no way to make sure GetCursorInfo will give us a valid answer. rsa_num2 is no longer used, so remove it. Remove indentation in the NAME section. There's really no need to indent there, especially since the pod2* scripts will regard that as preformated text. In one case, indent a code section one step. Add a configuration for Sony News 4. Submitted by NAKAJI Hiroyuki Add a number of documentation files, mostly for SSL routines, but also for a few BIO routines. Submitted by Lutz Jaenicke Remove indentation in the NAME section. There's really no need to indent there, especially since the pod2* scripts will regard that as preformated text. In one case, indent a code section one step. Add Damien Miller's RPM specification file with a few modifications. Remove engine stuff that was erroneously put in the main trunk. Items without a =over and a =back are ignored. BIO_seed() and BIO_tell() were documented in two other documents, which is redundant. Instead, move them to their own page. BIO_seed() and BIO_tell() were documented in two other documents, which is redundant. They are now in their own document. Update the info on version numbering In the name section, all the functions described shoud be enumerated. This will also make it much simpler to generate softlinks name like each function to man-pages containing the info. Later, Jeffrey changed his mind. Apparently, GetCursorInfo exists but doesn't quite work on WinNT 4 earlier than SP6. It works fine on Windows 98 and Windows 2000. Add a flag for OpenVMS. 'make update' Move up inclusion of conf.h, so non-MONOLITH programs can benefit from it as well, especially in apps.c. A DSO method for VMS was missing, and I had the code lying around... Make sure dso_vms.c compiles on other operating systems as well. 'make update' Compile all dso files on VMS as well. Add BIO_seek() and BIO_tell() to the BIO control functions manual. Move text that isn't really descriptions of the functions in the page to the NOTES section, and add references to the functions mentioned (and perhaps a few more). VMS didn't work out too well... Inform the VMS people that RSAref is no longer needed Make sure Compaq C doesn'r complain about dollars, and go around the incompatibility between function and data pointers. A couple of more names need to be shortened for VMS on VAX. Some platforms define NULL as ((void *)0). Unfortunately, a void* can't be used as a function pointer according the the standards. Use a 0 instead and there will be no trouble. Tell users that a rewrite might be a good idea. Oops, no engine in the main trunk. siglen is unsigned, so comparing it to less than 0 is silly, and generates a compiler warning with Compaq C. Use sk_*_new_null() instead of sk_*_new(NULL), since that takes care of complaints from the compiler about data pointers and function pointers not being compatible with each other. Jeffrey Altman sent me a patch that fixes the problems with GetCursorInfo, but also adds network statistics and performance statistics where available. Restore the descriptions to conform with the rest of the documentation. We'll work on better documents after the release of 0.9.6. A patch from HP for better performance. Submitted by Kevin Steves 3 months ago... make update A new beta is being released. Change the version numbers accordingly. Declare the availability of beta 2 in STATUS. Jeffrey Altman reminds us to initialize some variables and ercommends the use of LOadLibrary instead of GetModuleHandle Unless we cast, thorough compilers will complain The test status as it has been reported so far Typo in the added hpux targets. -ldl should be -ldld. HP-UX didn't go through Disable the net statistics gathering code, since different compilers disagree on the proper syntax and type names. cyclecount is only used when __GNUC__ isn't defined. Going through performance statistics sometimes generates an exception, so disable that part. Reported by Jeffrey Altman A few more reports A few more reports No engine stuff in the main trunk. A few more reports HP-UX 64-bit has dlfcn, so let's use that instead of the old dl. New documentation about things related to SSL_CIPHER. Submitted by Lutz Jaenicke ftime() is not supported on SGI. Reported by Steve Robb A couple more reports. Reorder the Blowfish documentation so the low-level routines do not get so prominent, and make sure to say out loud what they expect. A few more HP-UX reports. Reported by Kevin Steves FreeBSD only supports ftime() through libcompat, which means it's better not to use it. It seems like all HP-UX are successes as soon as the -ldl vs. -ldld quirk is fixed. Extend the docs on setting the cipher list. Lutz Jaenicke Type correction. Lutz Jaenicke Document SSL_library_init() and it's aliases. Lutz Jaenicke BSDI only supports ftime() through libcompat, which means it's better not to use it. make update On VMS, stdout may very well lead to a file that is written to in a record-oriented fashion. That means that every write() will write a separate record, which will be read separately by the programs trying to read from it. This can be very confusing. Wrong variable used. It's funny how some bugs take a long time getting triggered... AIX doesn't like ftime() either. Reports about a few old systems. Reported by Bernhard Simon Add news and a description of the ENGINE part and how it's currently distributed. Mistakes corrected. Lutz Jaenicke New documents. Lutz Jaenicke Portability patch for HP MPE/iX. Submitted by Mark Bixby Clarifications and new documents. Submitted by Lutz Jaenicke Changes by Jeffrey Altman to make RAND_poll() work better in Win32. Verified by zhu qun-ying . I'm using GNU tar... make update Time to build beta 3. Bump the version numbers accordingly. Prepare STATUS for the beta 3 reports. Tests so far. Tests so far. More reports. Ugly hack to make sure static libraries are usable. Without this, anything that just links with libeay32.lib or libssl32.lib will get an error saying the __imp__RegQueryValueEx is unresolved. Oops, if the target only had USE_TOD, an error message was issued... More reports Change IMPORTANT to WARNING for greater emphasis. More reports More reports More reports Kris Kennaway tells us that FreeBSD/Alpha shouldn't use an optimization higher than -O. Problem on FreeBSD/Alpha fixed. Catch V_ASN1_NULL. Change the Windows building scripts to enable DSO_WIN32. make update Time to build the release. Bump the version info accordingly. Forgot to change the STATUS file... Update the status and version number to 0.9.7-dev. Make the algorithm implementations depend on the corresponding selection macros. 'ranlib' doesn't always run on some systems. That's actually acceptable, since all that happens if it fails is a library with an index, which makes linking slower, but still working correctly. echo=off works on NT, but not on W2K. When creating a .def file, be a bit more selective so disabled algorithms do not get in... Update Document the change. A compiler warning removed. Thanks to the folks at HP! Include arpa/inet.h, since that's where htons() and friends are supposed to be defined according to XPG4.2. Found by Evan for the MVS platform. Remove what was described by someone as "an EAY hack for compiling SSLeay with Colin Plumb's MD5 implementation instead of his one". Document... More SSL functions documented. Submitted by Lutz Jaenicke Linux on Alpha has the configuration name linux-alpha-gcc, not linux-alpha. Linux on Alpha with gcc knows about shared libraries. Make sure that shareable libraries are turned off if we don't know how to make them... Make sure ranlib is only used on .a libraries. A few small corrections to the SSL documentation. Submitted by Lutz Jaenicke Do a favor to those who get weird compiles and report if RAND_pseudo_bytes returns -1... New docs and new facts in older docs. Submitted by Lutz Jaenicke make update Make the new conf implementatoin bug-compatible with the old one. Actually, it's a feature that it goes looking at environment variables. It's just a pity that it's at the cost of the error checking... I'll see if I can come up with a better interface for this. Bump the shared library version (should have been done a while ago). Rework the system to generate shared libraries: Even when you don't want to create shared libraries, it's a good idea to have the full extension information, so residual shared libraries can be removed so the applications and test programs do not get linked against them by mistake... The experimental Rijndael code moved to the main trunk. make update done. CRYPTO_get_ex_new_index would never return an error. Two questions have been asked quite often lately. John Denney reports that we forgot to convert Free to OPENSSL_free in the SSL demos. NCONF_get_number() has no error checking at all. As a replacement, NCONF_get_number_e() is defined (_e for "error checking") and is promoted strongly. The old NCONF_get_number is kept around for binary backward compatibility. Make it possible for methods to load from something other than a BIO, by providing a function pointer that is given a name instead of a BIO. For example, this could be used to load configuration data from an LDAP server. Keep binary backward compatibility by putting new method function pointers at the end of the structure. Document the change to NCONF. make update Add what's needed to get shared libraries on HP-UX. FreeBSD-elf can do threads. However, there seems to be confusion if you should defined _THREAD_SAFE (I found that in an include file, and that's what everybody tells me) or _THREADSAFE (that's what the gcc manual says in the FreeBSD-specific section), so I defined both, just to be safe. Krister Walfridsson tells us sysctl lives in /sbin since NetBSD 1.5. There's no reason why app_RAND_load_file() should return 0 when RAND_status() hasn't. Reported by Dale Stimson . Document On some operating systems, MAX is defined. Call ours OSSL_MAX instead If the functions get_dh*() are declared static, they should be defined the same way Pointer error corrected It seems like grep isn't as capable as I thought on some Unix systems. Use egrep instead. When building shared libraries on HP-UX 10.20 and HP-UX 11.00 (32bit), ld warns that -Fl "may not be supported in future releases". We know that, and are doing things in HP-UX 11 (64bit), so turn off that warning with +vnocompatwarnings. For the operating systems where it matters, it is sometimes good to translate library names by only adding ".so" to them without prepending them with "lib". Add the flag DSO_FLAG_NAME_TRANSLATION_EXT_ONLY for that purpose. On HP-UX, at least when shl_* are used, the libraries have the extension .sl instead of .so. Merge the engine branch into the main trunk. All conflicts resolved. At the same time, add VMS support for Rijndael. The majority of the OCSP code from CertCo. make update Document the OCSP addition. NetBSD doesn't use ftime(). Small documentation change Add the possibility to use keys handled by engines in more applications. Document the change. Make flag variables int instead of char. This avoids getting into trouble on systems where char is unsigned by default Add configuration option to build on Linux on both big-endian and little-endian MIPS. Submitted by Ralf Baechle Improvements to openssl.spec. Submitted by Damien Miller This change has been CC:ed to crypt at bxa.doc.gov Rename true64 to the correct tru64. Suggested by Albert Chin-A-Young Add support for shared libraries under Irix. Submitted by Albert Chin-A-Young Add application to enumerate, list and test engines with. -t is supported, so display some help about it. make update Better error reporting in 'openssl engine' 'openssl engine' can now list engine capabilities. The current implementation is contained in the application, and the capability string building part should really be part of the engine library. This is therefore an experimental hack, and will be changed in the near future. Change the engine library so the application writer has to explicitely load the "external" built-in engines (those that require DSO). This makes linking with libdl or other dso libraries non-mandatory. Update the standards list to the current status Instead of just STACK, use STACK_OF(ASN1_OBJECT). Make sure that shared libraries get the internal name engine with the full version number and not just 0. This should mark the shared libraries as not backward compatible. Of course, this should be changed again when we can guarantee backward binary compatibility. mode used too early in EVP_PKEY_save_parameters. Spotted by Ken Lalonde Constify the BIGNUM routines a bit more. The only trouble were the two functions that did expansion on in parameters (BN_mul() and BN_sqr()). The problem was solved by making bn_dup_expand() which is a mix of bn_expand2() and BN_dup(). Make all engines available in the openssl application. As a consequence of the BIGNUM constification, the ENGINE code needs a few small constifying changes, and why not throw in a couple of extras while I'm at it? Constify the RSA library. Constify the RSA library. Constify the RSA parts of the ASN.1 library. Note some ugly casts that are needed in the ASN.1 macros. Hopefully, we can get rid of those in an elegant way in the future. Constify the RSAref glue code. The consequence of constification is that to pass the address to a pointer to a const double pointe parameter, the pointer must point to const data as well. Constification of CRYPTO_get_ex_data() needed for the sake of RSA_get_ext_data(). Document recent constifications. shl_load() also needs to load along a path given through an environment variable, SHLIB_PATH. This change makes that possible. When ENGINE_by_id() couldn't find the given engine id, it generates an error. When checking like engine_add() is, those errors are actually good, so remove them. Lutz tells me HP cc uses the same syntax for flags that should be passed down to ld as GNU cc. A few more constifications of some RSA routines that I forgot yesterday. Make sure ERR_get_error() is declared. Constify DSA-related code. Constify DH-related code. Document that the Nuron hardware has been added and remove the requirement for an engine utility since we now have that. Constification of LHASH. Contributed by "Paul D. Smith" I didn't apply all his patches yet, since I have some hesitance about unconstifying. To be pondered. Remove references to RSAref. The glue library is but a memory to fade away now... Really stupid glitch (a comment not properly ended) fixed. Update my own debugging configuration entry Enhance granularity on what I want to debug for the moment by changing LEVITTE_DEBUG to LEVITTE_DEBUG_MEM. For a long time, I've wanted to be able to easily run one or a few individual tests. I finally got myself to implement it... Add Rijndael as things to look through. Typo, was "time" instead of "tim". Caught by Jeffrey Altman Detect and mark functions that no longer exist. Get the Rijndael function declarations. make update Two OCSP functions that aren't yet implemented. Modify () to (void), since that's what is actually defined in the engine structure, and some ANSI C compilers will complain otherwise. /proc/cpuinfo can have several lines containing the word "type". We want the one that is "type", plain and simple. Caught by Raoul Borenius I've checked again and again. There really is no need to expand a to 4 times it's size when bn_sqr_recursive() won't look farther than the original length. Thereby, constification is no longer a problem. Oops, when I clean, I should do it thoroughly. Make sure to print the BN counting (BN_COUNT) to stderr instead of stdout. bc gets so confused by bean counts. More constification of the BN library. Make sure BN_DIV2W is not defining when defining it, and remove the declarations of bn_add_part_words() and bn_sub_part_words() since they do not exist. I might want to debug the assembler modules... Make the definition of bn_add_words() match the definition. Remove a declaration for a function that does not exist. Remove two bn_wexpand() from BN_mul(), which is a step toward getting BN_mul() correctly constified, avoids two realloc()'s that aren't really necessary and saves memory to boot. This required a small change in bn_mul_part_recursive() and the addition of variants of bn_cmp_words(), bn_add_words() and bn_sub_words() that can take arrays with differing sizes. Add news items early. Please fill in with what I have forgotten. I wonder if I do too much... Make sure bs is assigned NULL when it's free'd, or there will be an (incorrect) attempt to free it once more... 'echo on' works better all over than 'echo=on'. We had the same problem in some other file, but I can't recall which. Avoid getting warnings about unary - being used on unsigned integer. Reimplement bn_div_words, bn_add_words and bn_sub_words for VAX. I'm a little bit nervous about bn_div_words, as I don't know what it's supposed to return on overflow. For now, I trust the rest of the system to give it numbers that will not cause any overflow... Addapt the VMS scripts to the changes in the Makefiles. Addapt the VMS scripts to the changes in the Makefiles. Correct a number of syntax errors. Addapt to added files in the BIGNUM section Copy and paste error... bn_add_part_words() should of course call bn_add_words(), not bn_sub_words()... Changes to c_zlib.c to make ZLIB.DLL dynamically loadable under Windows. Really, this should probably be done on Unix as well, but that will be a later story... Change c_zlib further to allow loading a shared zlib on all operating systems where such an operation is supported. Make it possible to test SSL compression COMP_METHOD has a new argument since some time back... Turn off memory checking when loading new compression algorithms. comp_methods in a SSL_CTX points at an internal database. Do *not* free that, since it's shared by all SSL_CTX's, present and future. Simplify and provide the possibility to clean a compression method. The compression method may be undefined for some reason that has generated errors. Therefore, print whatever error there may be... New format for the FAQ. We now have different sections for different types of questions. Hopefully, that'll make them easier to spot, and specially, easier to refer to. A few bug fixes for Windows. First tentative impementation of Kerberos 5 cryptos and keys for SSL/TLS. Implemented by Vern Staats , further hacked and distributed by Jeffrey Altman Recognise Darwin as well. For now, have it do exactly the same thing as for Rhapsody Typo corrected. Document the addition of Kerberos stuff. Correct a mail address... Write a first HOWTO on how to create certificates. This is currently a draft. Add a comment to explain the purpose of bn_cmp_part_words(). Remove the last bn_wexpand()s that made us break constness. Of course, that means we need to handle the cases where the two arrays to bn_mul_recursive() and bn_mul_part_recursive() differ in size. It's completely unnecessary to add a compression algorithm that is really undefined. Spotted by Jeffrey Altman On Windows, Rainbow uses _stdcall convention under Windows. Spotted by plin Update the internal docs. Have the self test use bctest to check that bc is sane. During the self test, we only want to know what bctest says on stderr... Make TYPE_RSA the default type instead of just setting it when -new is given. That also allows the arguments to come in any order (-new last, for example). SSL_new() may potentially add a certfificate. Therefore, wen duplicating the certificate that is in the original SSL, remove the one that SSL_new() provided, if any. Spotted by: Mike Zeoli When using -pedantic, it's a good thing to define PEDANTIC as well. Also, define a second debugging configuration without assembler. In bn_mul_recursive(), make sure the comba routines are only called when both a and b are of the exact right size. This may change to something better later. Problem: bn_mul_normal() misbehaves if the size of b is 0. Solution: multiply a with 0, putting the result in r, and return. Constification of the data of a hash table. This means the callback functions need to be constified, and therefore meant a number of easy changes a little everywhere. Make sure each FAQ item has an index entry. Do not poll DEVRANDOM if we??re building without an file pointer API. Spotted by "David Schwartz" . Update VMS build procedures to match the current status. Enhancements to mkdef.pl: "make update" plus a rewrite of both .num files. Correct a typo. Check for deselection of KRB5. In fact, skip it completely on VMS for now... Uhmm, the keyword TRUE does not exist of course... Remove anything connected to RSAref, since that's gone by now. Add the C macros OPENSSL_BUILD_SHLIBCRYPTO and OPENSSL_BUILD_SHLIBSSL to the build of the object files as appropriate for each library. Define OPENSSL_EXPORT and OPENSSL_IMPORT and give OPENSSL_EXTERN the default value OPENSSL_IMPORT. Explain the use of all those macros. If OPENSSL_BUILD_SHLIBCRYPTO (for files that end up as libcrypto objects) or OPENSSL_BUILD_SHLIBSSL (for files that end up as libssl objects) is defined, redefine OPENSSL_EXTERN to be OPENSSL_EXPORT. This is actually only important on Win32, and can safely be ignored in all other cases, at least for now. Document. Remove RSAref-related things. Since asn1.h gets included recursively from many places, the easiest is to have asn1.h include e_os.h and e_os2.h. Of course, this makes the unofficial "non-export" status of e_os.h a bit delicate... Temporary measure: if no KRB5 is defined, add "no-krb5" to the options. This is so mk1mf.pl can pick it up from Makefile. Look for no-krb5 and add the definition of NO_KRB5 if it's there. I've no idea were the KRB5 header files and libraries are placed on Win32. When there's better knowledge, we might be able to process the other KRB5-related arguments as well... The option line may start with a space, which gives an empty option. Make sure those are purged... Make the DSO code for VMS work again. First attempt. Keep up with the Unixly changes. Change RAND_poll for Unix to try a number of devices and only read them for a short period of time (actually, poll them with select(), then read() whatever is there), which is about 10ms (hard-coded value) each. Because /dev/urandom has a better chance of giving us a good and quick answer, take that one first. Keep up with Unix code. It's beginning to be time to rethink the VMS build system... As response to a user request to be able to use external memory handling routines that need file name and line number information, I've added a call level to our memory handling routines to allow that kind of hooking. Add configuration for GNU Hurd. Keep up with Unix Make the change log on the RAND_poll change a bit more explicit. Suggested by Bodo Moeller. Documentation language corrections, contributed by Chris Pepper Increase consistency of header data (some mail readers really do not like spaces before the semicolon, and besides, other parts of this file makes the values without those spaces), and move spacing of continuation lines to support BIO's that break lines after each write. Document the change. Fix a memory leak in BIO_get_accept_socket(). This leak was small and only happened when the port number wasn't parsable ot the host wasn't possible to convert to an IP address. Contributed by Niko Baric Add the -VAfile option to 'openssl ocsp'. This option will give the client code certificates to use to only check response signatures. I'm not entirely sure if the way I just implemented the verification is the right way to do it, and would be happy if someone would like to review this. The check for request including a nonce and response not having it was inversed. Corrected. Hopefully, this will make it work without dumping core. Update of linux-ppc. Contributed by MATSUURA Takanori Include the newly reported problem with bc on FreeBSD 4.2. Make it possible to use gcc to generate the dependency tables. Perl code patch contributed by "Kurt J. Pires" His own words are: VMS follows suit. Make the choice of "makedepend" program choosable through a switch. Do not insert things in syms{} and kind{} when parsing the header files. Instead, insert proper information in the $def string, which will be properly munged later on. An obvious but hard-to-see cut'n'paste error corrected. make update Remove temporary files when done. Make all configuration macros available for application by making sure they are available in opensslconf.h, by giving them names starting with "OPENSSL_" to avoid conflicts with other packages and by making sure e_os2.h will cover all platform-specific cases together with opensslconf.h. I forgot to document the system identification macros Use the new-style system-identity macros. Make sure time() is properly declared. I'm sick of the warnings about long long... Use new-style system-id macros. Use new-style system-id macros everywhere possible. I hope I haven't missed any. Use 0 instead of NULL, at least for function casts, since there are variants of stdio.h that define NULL in such a way that it's "unsafe" to use for function pointer casting. Include string.h so mem* functions get properly declared. Include OpenSSL header files earlier so macros like OPENSSL_SYS_VMS get a chance to be defined. Include string.h so mem* functions get properly declared. Use sk_*_new_null() instead of sk_*_new(NULL). That avoids getting lots of silly warnings from the compiler. DEC C on VMS is pedantic by definition. Let VMS catch up. Include opensslconf.h or the like early to make sure system macros get correctly defined. Include OpenSSL header files earlier so macros like OPENSSL_SYS_VMS get a chance to be defined. Include OpenSSL header files earlier so macros like OPENSSL_SYS_VMS get a chance to be defined. Make a batter file name translator (uhm, no, that's not the finished variant :-)). DEC C on VMS is pedantic by definition. A new bunch of too long symbols to hack. OCSP_CRLID_new and OCSP_crlID_new clash on case-insensitive systems. Include string.h so mem*() functions get properly declared. Get the right cast for lhash callback functions. Get e_os2.h to get all the system definitions correctly. OpenVMS catches up. I forgot there was a reason why the inclusions and definition of u_int was made in a certain sequence. This change restores the earlier "chain of command". Some functions, like strdup() and strcasecmp(), are defined in strings.h according to X/Open. With later version of DEC C on VMS, some functions (strcmp(), for example) are declared with some extra linkage information. This generates a warning when using the function name as a value to a regular function pointer with the "correct" definition of the function. Therefore, use a macro to cast the appropriate function on VMS. strdup() is a X/Open extension. I had forgotten to change mkerr.pl to use the new macro system. Modify mkdef.pl to recognise and parse prprocessor conditionals of the form '#if defined(...) || defined(...) || ...' and '#if !defined(...) && !defined(...) && ...'. This also avoids the growing number of special cases it was previously handling (some of them wrongly). 'make update' Include e_os2.h instead of opensslconf.h. SSL_add_dir_cert_subjects_to_stack is not implemented on WIN32 and VMS, so declare it the same way. Since SSL_add_dir_cert_subjects_to_stack isn't impemented on VMS, there's no point creating an alias for it. When inside a #if 0..#endif, do not define anything. Always include opensslconf.h, even if it's already been done before. The reason is that some parts are only included when certain other include files have been included. Windows does not know of strigs.h or strcasecmp, so when in Windows, make strcasecmp a macro to _stricmp. One indirection level too little compared to the pre-CRYPTO_MEM_LEAK_CB time. Since opensslconf.h might be included over and over, undefine OPENSSL_UNISTD before redefining it, to avoid compiler warnings. Exported header files should not include e_os.h. Use e_os2.h rather than opensslconf.h, since some needed macros are defined there. Since RAND_file_name() uses strlen, make sure the number that's compared to it has the type size_t. Included the needed headers to make that happen. e_os.h does not belong with the exported headers. Do not put it there and make all files the depend on it include it without prefixing it with openssl/. Define the OPENSSL_NO_* macros as NO_* macros for the sake of applications thathaven't yet been changed CONF_METHOD is one of the few places where you find MS_FAR. I can't really see why we need to define these function pointers with MS_FAR if it's not done cosistently everywhere. e_os.h defines Getenv() Define the right macro for Linux and other GNU-based systems to get a correct declaration of strdup() make depend. Add the CCITT pilot directory OIDs. make update Note that all *_it variables are suddenly non-existant according to libeay.num. This is a bug that will be corrected. Please be patient. MacOSX doesn't have ftime(). Spotted by Pieter Bowman Introduce the possibility to access global variables through functions on platform were that's the best way to handle exporting global variables in shared libraries. To enable this functionality, one must configure with "EXPORT_VAR_AS_FN" or defined the C macro "OPENSSL_EXPORT_VAR_AS_FUNCTION" in crypto/opensslconf.h (the latter is normally done by Configure or something similar). Spelling corrected. Sort platforms lexicographically as well. Also, support more than two variants of a symbol. For SSLv2, return the SSLv2 method, not the SSLv23 method. This way, it's possible to reuse an SSLv2 session. Add the possibility for option macros and start using it to indicate for Windows compilations if DLL linkage is required or not. Document the SSLv2 session reuse fix. Update the VMS build scripts for EC Code for better build under Darwin (MacOS X). Submitted by Brad Dominy VMS catches up on the EC modifications. Some EC function names are really long. Make aliases for VMS on VAX. Build ectest too. Write a small comment so we know... Too many dollars... Bug fixes. Use 32bit longs on Alpha as well, because that's what the VMS assembler code works with. For some experiments, it is sometimes nice to serve files with complete HTTP responses. Document the change. We need to build MINFO. make update. It is a good thing to prepare the .def files. For AIX 4.3 or above, allow the use of dlfcn. bsdi-elf needs to link with -ldl. Minimise the amount of -L. when linking the shared libraries. It seems like some Unixen (SCO) have opinions about too many -L. An enhanced bctest submitted by Tim Rice . It now looks along $PATH for a working bc and returns the absolute path to one that does work. Correct a typo which might have lead to a dump. Noted by Martin Kraemer New cofiguration for Unixwre and SCO,with slightly better granularity. Contributed by Tim Rice avoid linking problems when OpenSSL is built with no-dsa. Spotted by Hellan,Kim KHE Since they aren't implemented yet, EC_GFp_{recp,nist}_method() need to be "#if 0"'d, or they will (re)appear as existing functions in util/libeay.num. Use stdlib.h to get size_t. Remove redundant operations and update version info. We really have no need for PEX_LIBS, so empty it. A lot of reports. Small AIX problems solved. ln on Solaris expects -f to come before -s. The linux-shared method is actually gcc-specific, so call it gnu-shared as well. gcc uses collect2, not ld, to link things. Therefore, when using gcc there's no need fooling ourselves, it's the gnu-shared method that we should use. Do it for Solaris to begin with. When using the native tools on Solaris, make damn sure the native ld is used, even if the user has GNU ld earlier in his $PATH. make update For mips3 and alpha, put the assembler file directives in separate variables and disable the Alpha assembler for now, since it has been shown to fail. Reports seem to show that asm/mips3.s has faults. To be investigated, but let's avoid using it in the mean time Include bn.h so we get BN_LLONG properly defined. Otherwise, we can forget things like %lld Restore asm/mips3.s to be compiled and linked in, since the bug has (at least hopefully :-)) been fixed. Add news section for OpenSSL 0.9.6a. Please add what's missing Since there has been reports of clashes between OpenSSL's des_encrypt() and des_encrypt() defined on some systems (Solaris and Unixware and maybe others), we rename des_encrypt() to des_encrypt1(). This should have very little impact on external software unless someone has written a mode of DES, since that's all des_encrypt() is meant for. I forgot to rename des_encrypt to des_encrypt1 in libeay.num. Stress the news about the name change. One des_encrypt to des_encrypt1 I forgot to commit... Complete the des_encrypt to des_encrypt1 rename in the main development line as well. Beta 3 has been released and announced. linux-elf verified. Note reports. A few more reports. Reports on VMS. Remove a typo in dgux-R4-gcc. libfisdef.h and LIB do not exist on older VMS versions Reports on Windows, DG-UX and older OpenVMS. Plug a memory leak. Spotted by "Shijin" Make do_bsd-gcc-shared depend on do_gnu-shared instead of the non-existent linux-shared OpenVMS/Alpha should use 64 bits. If nothing else, there's performance to gain. Since vms.mar handles 32-bit integers, do not use it on Alpha, that's just a slowdown. Incorporate some changes that make OpenSSL compilable in CygWin. Correct a typo. linux != linus. Unixware config. Fix couple of memory leaks in PKCS7_dataDecode(). (provided by Stephen) Add the possibility to have AES removed in Windows as well. Spotted by Harald Koch Resize a local buffer to accomodate the size requirements of AES. Protect against future mistakes with an assert(). Correct info in the FAQ. NetBSD and OpenBSD use TOD as well Make it possible to move the emailAddress object to the subjectAltName extension instead of just copying it. That makes a certificate comply even more with PKIX recommendations according to RFC 2459. Show an example of moving the emailAddress object from the subkect DN to subjectAltName when signing a certificate. Add -keyform. Correct typo. VMS was behind when it comes to OCSP. Script to create shareable images (shared libraries in Unixly terms) on VMS. User OPENSSL_UNISTD instead of . Spotted by Mark Crispin We shouldn't skip over header files to avoid functions of disabled algorithms. The selection is done in a different way engine.h includes all the needed header files, so don't do it again here. Check for OPENSSL_NO_RSA, OPENSSL_NO_DSA and OPENSSL_NO_DH and disable appropriate code if any of them is defined. gcc warns when certain values of an enumeration aren't taken care of, unless there's a default clause. Provide the possibility to clean up internal ENGINE structures. This takes care of what would otherwise be seen as a memory leak. Clean up ENGINE before exiting. make update Linux shared libraries can be linked with debug symbols. Tru64 shared libraries can be linked with static libraries. Make proper use of all disabling variables. make update A method to create shared libraries on AIX, and according to "Howard Chu" , it may be general enough to work on any Unixly system. Remove part conflict indicator... Add support for Sun C on Solaris x86. Contributed by Ben Some platforms (most notably Windows) do not have a $HOME by default. For those, unless the environment variables RANDFILE or HOME are defined (the default case!), RAND_file_name() will return NULL. This change adds a default HOME for those platforms. Add a general user interface API. This is designed to replace things like des_read_password and friends (backward compatibility functions using this new API are provided). The purpose is to remove prompting functions from the DES code section as well as provide for prompting through dialog boxes in a window system and the like. make update Clarify the license and copyright, make preprocessor dirctives a little bit clearer and use the new OPENSSL_SYS_* macros. Don't forget crypto/ui... There is no uitest e_os2.h defines things like OPENSSL_SYS_MSDOS, not opensslconf.h... (basically: whooops :-)) Put back a removed "extern", or many compilers will complain about redefined variables. Move the password reading functions completely away from the DES section. When doing rewrites on ssleay.num, the file was prematurely closed. Make rewrites the default, since it works, and people get confused if changed information doesn't get rewritten automagically. des_read_password() and des_read_2passwords() can only appear if DES is compiled. Win16 too :-). make update Define `ok' and better error detection. A randomizer for OpenVMS, using the statistics that are easily reachable. Document the addition. It seems like the removal of "extern" before "static" wasn't a mistake. Make it so the compiler doesn't inform me about the dollars in some symbols. Use ui_compat.h to get the password reading functions. len is a size_t, which is an unsigned integer. Therefore, some compilers will complain against the check for less than zero. Make more short aliases for symbols that are longer than 31 characters. Remove the password reading objects from LIB_DES. ui_compat.h was forgotten in the "symlinking" routine. ui was forgotten when installing libcrypto and it's headers. Make sure memset() is properly declared. Make sure strdup() is properly declared. branch on equal is beql, not beq... Low-case the names of the system routines, since some versions of DEC C only have them declared that way (it doesn't really matter, since the linker is case-insensitive by default) Do not forget to increment the pointers... New internal function OPENSSL_gmtime, which is intended to do the same as gmtime_r() on the systems where that is defined. Add a few more details on what one might need. make and a development environment were a part of a Unix operating systems, but these days you see an increasing number of installations that do not necessarely have these crucial parts by default, so it's needs mentioning. Add a requirements section for OpenVMS. VMS doesn't support more than on period in a file name We had the password callback for ENGINEs pretty much wrong. And passwords that were given to the key loading functions were completely ignored, at least in the ncipher code, and then we made the assumption that the callback wanted a prompt as user argument. Document the latest change in ENGINEs. A wish was expressed. Extend all the loading functions to take an engine pointer, a pass string (some engines may have certificates protected by a PIN!) and a description to put into error messages. Don't decrement the reference counter twice when destroying dynamic links. Stop mishandling the type number in dynlock locking nCipher callbacks shall return 0 on success, something else otherwise. Confusion between algorithms resolved. Added more info in SRP. More info on SRP. Accept digits in symbol names. Spotted by Brian Havard Small detail about AIX forgotten... A good use of the UI interface is as a password callback replacement (for new functions...). One might still want to be able to pass down a user-data pointer to be used by the UI. However, ex_data doesn't quite cut it, since that means the appropriate index to it might need to be shared between parts that aren't really related in that sense, and would require the currently hidden (static) index holders to be uncovered. Not a good thing. Therefore, add the possibility to add a user-data pointer to a UI. Defining __USE_XOPEN_EXTENDED was the wrong thing. Instead, define _XOPEN_SOURCE. 'make update' Don't forget to initialise. Use memmove() instead of memcpy() on areas that may overlap. Spotted by Nalin Dahyabhai Provide an application-common setup function for engines and use it everywhere. One feature wasn't quite commited yet Enhance the user interface with better support for dialog box prompting, application-defined prompts, the possibility to use defaults (for example default passwords from somewhere else) and interrupts/cancelations. The default flag should be for default passwords only. Otherwise, someone having a default that is not a password will be confused. - Add the possibility to control engines through control names but with arbitrary arguments instead of just a string. - Change the key loaders to take a UI_METHOD instead of a callback function pointer. NOTE: this breaks binary compatibility with earlier versions of OpenSSL [engine]. - Addapt the nCipher code for these new conditions and add a card insertion callback. Change the common application routines to use a UI_METHOD for password prompting, even when done through the callback. Do a proof of concept. "openssl genrsa" will make the name of the file part of the password prompt unless it's standard input... cp is only used when DSA is built. Modify "openssl engine" to handle and display internal control commands appropriately. Since there is a way to create UI_METHODs, implement a destructor as well. Update my status. For the UI functions that return an int, 0 or any positive number is a success return, any negative number is a failure. Make sure we check the return value with that in mind. Include the UI error strings. New error printing function that gives the possibility to print the errors through an arbitrary function. Implement boolean (yes/no or OK/Cancel, ...) input. make update Do not loop i the OpenSSL UI method any more. Instead, letthe application do that. Document recent changes. Oops, applies to 0.9.7 only. Make use of new features in UI's. Among others, the application password callbak doesn't need to check for sizes any more. apps_startup() needs a corresponding apps_shutdown(). Use apps_shutdown() in all applications, in case someone decides not to go the monolith way (does anyone do that these days?). make update Including stdio.h before setting _XOPEN_SOURCE and _XOPEN_SOURCE_EXTENDED wasn't very smart... Use the new UI features, among others the new boolean input. Make sure we don't return 0 on error. Call apps_shutdown() to take down what apps_startup() set up. Make better use of load_cert, load_certs and load_key. Make get_ip() a bit more strict in it's parsing of IP addresses, and at the same time a bit more accepting with host names. Make better use of load_cert, load_certs and load_key. Make better use of load_cert, load_certs and load_key. Changes to have OpenSSL compile on OS/2. Contributed by "Brian Havard" Insuline shot [Forgotten commits?] Changes to have OpenSSL compile on OS/2. Contributed by "Brian Havard" Let's include cryptlib.h *before* things like NO_SYSLOG are tested or used. Make an extra note about shared libraries and backward compatibility. Change info to correct values. Use one address consistently. Patches from Vern Staats to get Kerberos 5 in SSL according to RFC 2712. His comment is: If I define _XOPEN_SOURCE before including *any* system header file, things will work much more smoothly. EVP_Digest() takes one more parameter. make update One forgotten function. Make sure crypto/krb5/krb5_asn.h becomes part of libeay.num. Make sure crypto/krb5/krb5_asn.h is copied to the directory of exported header files. make update The implementation of the TKTBODY ASN.1 functions was missing. Changes to the Kerberos SSL code by Jeffrey Altman His comments are: Code to avoid the use of non-standard strptime(). By Jeffrey Altman Changes to the Kerberos SSL code by Jeffrey Altman His comments are: Private functions do not belong in an exported header file, so move them to one that won't get exported. Include kssl_lcl.h where needed. make update Document the recent Kerberos SSL changes. Some of the Kerberos code had dissapeared. Reapply. Add the possibility to specify the use of zlib compression and decompression. It can be set up to link at link time or to load the zlib library at run-time. Clarify that zlib-dynamic is the default choice. paddr may be NULL. Do not crash if it is. Prevent KSSL server from requesting a client certificate. Submitted by Jeffrey Altman SSL_get_[rw]fd were documented but not implemented. SSL_get_rfc were documented but not implemented. More Kerberos SSL patches from Vern Staats . His comments are: Not all platforms have the OpenBSD crypto device. Addapt VMS script to the latest changes in the makefiles. make update More Kerberos SSL changes from Jeffrey Altman His comments are: Whoops, my fault, a backslash got converted to a slash... Correct most of the unsigned vs. signed warnings (or int vs. size_t), and rename some local variables to avoid name shadowing. Make as sure as possible that gethostname() will be properly declared. Vade retro C++ comments! Make sure the source file is included among the dependencies. This is the norm for 'gcc -M' but not for 'makedepend', and is merely introduced here to avoid commit wars. make update Make sure memcpy() gets properly declared by including string.h. Apply the Tru64 patch from Tim Mooney gcc 3.0 tells me that -m486 is deprecated. The gcc 2.95 manual tells me the same and that the correct option is -mcpu=i486. I'm assuming -mcpu has been around for some time, and that it's therefore safe to change all occurences of -m486 to -mcpu=i486. Make sure evil file name characters, like spaces or ampersands (!), don't disturb the rehashing process. Spotted and suggested patch from Rudo Thomas In case of memory problems, the va_start() wasn't cleaned with a va_end(). Noticed by Thomas Klausner . Two changes: The #error message must match a very specific regexp (see mkdef.pl, currently line 470). 'make update' Apparently, Linux is identified with __linux__ as well. Stop thinking arguments starting with - are algorithm identifiers. Show timing parameters and timing functions used. It looks like some Linuxen have very weird settings for CLK_TCK. I'm very unsure about this change and will investigate further. Synchronise with Unixly build. Change HZ in speed to rely on sysconf() if the clock tick is available that way. Synchronise s_time with these changes. o_time.c contains symbols with dollar signs in them, so we must tell the compiler not to warn about that. Some new symbols have very long names... Addapt seldom compiled code to new semantics of the key schedule (not a pointer any more). sk_ENGINE_CLEANUP_ITEM_pop_free() is duplicated in ENGINE_cleanup(). Let's use sk_ENGINE_CLEANUP_ITEM_pop_free() instead. 'make update' Woopsie... Hmm, everything "open" isn't necessarely "openssl" :-). *sigh* habit... A lot of things are undeclared unless x509.h is included. sch isn't an array, how did this pass through gcc? Because there's chances we clash with the system's types.h, rename our types.h to ossl_typ.h. Because there's chances we clash with the system's types.h, rename our types.h to ossl_typ.h. Also, it seems like krb5 was forgotten in some places. Since ossl_typ.h is an exported header, we sure need to export it on VMS as well :-). 'make update' SSL_add_dir_cert_subjects_to_stack for Win32 finally implemented. Submitted by Massimo Santin . Typo... Copy evptests.txt to the right place. A few more OIDs, contributed by Peter Sylvester makedepend sometimes produces duplicates. Remove them. To avoid commit wars over dependencies, let's make it so things that depend on the environment, like the presence of the OpenBSD crypto device or of Kerberos, do not change the dependencies within OpenSSL. 'make update' It seems like gcc does canonicalisation of file names. More specifically, a starting './' is removed. makedepend doesn't do this, resulting in another possible commit war, so let's fix that by doing a poor mans canonicalisation of file names that gives the same effect as doing dependencies through gcc. 'make update' For systems where gcc is used and where we don't know if GNU ld is used or not, let's ask collect2 which ld it uses and choose to use the target do-gnu_shared if GNU ld is used. Add support for md4WithRSAEncryption. 'make update' In certain cases, no encoding has been set up for the b64 filter. In such cases, a flush should *not* attempt to finalise the encoding, as the EVP_ENCODE_CTX structure will only be filled with garbage. For the same reason, do the same check when a wpending is performed. The EVP_*Init_ex() functions take one extra argument. Let's default it to NULL. Wrong place... Correction of the id-pda OID's. Submitted by Frederic.Giudicelli at INTRINsec.com make update make update Deprecate the macro MAC_OS_pre_X. Due to an increasing number of clashes between modern OpenSSL and libdes (which is still used out there) or other des implementations, the OpenSSL DES functions are renamed to begin with DES_ instead of des_. Compatibility routines are provided and declared by including openssl/des_old.h. Those declarations are the same as were in des.h when the OpenSSL project started, which is exactly how libdes looked at that time, and hopefully still looks today. A C file is a C file is a C file! Have the removal warnings very high up in the source. Remove DES_random_seed() but retain des_random_seed() for now. Change the docs to reflect this change and correct libeay.num. Make sure openssl speed is compilable on systems where fork() doesn't exist. For now, that's all the ones we "support" except Unix. Change the DES documentation to reflect the current status. Note that some password reading functions are really part of the UI compatibility library... Correct some links... Addapt VMS scripts to the newer disk layout system ODS-5, which allows more than one period and mixed size characters in file names Change the shared library support so the shared libraries get built sooner and the programs get built against the shared libraries. DOS and Windows do not like unistd.h No need to include anything on systems that do not have /dev/crypt Place the OpenSSL-specific headers back so they always get included, or we get a dependency war in Makefile.ssl des_old.h doesn't really need to include des.h, so don't. That will avoid clashes with other code that have their own DES_ functions but really only use OpenSSL's old des_ functions. Exclude .out files unsigned int vs. int. Remove temporary files Implement STARTTLS for certain protocols, currently only supporting SMTP. Change the order of events so the capabilities of loaded engines can get listed as well. After loading a dynamic engine, reset the command definitions to the empty set. This prevents engines that do not set the command definitions themselves to inherit the ones from "dynamic", which would otherwise be very confusing. Add a demo that reimplements the RSAref glue in form of a dynamically loadable engine. In a Debian Linux environment, it's not a good idea, apparently, to manually declare the include directory /usr/include at the same time as the macro PROTOTYPES is defined with the value 1. Besides, /usr/include is the standard include directory anyway, so there's no need to specify it explicitely. Make use of RSAref's header files instead of EAY's crafted rsaref.h. make update perl util/mkerr.pl -recurse -write -rebuild Make it possible to build completely static, independent error C files. Add a local error code configuration file for the rsaref dynamic engine. Add targets to update the error code files. 'make update' + some touches. Use the generated error code files. At least for the two common Unixly DSO loading methods, include the system error in the error text. If an engine isn't built in, try loading it as a shareable library instead. This also makes it possible for users to simply give said shareable library as argument for the -engine option. Add DES functions. Restructure the code and comment it a bit. Prepare for the presence of digests. Make it possible to give digest names as -evp arguments. Add MD digests. make update A missing comma added. Make sure evp_locl.h can be included (hw_openbsd_dev_crypto.c needs that). On systems that don't do too well including headers from a different directory, trust the building scripts to handle it properly. End assembler macro correctly. Build dynamic rsaref engine on VMS. Tested on VAX so far. On VMS, the norm is still that symbols are uppercased, so for now it's better to trust that norm. I might implement a control for this later on Extentions of the explanations to the linking problem on Win32. Provided by Andrew Gray Certain missing algorithms make some SSL versions or TLS impossible to build. I was recently informed that some people wrongly use ssleay.txt as main documentation, so let's warn them a little more, so the word "OBSOLETE" really gets understood. UID was never a lable for uniqueIdentifier. However, LDAP and certain RFCs concerning X.500 directories use UID as a shorter name for the attribute type userId, which is defined by CCITT and available through RFCs 1274 and 2247. make update Implement failover for ubsec. Submitted by Subramanian Ramamoorthy with the following comment: Change pkcs12 so the certificates coming from -in do not get tossed if -certfile is given as well. Synchronise with the 0.9.6 branch. Do not forget to compile comp_err.c Better use the same number in all branches, to avoid confusion And just for the sake of completeness, let's add some standard macros... Status update Add support for Linux on HP/PA. Submitted by "Bryan W. Headley" On Solaris64, cc needs the flag -xarch=v9 when linking shared libraries. Make a general change to support shared library linking flags in general. Noted by Nick Briggs Allow 8-bit characters. This is not really complete, it only marks characters with the highest bit set as HIGHBIT. We need to expand this to support the UTF-8 character set properly. However, this solves the problem that the character 0x80 (which is common in UTF-8) gets masked to 0x00. Patch submitted by "Huang Yuzhen" Say that recent CygWin perl versions work as well. Submitted by Eric Hanchrow Allow verification of other types than DATA. Submitted by Leonard Janke RSA counter should only be defined of RSA is available. make update When RSA or DSA are disabled, do not include the stuff that's specific to them. The block size may be something other than 8! Because Rijndael is more known as AES, use crypto/aes instead of crypto/rijndael. Additionally, I applied the AES integration patch from Stephen Sprunk and fiddled it to work properly with the normal EVP constructs (and incidently work the same way as all other symmetric cipher implementations). Implement speed measurement for AES. Submitted by Stephen Sprunk as part of his AES integration patch. make update Better clarification on perl Patches to make OpenSSL compilable on MacOS/X. Submitted by Pier Fumagalli Bring VMS up to date with development. Add more of the NIST test vectors for AES. Use FIPS-197 vectors for AES. The NIST vectors were constructed by reencrypting or redecrypting the ciphertext 10000 times, which of course gives higly different results. To avoid all kinds of link-level clashes, rename all old des_* functions to _old_des_*. To avoid all kinds of link-level clashes, rename all old des_* functions to _old_des_*. Because of recent changes, there's no need to hack the des symbols any more. make update libeay.num got tweaked so the old des symbols would retain their positions. Keep the NIST AES vectors that were there previously. There is no aestest currently. The EVP tester is used to check the AES algorithm. Add -keyform. Document -engine. Document the change in rsautl. I must learn to compile before I commit... Apply a change by Toomas Kiisk : Apply the following changes by Toomas Kiisk : Apply Neale Ferguson's patch to add a configuration target for linux-s390x I got a request to make the "old des" symbols more closely tied to OpenSSL. Adding '_ossl' in the name seems to be a good way to do this. Add old patch from Robert Dahlem to make it possible to produce shared libraries on ReliantUNIX. GCC uses __i386__. Apply a small patch from Diego R. Lopez , making X509_check_issued() properly match an issuer that's found in a Authority Key Identifier. It looks like I didn't remove everything that has to do with the non-existant aestest.c. Apply a small patch from Oscar Jacobsson that makes things more compilable with VC++. Apply a small patch from Dan Lanz to get shared libraries with debug-linux-elf. Update SCO5 targets. I got some reports that some targets have weird dso_schemes. Therefore, I've added a sanity checker. Detect one-step shifts of the dso_scheme. Correct the number of colons for the targets aix43-cc, aix43-gcc, alpha-cc, alpha-cc-rpath, alpha-gcc, alpha164-cc and alphaold-cc. Spelling correction. Apply patch from Toomas Kiisk and complete it. ASN1_BIT_STRING_set_bit() didn't clear previously set bits Apply three patches from Assar Westerlund : Apply one patch from Assar Westerlund : With the changed des_old API, let's complete the work by renaming the functions in ui_compat. This gave reason to rework that part more thoroughly, so here are the changes made: 'make update' If the intended header file doesn't exist, create it. Generate the individual engines' error strings and macros automatically. Certain reasons aren't really part of the engine framework, so let's make them ubsec-specific in the ubsec implementation. Add aep and sureware implementations and clean up some error reasons that were never part of the engine framework. Because AEP and we used the same AEP_R_ prefix for error reasons, lets change our prefix to AEPHK_R_. Otherwise, we get very mysterious errors because we happen to redefine AEP_R_OK and AEP_R_GENERAL_ERROR. I forgot to include the aep and sureware vendor header files. Oops, do not unlock CRYPTO_LOCK_DYNLOCK when we locked CRYPTO_LOCK_RAND... Remove an unused variable. Add notes on the added support for aep and sureware crypto cards in 0.9.7. Make link-shard a little bit more efficient. If there are no extensions to link together, there's no point looping at all. Move teh silencer to the right place. Update the configuration of CygWin32 to use the new capabilities of CygWin 1.3.x, which includes thread and shared library support. Modify the main trunk version to 0.9.8-dev. 0.9.7 now lives in the branch OpenSSL_0_9_7-stable. Correct sh, please At Corinna Vinschen's request, change CygWin32 to Cygwin The Cygwin shared extension was shifted. make update, with libeay.num remade to match the 0.9.7-stable one. For some reason, getting the topmost error was done the same way as getting the bottommost one. I hope I understood correctly how this should be done. It seems to work when running evp_test in an environment where it can't find openssl.cnf. Make sure memset() is defined by including string.h Notified by Oscar Jacobsson Add the configuration target VxWorks. Give the linux-sparv9 target shared capability. Submitted by Ian Marsh gcc chokes on C++ comments in C code. Missing #endif Local `time' shadows the global function `time()'. Rename the local variable to `tim' (and, as a matter of consequence, `time_d' to `tim_d'). The macro IMPLEMENT_ASN1_FUNCTIONS_const already contains an ending ;, so do not add one after the expansion, since ANSI C doesn't allow ;; at this level (or at least, so tells me gcc). Adjust the NID names for the AES modes OFB and CFB to contain the number of feedback bits Add the modes OFB128, CFB128 and CTR128 to AES. Submitted by Stephen Sprunk The AES modes OFB and CFB are defined with 128 feedback bits. This deviates from the "standard" 64 bits of feedback that all other algorithms are using. Therefore, let's redo certain EVP macros to accept different amounts of feedback bits for these modes. Since Cygwin is the proper spelling, let's change to that everywhere. Also, with the change in Configure, it now knows on it's own if threads are supported or not. Oh, and since config figures out that we run Cygwin and what versions, let's recommend running config instead of a manual Configure. Don't shadow already defined variables With Compaq make, it seems like # inside an action becomes part of the command, not a comment at all Comparing a pointer (data) with 0 using > is incorrect. The changed comparison doesn't look right, but at least it compiles. It would be nice if the one who knows what this is supposed to do changed it to do it correctly Instead of just checking for OpenVMS, check if DEC C is used, since it's as picky on all platforms With Compaq make, it seems like # inside an action becomes part of the command, not a comment at all Add reports on checked 64-bit platforms and make space to add platforms that need to be checked Update the status on 64-bit thingy. Instead of casting a lvalue, let's constify meth. gcc figures that the format specifier %2x means unsigned int, so let's make n unsigned. Including openssl/e_os.h in the OpenSSL 0.9.6 branch is legal, since it's exported. Changing that is a BIG step, which has been done in 0.9.7-dev. Stop assuming the IV is 8 bytes long, use the real size instead. This is especially important for AES that has a 16 bytes IV. Add comfy aliases for AES in CBC mode. Add AES support in the applications that support -des and -des3. We have AES support in openssl speed make update, after moving around symbols in libeay.num to match 0.9.7-stable. Document the added modes for AES Updated AEP engine, submitted by Diarmuid O'Neill Increase internal security when using strncpy, by making sure the resulting string is NUL-terminated Make sure aep_close_connection() is declared and has a prototype that's consistent with the rest of the AEP functions VMS addaptation, including a few more long names that needed hacking. make update Remove the perl/ subdirectory. It hasn't been worked on for ages, is very broken, and there are working modules in CPAN, which makes our module even more moot. This change was only made in 0.9.7-stable. Synchronise Make it so one can select tests from within the test directory Rename des_SPtrans to DES_SPtrans to differentiate from libdes and avoid certain linkage clashes. Typo. In DCL, the continuation character is a dash at the end of the line, which I forgot when spliting one. New configuration targets for OpenBSD, handed to me by Bob Beck Provide a pre 0.9.7 compatibility mapping if OPENSSL_DES_PRE_0_9_7_COMPATIBILITY is defined. NOT AT ALL TESTED YET! Add a comment as to the libdes compatibility. OpenSSL currently fails on certain pure 64-bit architectures. This is a showstopper Change des_old.c to use types prefixed with _ossl_old_des_. When closing, do not use close(). Also, if the closing call fails, do not return immediately since that leaves a locked lock. Synchronise the AEP engine in all branches. For 0.9.6-stable [engine], implement software fallback Merge in DES changed from 0.9.7-stable. Merge in DES changed from 0.9.7-stable. Merge changes from 0.9.7-stable Merge changes from 0.9.7-stable Make the change to strong keys in the string to key(s) functions experimental in the main trunk as well Correct the mapping for des_read_pw() Add the mapping of des_random_seed() for 0.9.6 compatibility. Make sure DES_cblock is defined at all times (meaning one shouldn't include openssl/des_old.h directly any more). Add the possibility to enable olde des support, not just disable it, for future support. Redocument A forgotten file Fix of mixup bwtween SOMAXCONN and SO_MAXCONN. Furthermore, make SO_MAXCONN the first choice, since that's the standard (as far as I know). Cast the pointers to the BIGNUM data to unsigned long *. This would be harmful if we didn't also pass the exact number of bytes of that data Forgot one of the casts Make shared libraries resolve global symbols within themselves first. Currently only on GNUish linkers... Submitted by Steven Bade Use recv() and send() for socket communication on VMS instead of read() and write(). The reason is that read() and write() make additional record level locking which causes hangs of Compaq Secure Web Server (Apache) with SSL. Submitted by Compaq. Recognise DEC C++ as equivalent to DEC C for the definitions of OPENSSL_EXTERN and OPENSSL_GLOBAL. Submitted by Compaq. Oops, the system macro for VMS is OPENSSL_SYS_VMS, not VMS Allow longer program names (VMS allows up to 39 characters). Submitted by Compaq. make update (libeay.num has been edited to match 0.9.7-stable) Allow longer program names (VMS allows up to 39 characters). Submitted by Compaq. Change the date to XX xxx XXXX in development versions. Check error code from a2d_ASN1_OBJECT(). Avoid emacs backup files when making a snapshot Make sure the opened directory is closed on exit. Notified by Lorinczy Zsigmond Do not free p if it hasn't been used yet. Notified by Bernd Matthes No point constifying an int. Notified by Bernd Matthes The callback must have (void) as argument list. Notified by Bernd Matthes Signedness mismatch. Notified by Bernd Matthes Make sure ec and ecdsa is properly handled in Windows. Notified by Bernd Matthes Uhmmm, if we use && after having tested for the presence of the certificate, we just *might* stand a certain chance of actually getting it written to file... Potential memory leak removed. Notified by Synchronise with 0.9.7-stable. Synchronise with 0.9.7-stable. Fix unsigned vs. signed clash Make sure that date is run under the C locale, so dates are given in the default format. PR: 16 Generate an error if rewinding wasn't possible. Notified by Ken Hirsch . PR: 23 Small documentation fix for EVP_CipherFinal or EVP_CipherFinal_ex. Notified by Stella Power . PR: 24 Move an assert() to avoid core dumps when a static buffer hasn't been given. Notified by Verdon Walker One place where VMS wasn't changed to OPENSSL_SYS_VMS... Make the huge buffer smaller, so the size becomes reasonable for small-stack environments. Notified by Verdon Walker Synchronise the FAQ Updating status for 0.9.6d Use OPENSSL_SYS_VMS instead of just VMS Allow the use of the TCP/IP stack keyword TCPIP and NONE Make sure ECDSA is built and tested on VMS. Make sure ECDSA is built and tested on VMS. Avoid loops if linking an application fails. Define a short alias for another long EC symbol. Make sure short aliases are used where required. make update Recover from errors There is a chance that the input string is larger than size, and on VMS, this wasn't checked and could possibly be exploitable (slim chance, but still) Set DLOPEN_FLAG the same way on NetBSD as on OpenBSD. PR: 58, submitted by andrew at cis.uoguelph.ca Remove the duplicate description of -out. PR: 28 Add more warnings for my debug targets. Our copy of pod2man.pl is old and comparatively broken, so lets remove it. PR: 30 Some shlib extensions were in the wrong field Correct darwin shared library support. PR: 39 Correct AES counter mode, which incorrectly incremented the counter before using it. PR: 56 Apparently, there are still chances we have to deal with buggy pod2man versions. Deal with that by testing any available pod2man and using it if appropriate, and falling back to util/pod2man.pl if none was found. pod2man.pl would only remove the first LF from the name. Make sure that MS_STATIC isn't defined to 'static' under Win32. PR: 51 CAformat should not be used for CA key format. Check the return values where memory allocation failures may happen. PR: 49 a B< that wasn't properly ended. Support shared libraries properly on linux-sparcv[89]. PR: 60 Support the newly release gcc 3.1 on 64-bit Solaris. Not automatic. PR: 57 Reformat the CFLAG string so it can be made part of a C string. Incidently, this works pretty well on the command line as well. PR: 52 In CFB mode, the iv is always encrypted. Declare the CFB and OFB modes for AES, and prepare for a declaration of CTR mode. For CFB and OFB modes, always create the encryption key. Make it possible to give vectors only for decryption or encryption. Add the AES test vectors from NIST document SP800-38A. Document the AES changes. use sstrsep() to get the proper type to aoti(). Remove unneeded cast in ustrsep(). PR: 69 make update (including adjusting libeay.num in HEAD to the changes in the 0.9.7-stable libeay.num Update the recognision of GCC version numbers to handle the prefix text that GCC 3.1 adds to the --version output Since there's no continuation, the ; can go as well :-) Documentation bug corrected. PR: 70 Check errors when parsing a PKCS8INF PEM FILE, or there will be a core dump on error. PR: 77 It's not good to have a pointer point at something in an inner block. PR: 66 Make perl replacement for dirname, for system that lack the latter. PR: 81 Merge from 0.9.7-stable. Making a softlink from crypto/des/asm/perlasm to crypto/perlasm isn't strictly necessary, so let's not do that. Parse directory using both slashes and backslashes as separators. Do file copying in term of perl statements instead of using cp. Part of PR: 75 Check for the executable $openssl, not just the file. Part of PR: 75 Add support for DJGPP. PR: 75 Add support for DJGPP. Make sure that any dash in the prefix before the version number is removed. PR: 96 Tentatively add support for UWIN, a Unix-like environment on top of Windows. PR: 62 make update (adapt libeay.num to the 0.9.7-stable branch) For some reason, we need to return the full path to perl A number of includes were removed from evp.h some time ago. The reason was that they weren't really needed any more for EVP itself. However, it seems like soma applications (I know about OpenSSH, but there may be more) used evp.h as the 'load all' header file, which makes sense since we try our best to promote the use of EVP instead of the lower level crypto algorithms. Therefore, I put the inclusions back so the application authors don't get too shocked by all the errors they would otherwise get. The general debug target must specify that it doesn't use assembler routines. PR: 105 There is no RSAREF any more, so do not ty to install it. PR: 106 Use bg instead of bag as argument to macros, to avoid clashes with structure field names. PR: 112 gcc requires -m64 to link 64-bit shared libraries on Solaris. PR: 117 have 'openssl pkcs7' exit with code 1 on error instead of 0. PR: 119 Use 32-bit sections instead of the default, 16-bit ones. Part of PR 123 When compiling for Windows, make sure we have the windows definitions declared. Part of PR 123 Use underscores instead of dashes in temporary file names. This is due to weird Borland compilers. Part of PR 123 Document the new way of building with Borland Builder. This concludes the changes from PR 123 The new stuff is for Borland Bulider 5, so document it appropriately Forgot to change the second $ENV{DJDIR} to /dev/env/DJDIR. Part of PR 75 Update the information on Cygwin. Part of PR 75 DJGPP has some needed header files that other MSDOS/Windows compilers don't have. Part of PR 75 Pass CFLAG to dependency makers, so non-standard system include paths are handled properly. Part of PR 75 A few changes to BC-32.pl didn't get properly applied. This completes PR 123 Try to avoid double declaration of ERR_load_PEM_strings(). PR 71 opensslconf.h doesn't define what we want, e_os2.h does. PR 123 Do not define crypt() on OpenBSD. Notified by Bob Beck of OpenBSD. In UI_UTIL_read_pw(), we should look at the size parameter, not at BUFSIZ. Submitted by G??tz Babin-Ebell There's an ongoing project to bring some kind of path selection mechanism to the ENGINE framework. This means there there are going to be new functionality for the DSO part, and ultimately some way of merging two file specifications together. Set up the engine before doing anything random-related, since engine randomness is only used for seeding and doing it in the wrong order will mean seeding is done before the engine randomness is hooked in. Notified by Frederic DONNAT Using -Wtraditional took it a little far. After all, we expect ANSI C, so we don't need to care about traditional compilers Let's not forget the second -Wtraditional Some older code (never committed) wasn't converted to the new format. Corrected. For those wanting to build for several platforms with the same source directory, making a separate directory tree with lots of symbolic links seems to be the solution. Unfortunatelt, Configure doesn't take appropriate steps to support this solution (as in removing a file that's going to be rewritten). This change corrects that situation. Now I just have to find all other places where there's lack of support for this. For those wanting to build for several platforms with the same source directory, making a separate directory tree with lots of symbolic links seems to be the solution. Unfortunately, Configure doesn't take appropriate steps to support this solution (as in removing a file that's going to be rewritten). This change corrects that situation. Now I just have to find all other places where there's lack of support for this. There are problems on certain platforms, and possible answers on how to (temporarly) solve them. Actually, the "bug" is really documented in the man-page for ld, so it's really a misfeature according to the jargon file (4.0.0) definition: The default C compiler on MacOS X doesn't like empty object files We had some experimental options in the Darwin entries. They are no longer needed Add the usually recommended solution to the linking problem entry for MacOS X On MacOS X, you're not allowed to have common objects in shared libraries On MacOS X, the shared library editor uses DYLD_LIBRARY_PATH If OpenSSL is built with shared library support on MacOS X, everything works fine. Note: this is only true for 0.9.7 and on Add a few FAQ entries for the various ways building OpenSSL on MacOS X can fail, and point at the text in the PROBLEMS file Add support for shared libraries with OS/2. PR: 124 Make mkdir failsafe in case the directories are already present OPENSSL_SYS_WIN32 is important so util/mkdef.pl can detect it Unixware doesn't have strings.h, so we need to declare strcasecmp() differently. Unixware 2 needs to link with libresolv. PR: 148 Make S/MIME output conform with the mail and MIME standards. PR: 151 Reverse the change with the following log, it needs further investigation: Further enhance assembler support on Cygwin and DJGPP. Make pod2mantest useable on DOS-based systems. Part of PR 75, the rest is still under investigation. Allow subjects with more than 255 characters to be properly printed. PR: 147 Add history for documented new functions. PR: 59 Explain why RSA_check_key() doesn't work with hard keys. PR: 86 Two more names that are a little too long for the standard VMS linker. The first compile of the new merger method for VMS *almost* got through. That's not enough, is it? :-) If DH is disabled, don't define the DH functions. Notified by Kim Hellan Make dummy tests to make it easier to physically remove unwanted algorithms. This should complete PR 75 Document the recent DJGPP-related changes Don't clobber loop variable. PR: 159 The version of the shared library should, for now, reflect the version of OpenSSL. Part of PR 181. ln -f -s doesn't always work, so do a rm -f followed by a ln -s. Part of PR 181 Make sure to use $(MAKE) everywhere instead of make. Part of PR 181 If the email address is moved from the subject to the subject alternate name, the subject in the certificate would differ from the subject in the index file, which has quite bad concequences. PR: 180 If CRYPTO_realloc() is called with a NULL pointer, have it call OPENSSL_malloc(). PR: 187 Cut'n'paste error with other reposnder certificates cleared. PR: 190 Linux on s390 really knows about loading dynamically. PR: 183 OCSP and KRB5 Makefil.ssl should be consistent with all the others Make it possible to load keys from stdin, and restore that functionality in the programs that had that before. Part fo PR 164 Avoid yet another name clash with libdes, and make the declaration consistent with the definition. Add the CBC flag for cbc ciphers make update Add aix64-cc, and make sure that ar gets proper flags for 64-bit libraries Don't try testing with parallell make, that will just fail. PR: 175 We don't need to find out which pod2man to use more than once Certain flag macros were tested with #if instead if #ifdef... make update 0.9.6f is released Parse version numbers prefixed with text (egcs does that, even with -dumpversion). PR: 203, part 1 When we want to give a -f argument to $(MAKE), we'd better make sure the variable doesn't already contain a -f argument. PR: 203, part 4 More long names to shorten. Synchronise with Unix. (I expect the next run will generate lots of errors on VMS :-)). A new header. Synchronise tests with Unix. mem* functions are declared in string.h. More long symbols to shorten. Remove clashes between symbols that have the same name except for casing. One more file to compile on VMS as well. In case of shared libraries, we might run one version of the application with a different version of the library. Detect if there is a difference of versions, and print both versions in that case. This might prove to be a good enough debugging tool in case of doubt. Update with the status for 0.9.6g. A few files in the ENGINE and EVP sections forgotten. Do not use the word 'modulus', which is a class template name in VC++ 6.0/SP5. PR: 216, point 3 Do not include openssl/ripemd.h when the RIPEMD algorithm has been deselected. PR: 216, point 1 Oh, ec2_smpt.c is #included by ec2_smpl.c! Comma forgotten. Merge in demo engines from 0.9.7-stable. Some files deserve to be ignored Make sure that the test input file comes in the same record format as the typical output from a program in C. PR: 222 The applications 'ecdsa' and 'ecparam' were missing from the VMS build. Instead of returning errors when certain flags are unusable, just ignore them. That will make the test go through even if DH (or in some cases ECDH) aren't built into OpenSSL. PR: 216, part 2 Sometimes, the value of the variable containing the compiler call can become rather large. This becomes a problem when the default 1024 character large buffer that WRITE uses isn't enough. WRITE/SYMBOL uses a 2048 byte large buffer instead. Yet a couple of modules forgotten. These weren't important for OpenSSL itself, since they aren't used there (yet). It became quite visible qhen building a shared library, however... Add a FAQ entry for yet another bc failure. PR: 199 Missing =back. Part of PR 196 It seems like sun4u doesn't always have a sparcv9 inside. Trust isalist. PR: 220 q may be used uninitialised Add -lz to the ld flags when the user has chosen to link in zlib *statically*. Notified by Doug Kaufman isalist was less trustable than I thought (or rather, one can trust it to come up with all kinds of names we don't have in our targets). Besides, our sparcv9 targets currently generate sparcv8 code, I'm told. So, I discovered that if you have your $PATH set so a ld different from GNU ld comes first, checking the usage of collect2 gives that instead of GNU ld, even if GNU ld would be the one that would get used if we link using gcc. It's much better, apparently, to ask gcc directly what the path to GNU ld is (provided it's there at all and gcc knows about it), and ask the result if it's a GNU or not. The bonus is that our GNU ld detection mechanism got shorter and easier to understand... Typo, I assigned the variable ld instead of my_ld... -elapsed is also useful when using gettimeofday Missing ; Incorrect argument order to memset() It makes more sense to refer to specific function manuals than the concept manual when the specific function is refered to in the current manual text. This correction was originally introduced in OpenBSD's tracking of OpenSSL. Remove reference to RSA_PKCS1_RSAref, since it doesn't exist any more. This correction was originally introduced in OpenBSD's tracking of OpenSSL. Remove *all* references to RSA_PKCS1_RSAref, since it doesn't exist any more. This correction was originally introduced in OpenBSD's tracking of OpenSSL. It makes more sense to refer to specific function manuals than the concept manual when the specific function is refered to in the current manual text. This correction was originally introduced in OpenBSD's tracking of OpenSSL. Make sure that the signal storage is regarded as volatile. This correction was originally introduced in OpenBSD's tracking of OpenSSL. The OpenBSD project has replaced the first implementation of the /dev/crypto engine with something they claim is better. I have nothing to compare to, and I assume they know what they're talking about. The interesting part with this one is that it's loaded by default on OpenBSD systems. This change was originally introduced in OpenBSD's tracking of OpenSSL. Removal missing Add a small note saying the 'debug' option should come before the platform in the arguments to mk1mf.pl. PR: 298 Document should match reality :-). PR: 255 If we're loading libz dynamically, and COMP_zlib() is called more than once, only the first call would provide the correct result. PR: 277 Add random number generation capability to the cswift engine. Should this be added to 0.9.6-stable as well? PR: 275 Installed libraries should not be overwritten, especially shared ones. Use mv to make sure the old copy is unlinked instead of overwritten. PR: 273, and probably others... For some reason, the random number support removed the destructor Do not define crypt(). The supported function is DES_crypt() (an des_crypt() when backward compatibility is desired). Please do not use C++ comments in C code. Since crypt() isn't defined anywhere, define it locally in destest.c Add missing LF Use double dashes so makedepend doesn't misunderstand the flags we give it. For 0.9.7 and up, that means util/domd needs to remove those double dashes from the argument list when gcc is used to find the dependencies. Add a few more VxWorks targets. Correct misspelled VXWORKS macros. Add VXWORKS identifying macros to e_os2.h. Add required inclusions and mappings for VxWorks in e_os.h. A few small modifications to make OpenSSL build and work on VxWorks. PR: 253, except for the change that was handled in an earlier commit, and a request for easy build of just parts of OpenSSL. Don't fuss with the demo binaries Change the main Makefile to have "mini-build" targets. PR: 253, last part. Keep the sub_all symbol so all the algorithm Makefiles won't break. Remove redundancy and use the main makefile better Make sure that the 'config' variable is correctly defined and declared for monolithic as well as non-monolithic biuld. More work is probably needed in this area. PR: 144 RFC 2712 redefines the codes for use of Kerberos 5 in SSL/TLS. PR: 189 Typo VMS below version 7 doesn't have strcasecmp, so let's roll our own on VMS. PR: 184 Add a few more target platforms, to see how well the shared library linking works on them. Rhapsody had ftime, Darwin doesn't (any longer?) Move the shared library construction stuff to Makefile.shared, a helper makefile that generalises our way of building shared libraries and is designed to take care of almost anything (I hope). Add a suffix for Darwin's sake, since it seems like .dylib comes after the version in the file name. Fix inconsistencies in the Darwin targets. Add a variant of SHLIB_SOVER without the preceding period. BN_bn2hex() returns "0" instead of "00" for zero. This disrputs the requirement that the serial number always be an even amount of characters. PR: 248 Make sure $fname will not give us any surprises with any funny characters. PR: 256 Make sure it's properly detected when there's no version information at all, and in all other cases, make sure foo.so is linked to foo.so.{soversion}. There may be more than one single quote to fix. PR: 256 make update Add a configuration target for A/UX. PR: 271 Step 2 of move of engines: copy engines to new directory and rename them to be prefixed with e_ instead of hw_. They aren't necessarely hardware engines. The files commited here are exact copies of the corresponding hw_ files found in crypto/engine/. Step 3 of move of engines: copy the corresponding vendor header files. Step 4 of move of engines: Split e.ec into individual files for each engine. Step 5 of move of engines: Add a makefile (and a .cvsignore). That wasn't supposed to be there... Step 6 of move of engines: rename the macro ENGINE_DYNAMIC_SUPPORT to OPENSSL_NO_DYNAMIC_ENGINE and make sure that gets defined unless shared library support has been specifically requested. Typo. Step 7 of move of engines: Engines should not depend on private OpenSSL header files. We didn't copy the cryptodev engine here, darn it! Step 8 of move of engines: Remove the last little quirks. DECIMAL_SIZE is copied from crypto/cryptlib.h. Typo Step 9 of move of engines: rename crypto/engine/hw_cryptodev.c to eng_cryptodev.c. This is an engine that (at least currently) has to be built in. Step 10 of move of engines: Change crypto/engine/Makefile.ssl so we don't build any "built-in" engines in that directory any more, except fo the cryptodev one. Step 11a of move of engines: Time to make the changes to support automatic load of dynamic engines. Unless we don't have shared library support, do not try to load any "built-in" engines except for cryptodev. Step 11b of move of engines: Time to make the changes to support automatic load of dynamic engines. Add functionality to the dynamic engine to handle engine directories and loading from those. This is currently NOT compatible with the use of LD_LIBRARY_PATH and similar environment variables. Step 11c of move of engines: Time to make the changes to support automatic load of dynamic engines. Change the iterator to try to load the requested engine dynamically. The environment variable OPENSSL_ENGINES can be used to override the internal default directory where one can expect to find dynamically loadable engines. Step 12 of move of engines: Time to make the changes to support automatic load of dynamic engines. Make the changes in the main Makefile so the engines are built, but now in the engines/ directory. Step 13 of move of engines: Remove old files. For the platforms where version info is inserted separately into the shared library, set those flags conditionally. Oh, there were *two* places where we needed to protect the file name... And if the path has a space, we definitely need to protect $openssl. make update. Step 14 of move of engines: Final step, document the change. The AES CTR API was buggy, we need to save the encrypted counter as well between calls, or that will be lost if it returned with *num non-zero. Add more commentary. Check that *num is smaller than the block size. Chase down the missing backslashes. Clarify where the engines are by default. Targeting the solaris platform for specific tests. Something is going wrong, and my test engine doesn't show it. The verbosity will be temporary for about a day. Add missing quotes. Make sure test doesn't barf because of missing spaces before the closing ]. Add -lc to the list of libraries we depend upon. Not always necessary, but never hurts. Add needed libraries as per configuration to the list of libraries we depend upon. libs is a timestamp that we don't really need to know about. Complete the VxWorks fix by implementing a NULL RAND_poll() for it. PR: 253 makedepend complains when a header file is included more than once in the same source file. When BN_add_word() reaches top, it shouldn't try to add the the corresponding word, since that word may not be zero. Makefile.shared needs to know how it can reach itself. A much better idea, of course, is not to do a submake at all... Typos. PR: 189 Typos. PR: 189 Eh, -Wl,--whole-archive disappeared from the GNU targets. I've no idea why, but that was definitely wrong... In my extreme debug mode, gcc complains that 'static' doesn't come first. Signal an error if the entered output password didn't match itself. PR: 314 On certain platforms, we redefine certain symbols using macros in apps.h. For those, it's better to include apps.h after the system headers where those symbols may be defined, since there's otherwise a chance that the C compiler will barf when it sees something that looks like this after expansion: There's a name clash between OpenSSL and RSAref. Since this engine handles RSAref data, pretend we don't care for OpenSSL's MD2 and MD5 structures or implementation. Remove all kinds of silly warning For the mkdef.pl to recognise if the "external" engines are inserted into libcrypto, we need the "algorithm" STATIC_ENGINE. make update External engines aren't in crypto/engine/ any more, so don't try to build them there. Make sure toupper() is declared A small detail: since 0.9.7, DH_new_method() and DSA_new_method() don't take an ENGINE* as parameter any more. PR: 156 Revert, that was an incorrect change. PR: 156 The #else part of the conditionals have two statements, so they need to be surrounded with braces, or the surrounding if..else will fail miserably in case the #else part is compiled. synchronise util/libeay.num with the 0.9.7-stable variant (guys, this is something we really need to keep track of!). make update Plug potential memory leak. Identified by Goetz Babin-Ebell New files have appeared, tell VMS. Add the command procedure to build external engines on VMS. Currently, we simply assume that they shall always be built as shareable images. Add all that is needed to build external engines on VMS. Currently, we simply assume that they shall always be built as shareable images. Remove all referenses to RSAref, since that's been gone for more than a year. Depend on OPENSSL_NO_STATIC_ENGINE rather than OPENSSL_NO_DYNAMIC_ENGINE. Make sure to include openssl/opensslconf.h to make sure we get the definition of those macros. Since we're currently assuming VMS can deal with dynamic engines, don't include the static engine entry points in libcrypto.exe. Cosmetic change Off-by-one-error corrected. PR: 235 some people just can't read the instructions Stupid bug fixes. I've forgotten my DCL... Generate openssl.pc so pkg-config can return proper data. PR: 163 Keep on using ${CC}, since gcc may act in disguise. Windows doesn't know sys/file.h -CAcreateserial doesn't take a filename argument. PR: 332 -CAserial does take a filename argument. PR: 332 X509_NAME_cmp() now compares PrintableString and emailAddress with a value of type ia5String correctly. PR: 244 Make the programs link against the static library on MacOS X. PR: 335 Variables on the stack must be initialized or we can't depend on any initial value. For errline/errorline, we did depend on that, erroneously Make the CBC mode od AES accept lengths that aren't multiples of 16. PR: 330 Make it possible to run individual tests even when linked with libcrypto.so and libssl.so Synchronise... Name the flag files correctly. Make internal functions static. When build as dynamic engines, the loading functions should be defined static. Correct support for SunOS 4.1.3_U1. PR: 227 This didn't get to the 0.9.8-dev thread... Merge from 0.9.7-stable. free() -> OPENSSL_free() Constification needed. PR: 241 Handle last lines that aren't properly terminated. PR: 308 Make the Windows test scripts consistent in their echoing When AES is skipped because the option 'no-rijndael' was given, make sure it's skipped from SDIRS as well. The directory 'rijndael' doesn't exist any more, let's check the aes directory instead (this should have been done long ago...). Fix to build better with DJGPP. PR: 338 Cygwin fixes Add a FAQ on how to check the authenticity of the openSSL distribution. PR: 292 It seems like gcc 2.9aix5.1 doesn't do will with optimization level 3. PR: 115 DCL logic bugs fixed. Remove warnings. Add Tandem OSS target. PR: 192 Close the implicitely opened registry key. PR: 264 make update We need to read one more byte of the REQUEST-CERTIFICATE message. PR: 300 Add -Wstrict-prototype and -Wmissing-prototype to my debugging targets Spell prototypes correctly :-). I know ANSI C doesn't like 'long long', and I don't want to see it -Wid-clash-n isn't support in gcc 3, and I get better result from continuously rebuilding on a VMS box. The architecture name is i486, not just 486 A few more Microsoft OIDs added make update Document the change to remove the 'done' flag variable in the OpenSSL_add_all_*() routines Changes to make shared library building and use work better with Cygwin Add the INHIBIT_SYMLINKS flag variable to help Cygwin. Add missing semicolons. Add a comment explaining a bunch of targets without any action lines. WinCE patches Mention ActiveState Perl much earlier in INSTALL.WCE. We don't want TARGETCPU expanded here. I forgot this is compiled in test/, not crypto/ec/... Add the file openssl.pc that I forgot a while ago. Adding openssl.pc to the repository was a mistake, since it's generated. Ignore openssl.pc. This way, there's no risk that I'll add it again :-). Make it possible to build for more than one CPU. Clarify what the CE tests do. A variable of type time_t is supposed to be a time measurement starting at Epoch. offset isn't such a measurement, so let's stop pretend it is. Make sure sysconf exists (it doesn't in the VMS C RTL lesser than version 7). Determine HZ exactly as in apps/speed.c. Add the ASN.1 structures and functions for CertificatePair, which is defined as follows (according to X.509_4thEditionDraftV6.pdf): Document the addition of certificate pairs. Add news items for 0.9.6h and expand on the 0.9.7 news as well. Update STATUS Fix an unsigned/signed mismatch. make update It works on my laptop :-). Mention a current showstopper Typo. OPENSSL_NO_ECDH, not NO_OPENSSL_ECDH Disable this module if OPENSSL_NO_SOCK is defined. Heimdal isn't really supported right now. Say so, and offer a possibility to force the use of Heimdal, and warn if that's used. PR: 346 Small bugfixes to the KSSL implementation. PR: 349 Heimdal isn't really supported right now. Say so, and offer a possibility to force the use of Heimdal, and warn if that's used. PR: 346 The logic in the main signing and verifying functions to check lengths was incorrect. Fortunately, there is a second check that's correct, when adding the pads. PR: 355 I forgot that @ in strings must be escaped in Perl Add OPENSSL_cleanse() to help cleanse memory and avoid certain compiler and linker optimizations. PR: 343 Extra ; removed. Unused variable removed. Cleanse memory using the new OPENSSL_cleanse() function. I've covered all the memset()s I felt safe modifying, but may have missed some. Make sure EXIT() can always be used as one statement. Have all tests use EXIT() to exit rather than exit(), since the latter doesn't always give the expected result on some platforms. A few more memset()s converted to OPENSSL_cleanse(). I *think* I got them all covered by now, bu please, if you find any more, tell me and I'll correct it. PR: 343 Correct some names. Make it so all names mentioned in the NAME section of each manpage becomes a symlink to said manpage. PR: 242 Remove incorrect assert. PR: 360 Redo the VAX assembler version of bn_div_words(). PR: 366 EXIT() needs to be in a function that returns int. Small bugfix: even when r == d, we need to adjust r and q. PR: 366 Through some experimentation and thinking, I think I finally got the proper implementation of bn_div_words() for VAX. Make some names consistent. I think I got it now. Apparently, the case of having to shift down the divisor was a bit more complex than I first saw. The lost bit can't just be discarded, as there are cases where it is important. For example, look at dividing 320000 with 80000 vs. 80001 (all decimals), the difference is crucial. The trick here is to check if that lost bit was 1, and in that case, do the following: define USE_SOCKETS so sys/param.h gets included (and thusly, MAXHOSTNAMELEN gets defined). PR: 371 Windows CE updates, contributed by Steven Reddie Make CRYPTO_cleanse() independent of endianness. EXIT() may mean return(). That's confusing, so let's have it really mean exit() in whatever way works for the intended platform, and define OPENSSL_EXIT() to have the old meaning (the name is of course because it's only used in the openssl program) A gcc 3.0 bug is triggered by our code. Add a section about it in PROBLEMS. PR: 375 Add support for x86_64. PR: 348 DJGPP patches. PR: 347 Correct a few typos that I introduced after applying DJGPP patches. gethostname() is more a BSD feature than an XOPEN one. PR: 379 Do not implement RC4 stuff if RC4 is disabled. Concequently, apply the same rule for SHA stuff. PR: 381 Only check for a result buffer if the allocated string is a prompt string. PR: 381 PR: 381 If an application supports static locks, it MUST support dynamic locks as well to be able to use the CHIL engine. PR: 281 Make sure using SSL_CERT_FILE actually works, and has priority over system defaults. PR: 376 Allow users to modify /MD to /MT. PR: 380 Declare another general file. make update Make sure to implement the cryptodev engine only when /dev/crypto exists. Corrected DJGPP patch SSL_CERT_FILE should be used in place of the system default file, not as a first alternative to try Merge in relevant changes from the OpenSSL 0.9.6h release. Keep STATUS in HEAD up to date. Keep NEWS in HEAD up to date. Apparently, bash is more forgiving than sh. To be backward compatible, don't use ==, use = instead... Some compilers are quite picky about non-void functions that don't return anything. Add a few items I intend to work on for 0.9.8 and on. Forgot one. Implement a stateful variant if the ZLIB compression method. The old stateless variant is kept, but isn't used anywhere. Since it's defined in draft-ietf-tls-compression-04.txt, let's make ZLIB a known compression method, with the identity 1. Since it's defined in draft-ietf-tls-compression-04.txt, let's make ZLIB a known compression method, with the identity 1. Hmm, Geoff's change made things quite interesting. We can now give users the option of disabling deprecated functions, which should of course be reflected in libeay.num and .def files. Quite nice, actually. make update A memset() too many got converted into a OPENSSL_cleanse(). PR: 393 Since HEADER_DES_H has been the protector of des.h since libdes (before SSLeay, maybe?), it's better to have that macro protect the compatibility header des_old.h. In the new des.h, let's use a slightly different protecting macro. Let's not forget the other places where HEADER_DES_H and HEADER_DES_OLD_H were defined. Let's not forget the other places where HEADER_DES_H and HEADER_DES_OLD_H were defined. sk_*_push() returns the number of items on the stack, not the index of the pushed item. The index is the number of items - 1. And if a NULL item was found, actually use it. Finally, provide a little bit of safety in CRYPTO_lock() by asserting the a requested dynamic lock really must exist, instead of just being silent about it In CRYPTO_lock(), check that the application cares about locking (provided callbacks) before attempting to lock. Document the modifications in 0.9.7 that will make the hw_ncipher.c engine work properly even in bad situations. Skip DH-specific tests when no-dh has been configured. PR: 353 I forgot one item I intend to work on. BIO_set_nbio() is enumerated, but not explained. Remove it from enumeration since it's both enumerated and explained in BIO_s_connect.pod. PR: 370 BIO_new_bio_pair() was unnecessarily described in it's own page as well as in BIO_s_bio.pod. The most logical is to move everything needed from BIO_new_bio_pair.pod to BIO_s_bio.pod (including the nice example) and toss BIO_new_bio_pair.pod. I hope I got all the info over properly. PR: 370 OK, there's at least one application author who has provided dynamic locking callbacks Bring des_locl.h at the same level as in the 0.9.7 branch. Don't define macros in terms of asm() when __STRICT_ANSI is defined. Don't define macros in terms of asm() when __STRICT_ANSI is defined. Update the make system for installations: Make sure manual pages are properly linked to on systems that have case insensitive file names, as well as those that do not have symlinks. Incidently, both these cases apply on DOS/Windows... Synchronise with Makefiles. Protect loading routines with a lock. PR: 373 Transfer the Solaris shared library building changes from 0.9.7-stable. Update the current status It was pointed out to me that .pc files are normally stored in ${prefix}/lib/pkgconfig, not ${prefix}/lib/pkginfo. It was pointed out to me that .pc files are normally stored in ${prefix}/lib/pkgconfig, not ${prefix}/lib/pkginfo. If _XOPEN_SOURCE_EXTENDED or _XOPEN_SOURCE are defined, _POSIX_C_SOURCE gets defined in DECC$TYPES.H. If _POSIX_C_SOURCE is defined, certain types do not get defined (u_char, u_int, ...). DECC.H gets included by assert.h and others. Now, in6.h uses the types u_char, u_int and so on, and gets included as part of other header inclusions, and will of course fail because of the missing types. I have no idea what possesed me to compile s_socket.c as POSIXly code. Incidently, it now compiles so much better without _POSIX_C_SOURCE. To avoid any future programming glitches, let's make each and every assignment (modulo those I missed) individual statements. Small tweaks for code consistency. Because the contents of openssl.pc may have to change when a configuration has been performed (and possibly changed), have it depend on Makefile.ssl. We stupidly had a separate LIBKRB5 variable for KRB5 library dependencies, and then didn't support it very well. And that when there already is a useful variable for exactly this kind of thing; EX_LIBS... There was a mixup between INSTALLTOP and OPENSSLDIR... Be consistent with capitalisation of object names. Be consistent with capitalisation of object names. Keep the internal lowercase 'surname', for programmer's sake. Propagate MAKEDEPPROG to the subdirs under crypto/. A little debugging. More accurate comments. Make AES_ENCRYPT and AES_DECRYPT macros instead of static constants. PR: 411 Stop a possible memory leak. (I wonder why s2_connect() handles the initial buffer allocation slightly differently...) PR: 416 Finally, a bn_div_words() in VAX assembler that goes through all tests. PR: 413 All VMS-specific problems have been solved. Confirmed by Mark Daniel Cygwin needs the library locatin for .DLLs to be set in PATH. Unfortunately, the conditional was set to add the library directory to PATH when the platform is NOT Cygwin. Corrected. PR: 404 Updates Avoid double definition of config. PR: 420 Spelling error. This patch was taken from the OpenBSD copy of OpenSSL 0.9.7 beta3 with patches Update our list of implemented and related standards. Update our list of implemented and related standards. Updates Add SPKM among the related stanrds. Can't find the referense to errors on XP with Kerberos Kenneth R. Robinette just told me the latest snapshot works well with MIT Kerberos. Merge from 0.9.7-stable. make update Finally get rid of all the algorithm inclusions that were done from evp.h. make update OS/2 does binary by default, apparently. Reported by Brian Havard . Since we're including Kerberos 5 headers in our exported header files (when OpenSSL is configured to use Kerberos), we'd better tell pkg-config users where they can be found. PR: 421 Merge in changes from 0.9.7-stable. Merge in changes from 0.9.7-stable. It's rather silly to believe we'd release 0.9.7a in 2002 :-). It's even more silly to pretend we know which year 0.9.8 will be released. Make sure the last character of the ASN.1 time string (the 'Z') is copied. PR: 429 Adjust the parameter lists in some not commonly used files. PR: 428 Link engines against libcrypto, even when a TCP/IP implementation is specified... Rijndael should be called AES everywhere gcc wants character constants to be correct. Before this change, the following would happen on Solaris: The naming scheme wasn't quite correct for Cygwin Typos corrected. PR: 445 Make sure everything that may be freed is allocated or initiated. PR: 446 Certain files must be removed before generating them, in case they point into a read-only source tree. PR: 437 Force the removal. PR: 437 When preparing a separate build tree, don't make softlinks to softlinks. Add instructions in INSTALL, for easy access. PR: 437 It's recommended to do 'make clean' after having prepared a new build tree. PR: 437 CFLAG, not CFLAGS Name the flag file correctly Add documentation on how to handle the shared libaries. PR: 423 Double the dollars that are intended for the command line. PR: 423 If the user said 'shared' and we haven't included support for shared libraries, warn him or her. Reminder by Andrew Marlow Add better support for FreeBSD on non-x86 machines. Add specific support for FreeBSD on sparc64. PR: 427 tty_in will never be stderr, so it will always be closed, which means stdin might get closed... Reported by Mark Daniel UI_UTIL_read_pw() misinterpreted the values returned from UI functions. PR: 456 Revert: the names of the cygwin distribution will not be named openssl2-*. Requested by Corinna Vinschen Correct a misleading comment. PR: 456 DJGPP doesn't have DLLs, so skip adding to %PATH% in that environment. PR: 453 Make sure not to declare a clashing read() for DJGPP. PR: 440 Merge from 0.9.7-stable. Correct an example that has a few typos. PR: 458 Extend the HOWTO on creating certificates, and add a HOWTO in creating keys. PR: 422 Add verbosity Fix possible NULL dereferencial. Notified by Verdon Walker make update Add some debugging output. FreeBSD has /dev/crypto as well. PR: 462 make update A few more files to ignore Ingore the correct flag file. Missing 0 broke FreeBSD build. PR: 470 DVCS (see RFC 3029) was missing among the possible purposes. Notified privately to me by Peter Sylvester , one of the authors of said RFC cert_sk isn't always allocated, so freeing it may cause a crash. PR: 481 Fix a memory leak in SSL. PR: 477 Small typo, OENSSL should really be spelled OPENSSL. PR: 476 Add the possibility to build without the ENGINE framework. PR: 287 make update The OPENSSL_NO_ENGINE has small problem: it changes certain structures. That's bad, so let's not check OPENSSL_NO_ENGINE in those places. Fortunately, all the header files where the problem existed include ossl_typ.h, which makes a 'forward declaration' of the ENGINE type. For VC++7 and up, the file is VSVARS32.BAT. PR: 327 The MASM situation is more difficult than described so far. It is part of VC++ 7. PR: 327 The util scripts need to handled no-hw. PR: 327 A few small bugs with BIO popping. PR: 364 Document -engine where missing. PR: 424 We can't say in advance what the argument to BIO_socket_ioctl() should be, so let's make that a void *. Also, BIO_socket_nbio() should send it an int argument, not a long. PR: 457 PKCS#1 has a new RFC, which we do implement Make sure memcpy() is properly declared by including string.h. Adjust DES_cbc_cksum() so the returned value is the same as MIT's mit_des_cbc_cksum(). The difference was first observed, then verified by looking at the MIT source. Oh, the destest program did look at the return value... Another long name to deal with Add full support for -rpath/-R, both in shared libraries and applications, at least on the platforms where it's known how to do it. Make it possible to disable OCSP, the speed application, and the use of sockets. PR: 358 Change no_rmd160 to no_ripemd for consistency. PR: 500 Pay attention to disabled SSL versions. PR: 500 Update linux-mips and linux-mipsel to support threads and shared libraries. I also updated the bn_ops field with values taken from OpenBSD-mips. PR: 498 Handle krb5 libraries separately and make sure only libssl.so depends on it. Add support for IA64. PR: 454 Make the no-err option work properly Borland C++ Builder 5 complains about unreachable statements. Make sure the memory allocation routines check for negative sizes Security fix: Vaudenay timing attack on CBC. An advisory will be posted to the web. Expect a release within the hour. Update release information Allow building applications against static libraries with Makefile.shared. Remove duplication and have clean depend on libclean Add the target linux-ia64-ecc, suggested by Keith Thompson . PR: 516 Shut up an ANSI compiler about uninitialised variables. PR: 517 hinv may generate more than one line (1 line per CPU). PR: 520 Make sure that all the library paths are modified in prepend mode, not replace mode. PR: 528 Spelling errors. PR: 538 Some shells (ksh in this case) don't say 'command not found'. PR: 540 Add documentation for -starttls (s_client) and -id_prefix (s_server). PR: 542 Because it may be needed in public header files, move the definition of OPENSSL_NO_FP_API on existence of OPENSSL_SYS_MSDOS to e_os2.h. Make sure we get the definition of OPENSSL_NO_AES. Make sure we get the definition of OPENSSL_NO_BIO and OPENSSL_NO_RSA. Make sure we get the definition of OPENSSL_NO_BF. Make sure we get the definition of OPENSSL_NO_FP_API. Make sure we get the definition of OPENSSL_NO_SOCK. Make sure we get the definition of OPENSSL_NO_ERR. Make sure we get the definition of OPENSSL_NO_CAST. Make sure we get the definition of OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG and OPENSSL_NO_DESCBCM. Make sure we get the definition of OPENSSL_NO_DH. Make sure we get the definition of OPENSSL_NO_DSA and OPENSSL_NO_SHA. Make sure we get the definition of OPENSSL_NO_EC. Make sure we get the definition of OPENSSL_NO_ECDH. Make sure we get the definition of OPENSSL_NO_ECDSA. Make sure we get the definition of OPENSSL_NO_HMAC. Make sure we get the definition of OPENSSL_NO_IDEA and IDEA_INT. Make sure we get the definition of OPENSSL_NO_FP_API. Make sure we get the definition of OPENSSL_NO_MD2. Include e_os.h correctly. Make sure we get the definition of OPENSSL_NO_BIO. Make sure we get the definition of a number of OPENSSL_NO_* macros. Make sure we get the definition of OPENSSL_NO_AES. Make sure we get the definition of OPENSSL_NO_BF. Make sure we get the definition of OPENSSL_NO_CAST. Make sure we get the definition of OPENSSL_NO_IDEA. Make sure we get the definition of OPENSSL_NO_RC2. Make sure we get the definition of OPENSSL_NO_RC4. Make sure we get the definition of OPENSSL_NO_RC5. Make sure we get the definition of OPENSSL_NO_DES. Make sure we get the definition of OPENSSL_NO_MD2. Make sure we get the definition of OPENSSL_NO_MD4. Make sure we get the definition of OPENSSL_NO_MD5. Make sure we get the definition of OPENSSL_NO_MDC2. Make sure we get the definition of OPENSSL_NO_RIPEMD. Make sure we get the definition of OPENSSL_NO_SHA. Make sure we get the definition of OPENSSL_NO_HMAC and OPENSSL_NO_SHA. Make sure we get the definition of OPENSSL_NO_RSA. Sometimes, we have partial comments on the same line as other stuff we parse. Make sure to read in the whole comment, so it can be entirely removed. Don't put configuration macro definitions on the command line, we're just fooling ourselves and then screwing up for other applications. make update Make sure to declare mem*() properly. Define COMP method function prototypes properly. To define OPENSSL_NO_FP_API for all MSDOS type targets was unfair against DJGPP, and much more restricted than previous definitions. Missed a few dollars. PR: 528 Let's limit the extent of the definition of _XOPEN_SOURCE. Update VMS building system OpenUNIX 8 has some problems using -G with gcc. Maybe using gnu-shared works better (will be tested tonight). Add usage string for -fingerprint. PR: 560 Don't feil when indent is 0. PR: 559 No need to test -setalias twice. PR: 556 It seems like gcc-drivven shared library building on OpenUnix 8 requires -shared rather than -G. Make it possible to have multiple active certificates with the same subject. Conditionalise all debug strings. Reset the version number of the issuer certificate? I believe this hasn't been tested in a long while... Remove unused variable. Reindent for readability. Don't try to free NULL values... Typo correction It's recommended to use req rather than x509 to create self-signed certificates Add functionality to help making self-signed certificate. Implement self-signing in 'openssl ca'. This makes it easier to have the CA certificate part of the CA database, and combined with 'unique_subject=no', it should make operations like CA certificate roll-over easier. Add a CA section, to make sure the test will work with the changes in CA.sh. One more debug line to conditionalise. Counter for GCC attributes. Add GCC attributes when compiled with gcc. This helps find out if we're using the printing functions correctly or not. Make %p and %# work properly, at least with pointers and floats. Correct a lot of printing calls. Remove extra arguments... There's no need to check for __attribute__ with ANSI functions, since we only check to the opening parenthesis anyway... make update Add documentation on the added functionality in 'openssl ca'. Convert save_serial() to work like save_index(), and add a rotate_serial() that works like rotate_index(). Do not call ENGINE_setup_bsd_cryptodev() when OPENSSL_NO_ENGINE is defined. PR: 564 Constify Correct a typo. Have EVP_PKEY_cmp() call EVP_PKEY_cmp_parameters(), and make a note about the lack of parameter comparison for EC. What was I smoking? EVP_PKEY_cmp() should return with 0 if EVP_PKEY_cmp_parameters() returned 0, otherwise it should go on processing the public key component. Thia has nothing to do with the proper handling of EC parameters or not. RSA_FLAG_SIGN_VER indicates the special rsa_sign and rsa_verify function pointers should be used. It doesn't necessarely mean it should go through the ENGINE framework. We seem to carry some rests of the 0.9.6 [engine] ENGINE framework in form of unneeded includes of openssl/engine.h. We seem to carry some rests of the 0.9.6 [engine] ENGINE framework, here in form of unneeded direct calls through the engine pointer.. It seems like OpenUnix's ld uses LD_LIBRARY_PATH to search for libraries. What's worse, the directories given in LD_LIBRARY_PATH are checked first! Therefore, we need a hack to prepend all the directories we give with -L to the current value of LD_LIBRARY_PATH, thereby temporarly forming a hacked value. I forgot to continuation mark. A single quote too many. Correct a few typos. Include rand.h, so RAND_status() and friends get properly declared. Explicitely tell the compiler we're mips3 for the target irix-mips3-cc. There's a problem building shared libraries on the sco5-gcc target. However, it's time for a release, so I'm just adding an enty in PROBLEMS, and will hopefully solve this for a later release Remove all those infernal stupid CR characters New NEWS make update Add the 0.9.6j news. Memory leak fix: local blinding structure not freed in rsa_eay_private_decrypt() Memory leak fix: RSA_blinding_on() didn't free Ai under certain circumstances. Memory leak fix: RSA_blinding_on() would leave a dangling pointer in rsa->blinding under certain circumstances. Double definition fix: RSA_FLAG_NO_BLINDING was defined twice. Make it possible to affect the extension of man pages. PR: 578 Add an extended variant of OBJ_bsearch() that can be given a few flags. Add an extended variant of sk_find() which returns a non-NULL pointer even if an exact match wasn't found. Correct documentation. sk_find_ex() doesn't return a pointer, it returns an index. Some variables were uninitialised... Include objects.h to get a correct declaration of OBJ_bsearch_ex(), not to mention the OBJ_BSEARCH_* macros. make update Add BUF_strndup() and BUF_memdup(). Not currently used, but I've code that uses them that I'll commit in a few days. make update Define the OPENSSL_ITEM structure. Define a STORE lock (the STORE type will be committed later). Define a STORE type. For documentation, read the entry in CHANGES, crypto/store/README, crypto/store/store.h and crypto/store/str_locl.h. Add STORE support in ENGINE. make update Provide some extra comments about the STORE_Memory STORE method. Get the year right... STORE was created 2003, darnit! It's usually best if the function name matches everywhere... Yeah, right, an object file ending with .c, that'll work! Constify RSA_sign() and RSA_verify(). PR: 602 Add the possibility to store arbitrary data in a STORE. Suggested by G??tz Babin-Ebell . DO NOT constify RSA* in RSA_sign() and RSA_verify(), since there are function called downstream that need it to be non-const. The fact that the RSA_METHOD functions take the RSA* as a const doesn't matter, it just expresses that *they* won't touch it. PR: 602 /usr/lib/pkgconfig/openssl.pc was never installed in the RPM. Notified by Bennett Todd . Add the possibility to hand execution parameters (for example authentication material) to the STORE functions. Suggested by G??tz Babin-Ebell . Define the two authentication parameter types for passphrase and Kerberos 5 authentications. Remove certain functions Make the function STORE_new_engine() public. Some misspelled function names. Misspelled functions. make update I don't remember what my thinking was with str_compat.h. Maybe it'll come back to me... I have no idea how I cut away that piece of text... Make sure EC_window_bits_for_scalar_size() returns a size_t Correct signedness Fix sign bugs. PR: 621 Brackets are now allowed, after a small hack in the processing of the docs-on-web. Make sure to compare unsigned against unsigned. PR: 630 Have ASFLAGS be defined the same way as CFLAGS Include openssl/e_os.h so OPENSSL_SYSNAME_ULTRASPARC and other configuration macros get properly defined. Make sure debug-solaris-sparcv9-gcc is consistent with solaris-sparcv9-gcc. Make sure that size_t matches size_t. Make sure the function definitions match their declaration. Remove extra ; Make sure the sigaction structure and fileno function are properly declared with an ANSI compiler on Solaris (and possibly others). Typo The output from AES_cbc_encrypt() should be exact multiple blocks when encrypting Document the AES_cbc_encrypt() change Add crypto/store to the directories to look through. Make sure to NUL-terminate the string on end-of-file (and error) PR: 643 Handle des_modes.pod properly. PR: 634 Add functionality to set marks on the error stack and to pop all errors to the next mark. Add documentation for ERR_set_mark() and ERR_pop_to_mark(). Add an entry for X509_TRUST_OBJECT_SIGN in trstandard[]. PR: 617 Remove unused variable Avoid warnings saying that the format takes a void*. make update Add the possibility to have symbols loaded globally with DSO. Typo. PR: 593 Make sure DSO-dlfcn works properly on SunOS4. PR: 585 Make sure ssize_t is defined on SunOS4. PR: 585 Do not try to use non-existent gmtime_r() on SunOS4. PR: 585 Typo. PR: 584 Beautify Slightly better check of attributes. Now, mem_list_next can actually stop when the searched for key doesn't have it's attributes within the range of the checked key. Missing string and potential memory leaks. Notified by Goetz Babin-Ebell Add the application data type to the README. EXIT() should mainly be exit(n), not return(n). OPENSSL_EXIT() will take care of returning if necessary. Unsigned vs. signed fixed. dynamic_ctrl() didn't have exactly the same prototype as defined by ENGINE_CTRL_FUNC_PTR. Implement CRL numbers. Contributed in whole by Laurent Genier PR: 644 Typo. Add documentation for the new crlnumber configuration option. We set the export flag for 512 *bit* keys, not 512 *byte* ones. PR: 587 Prepare for changes in the 0.9.6 branch Prepare for changes in the 0.9.6 branch Document the last change. PR: 587 make update Make sure the compiler knows we run with pedantic settings. The definition of dynamic_ctrl() should change along with the declaration :-). Scan through the engines directory as well. Conform with the standard prototype for engine control functions. "Remove" unused variable Implement missing functions. Have the f parameter to _ctrl functions have the prototype (*)(void) rather than (*)(), for the sake of C++ compilers. Disable unimplemented functionality. make update Nils Larsch told me I could remove that variable entirely. Only remove old files if they exist. [Maing32]. Notified by Michael Gerdau Change AES-CTR to increment the IV by 1 instead of 2^64. The 'counter' is really the IV. The convenience argumetn for -nameopt and -certopt is ca_default, not default_ca. PR: 653 Add -issuer_hash and make -subject_hash the default way to get the subject hash, with -hash a synonym kept around for backward compatibility reasons. PR: 650 Oops, I forgot to replace 'counter' with 'ivec' when used... The counter is big-endian. Since it comes as an array of char, there's absolutely no need to special-case it on little-endian machines. Make sure openssl.pc is readable by everyone. PR: 654 Replace CCITT with ITU-T. Keep CCITT around as an alias. make update A document that has a very rough description of the X509 functionality. This is mostly so there's a way to get from the crypto.html page to the function descriptions. Inclusion of openssl/engine.h should always be wrapped with a check that OPENSSL_NO_ENGINE is not defined. Correct two problems, found by Martin Kochanski : Generalise the definition of strcasecmp() and strncasecmp() for platforms that don't (necessarely) have it. In the case of VMS, this means moving a couple of functions from apps/ to crypto/ and make them general (although only used privately). Add necessary changes to be able to build on VxWorks for PPC860. Contributed by Bob Bradley Free the Kerberos context upon freeing the SSL. Contributed by Andrew Mann Correct small documentation error. PR: 698 Include the instance in the Kerberos ticket information. In s_server, print the received Kerberos information. PR: 693 Have ssl3_send_certificate_request() change the state to SSL3_ST_SW_CERT_REQ_B. PR: 680 Have ssl3_ssl3_send_client_verify() change the state to SSL3_ST_SW_CERT_VRFY_B. PR: 679 Add reference counting around the thread state hash table. Unfortunately, this means that the dynamic ENGINE version just went up, and isn't backward compatible. PR: 678 Selected changes for MSDOS, contributed by Gisle Vanem . PR: 669 Make MD5 assembler code able to handle messages larger than 2GB on 32-bit systems and above. PR: 664 Change the indentation from 12 to indent+4. PR: 657 Uhmm, It seem to have forgotten one file when I committed the MSDOS change yesterday. PR: 669 Synchronise util/libeay.num with the 0.9.7-stable one. make update Further VxWorks changes from Bob Bradley , this time involving VxWorks on MIPS Correct buggy PODs (missing commas and a prepended space). Correct incorrect mode bits change. Use correct case for manual page references Avoid 'file names' with spaces Remove leading and trailing spaces and tabs Corrected misplacement of one of the greps... Include e_os.h to get a proper definition of memmove on the platforms that do not have it. Correct a mixup of return values Check for errors from SSL_COMP_add_compression_method(). Notified by Andrew Marlow Remove unused code, don't use zlib functions that are really macros and provide missing prototypes. Setting the ex_data index is unsafe in a threaded environment, so let's wrap it with a lock. Make sure int SSL_COMP_add_compression_method() checks if a certain compression identity is already present among the registered compression methods, and if so, reject the addition request. Add functionality to get information on compression methods (not quite complete). s_client should inform the user of any compression/expansion methods used. make update In realloc, don't destroy the old memory area if a new one couldn't be allocated. Notified by Daniel Lucq The object file is o_str.o, not o_str.c. Correct serious bug in AES-CBC decryption when the message length isn't a multiple of AES_BLOCK_SIZE. Optimize decryption of all complete blocks in AES-CBC by removing an unnecessary memcpy(). Removing those memcpy()s also took away the possibility for in and out to be the same. Therefore, the removed memcpy()s need to be restored. Let exit codes propagate from within for loops. Engines are usually binary, and should therefore be in INSTALLTOP rather than OPENSSLDIR. Less restrictive debugging build. Change my debugging entries to do fierce BIGNUM debugging. Netware-specific changes, Allow multi-valued rdns in subjects. This adds the -multivalue-rdn option to 'openssl req' and 'openssl ca'. Move do_subject() to apps.c and rename it to parse_name(). The rationale behind the move is that it's use by several applications. The rationale behind the name change is that it describes what the function does a bit better. Forgot to change the declaration of do_subject() to one of parse_name()... Let's use text/plain in the example instead of crapy HTML. PR: 777 Submitted by: Michael Shields Move another common functionality (reproduced so far with cut'n'paste) to apps.c, and give it the hopefully descriptive name parse_yesno(). Make a number of changes to the OS/2 build. Submitter's comment below. 1024 is the export key bits limit according to current regulations, not 512. PR: 771 Submitted by: c zhang RSA_size() and DH_size() return the amount of bytes in a key, and we compared it to the amount of bits required... PR: 770 Submitted by: c zhang Damnit, I'm sick of having to do something special every time a module that gets built before objects barfs all over the place because it uses a new NID that hasn't had a chance of getting defined yet (in this case, it was about a couple of new EC curves, and therefore a couple of new corresponding NIDs). Add IPSec/IKE/Oakley curves. We're getting a clash with C++ because it has a type called 'list'. Therefore, change all instances of the symbol 'list' to something else. Make sure the documentation matches reality. CRYPTO_malloc(), CRYPTO_realloc() and variants of them should return NULL if the give size is 0. Check that OPENSSL_malloc() really returned some memory. It was pointed out to me that if the requested size is 0, we shouldn't ty to allocate anything at all. This will allow eNULL to still work. Document that you need to include x509.h (to get [i2d|d2i]_DSA_PUBKEY()). Correct the typo PUKEY... Document that you need to include x509.h (to get [i2d|d2i]_RSA_PUBKEY()). Correct the typo PUKEY... To figure out if we're going outside the buffer, use the size of the buffer, not the size of the integer used to index in said buffer. Add a newline at the end of the last line. This is part of a large change submitted by Markus Friedl Use BUF_strlcpy() instead of strcpy(). Use BUF_strlcat() instead of strcat(). Use BIO_snprintf() instead of sprintf(). In some cases, keep better track of buffer lengths. This is part of a large change submitted by Markus Friedl Include strings.h so strcasecmp() and strncasecmp() get properly declared. Use sh explicitely to run point.sh This is part of a large change submitted by Markus Friedl OpenBSD-internal changes. This is part of a large change submitted by Markus Friedl Correct documentation typos. This is part of a large change submitted by Markus Friedl Check if a random "file" is really a device file, and treat it specially if it is. Add a few OpenBSD-specific cases. This is part of a large change submitted by Markus Friedl Only use environment variables if uid and gid are the same as euid and egid. This is part of a large change submitted by Markus Friedl Avoid including cryptlib.h, it's not really needed. Check if IDEA is being built or not. This is part of a large change submitted by Markus Friedl Fix Perl problems on sparc64. This is part of a large change submitted by Markus Friedl Adding a slash between the directoryt and the file is a problem with VMS. The C RTL can handle it well if the "directory" is a logical name with no colon, therefore ending being 'logname/file'. However, if the given logical names actually has a colon, or if you use a full VMS-syntax directory, you end up with 'logname:/file' or 'dev:[dir1.dir2]/file', and that isn't handled in any good way. Typo... We're passed p, so let's use p instead of making assumptions. S_IFBLK and S_IFCHR may not exist in some places (like Windows), so let's check for those macros, and if they aren't defined, let's assume there aren't Unixly devices on this platform. Avoid signed vs. unsigned warnings (which are treated like errors on Windows). Unsigned vs. signed problem removed make update Add the missing parts for DES CFB1 and CFB8. Add the corresponding AES parts while I'm at it. make update make update In the development branch, it feels quite all right to warn on a lot more stuff. Typo -Wtraditional was a little too much... Remove typos Document the AES options for 'openssl smime'. PR: 834 Make sure the given EVP_PKEY is updated in the PEM_STRING_PKCS8INF case also. PR: 833 AES is spelled AES, not ASE. Oops... Avoid a memory leak in OCSP_parse_url(). Notified by Paul Siegel Make our page with pointers to binary distributions visible in the FAQ Make sure we use unsigned constants, or come compilers may complain. Make sure that the last argument to RAND_add() is a float, or some compilers may complain. It was just pointed out to me that it's better to cast to double... Constify d2i, s2i, c2i and r2i functions and other associated functions and macros. Make sure fd is defined where it should. PR: 849 Remove a warning for conversion double->long. This has impacts on Windows. PR: 849 Change \t to real tab in echo argument. PR: 847 Correct minor spelling error. PR: 845 Sync the VMS build with Unix. make update Make it clear that for RSA_NO_PADDING, flen must be RSA_size(rsa) Make sure toupper() is properly declared. Typo... o_str.h isn't a public header file. o_str.h isn't a public header file, so make sure it will still be included. Add store.h among the exported headers on VMS. Only build the PKCS#7 test applications if "pkcs7" is present in SDIRS. Make it easier to buld test applications... Correct constness problems. Don't define fd for platforms that do not use it, as some may not declare fileno() properly RAND_add() wants a double as it's last argument. A couple more cases where RAND_add() gets an integer instead of a doule as last argument. Make prototypes for some callback pointers. Change spaces to symbols in names. PR: 856 Wrap code starting with a definition. PR: 854 Move the definition of Win32_rename(), since the macro rename gets undefined in the middle of the code on Windows, and that disrupts operations in functions later that use rename()... PR: 853 SSL_COMP_get_compression_method is a typo (a missing 's' at the end of the symbol name). Add symbol hacks for some long names. make update Print the debug thingies on stderr instead of stdout. If for nothing else then at least so bc doesn't have problems parsing the output from bntest :-). Whooaaaaa, the BN_CTX_DEBUG macro really produces output these days... A little too much for my tests, currently... When the pointer 'from' changes, it's stored length needs to change as well. Remove the creation of $(INSTALL_PREFIX)$(OPENSSLDIR)/lib, since we don't use it. Let's make life easier and have the VMS version of the configuration be generated from the Unixly configuration file. make update Synchronise o_str.c between 0.9.8-dev and 0.9.7-stable. Reimplement old functions, so older software that link to libcrypto don't crash and burn. X509_policy_lib_init is declared but not defined, so it raises havoc when trying to build a shared library on VMS or Windows... Move some COMP functions to be inside the #ifndef OPENSSL_NO_COMP wrapping preprocessor directive. This also removes a duplicate declaration. make update Synchronise VMS with the Unixly Malefiles. Since num is now a size_t, it's not necssary to check for less than 0, AND it avoids warnings on certain systems. SHA224_Update() and SHA224_Final() aren't implemented, and since SHA224() uses SHA256_Update() and SHA256_Final() instead, let's just create aliases in form of macros. make update Typo, setting the first element of nids[] to NULL instead of setting *cnids. Making some values explicitely unsigned was derived from ongoing work that isn't yet committed. It wasn't meant to be committed already, so I'm removing it for now. Linux on ARM needs -ldl PR: 905 NetWare fixes provided by Verdon Walker for OpenSSL 0.9.8-dev. The changes have been mailed to as well. Make sure that the buffers are large enough to contain padding. PR: 904 Make the tests of EVP operations without padding. As a consequence, there's no need for a larger BUFSIZE any more... Changes for VOS, submitted by Paul Green . Explain a little better what BN_num_bits() and BN_num_bits_word() do. Add a note as to how these functions do not always return the key size, and how one can deal with that. o_str.c: Windows doesn't have , and since we use _strnicmp() and _stricmp() on that platform, use the appropriate header file for it, . o_str.h: we only want to get size_t, which is defined in . Copy a few files from LPlib (a new project of mine), add a wrapper. Now we have directory reading capabilities for VMS as well, and all of it in a fairly general manner. Use the new directory reading functions. make update In some cases, EVMSERR isn't visible (that's fairly new...). o_dir needs to be compiler with the warnings about dollar signs in identities disabled. 'SSL_add_dir_cert_subjects_to_stack' is longer than 31 characters. Lucky me, I had prepared for this :-). Some test programs in crypto/sha were named differently than usual... Because it's one of our libraries calling new functions in the other, we need to have them among the symbols that should appear in the transfer table, at least on VMS (and it wouldn't surprise me if Windows would whine as well). make update I think it could be a good thing to know what went wrong with the tests... Since version 7.0, The C RTL in VMS handles time in terms of UTC instead of local time. Imported from LPlib, making sure the entry name (at least on Unix) is NUL-teminated at all times, and that we don't make unneeded calls to free(). From LPlib: From LPlib: From LPlib: From LPlib: The compiler may complain about what looks like a double definition of a static variable We build the crypto stuff, not the ssl stuff, in this command procedure... DJGPP has opendir() and friends, according to Gisle Vanem . Stupid casts... Basically, I wanted to be able to make a dump to a FILE*, and not have to bother creating a BIO around it. So here's a few more functions to make it possible to make the dump using a printing callback, and to print to a FILE* (based on the callback variant), done in the same style as the functions in crypto/err/err_prn.c. On systems that use case-insensitive symbol names (i.e. they're all converted to upper case or something like that), the application- level bio_dump_cb() has a name clash with the new library function BIO_dump_cb(). The easiest fix is to rename the function at the application level. 'compatibility', not 'computability' :-)... Another symbol longer than 31 characters... Synchronise VMS build files with Unixly Makefiles. make update Synchronise with Unix build. - There's no more need for the snprintf macro. - Move the inclusion of malloc.h until after all other includes, so we can do proper tests of system macros. - Make sure the correct header file is included to get the builtin "alloca" under VMS, and define a macro to map the symbol 'alloca' to it. Import changed files from LPlib. The changes are logged as follows for LPdir_unix.c in LPlib. For the other files, only the last log entry applies. Move the declaration of alloca() so it's ony declared when really necessary. usr/doc has recently changed to usr/share/doc on Cygwin. Notified by Corinna Vinschen Because libraries on Windows lack useful version information, the zlib guys had to change the name to differentiate with older versions when a backward incompatibility came up. Of course, we need to adapt. This change simply tries to load the library through the newer name (ZLIB1) first, and if that fails, it tries the good old ZLIB. Make sure memmove() is defined, even on SunOS 4.1.4. PR: 963 Because -rpath/-R may have been used, our settings of LD_LIBRARY_PATH and friends may be entirely useless. In such a case, LD_PRELOAD is the answer, at least on platforms using LD_LIBRARY_PATH. There might be other variables to set on other platforms, please fill us in... Don't use $(EXHEADER) directly in for loops, as most shells will break if $(EXHEADER) is empty. Make sure LD_PRELOAD is only set when we build shared libraries (and therefore link with them). Add LD_PRELOAD setting code where it was still missing. Some find it confusing that environment variables are set when shared libraries aren't built or used. I can see the point, so I'm reorganising a little for clarity. Whoops, syntactic mistake... Cut'n'paste mistake. All tested OK now... Make an explicit check during certificate validation to see that the CA setting in each certificate on the chain is correct. As a side- effect always do the following basic checks on extensions, not just when there's an associated purpose to the check: - if there is an unhandled critical extension (unless the user has chosen to ignore this fault) - if the path length has been exceeded (if one is set at all) - that certain extensions fit the associated purpose (if one has been given) Document the change. Split X509_check_ca() into a small self and an internal function check_ca(), to resolve constness issue. check_ca() is called from the purpose checkers instead of X509_check_ca(), since the stuff done by the latter (except for calling check_ca()) is also done by X509_check_purpose(). Propagate a few more variables to Makefile.shared when linking programs. Change libeay.num so it's synchronised with additions in 0.9.7-stable. make update make update (oops, missed this file) Add functionality needed to process proxy certificates. Forgot to synchronise the VMS build scripts. iv needs to be const because it sometimes takes it's value from a const. Correct a faulty address assignment, and add a length check (not really needed now, but may be needed in the future, who knows?). Small typo, `mask' got the same value ORed to it twice instead of `mask' and `emask' getting that operation done once each. Changes concering RFC 3820 (proxy certificates) integration: Small thing. It seems like we have to defined _XOPEN_SOURCE to get isascii() on DEC/Compaq/HP C for VMS. Apparently, at least with my VMS C environment, defining _XOPEN_SOURCE gets _POSIX_C_SOURC and _ANSI_C_SOURCE defined, which stops u_int from being defined, and that breaks havock into the rest of the standard headers... *sigh* The mix of CFLAGS and LDFLAGS is a bit confusing in my opinion, and Makefile.shared was a bit overcomplicated. Get rid if the annoying warning Check for errors from EVP_VerifyInit_ex(), or EVP_VerifyUpdate might cause a segfault... This was uncovered because EVP_VerifyInit() may fail in FIPS mode if the wrong algorithm is chosen... Oops, == should really be = when used with test ([ and ]). The first argument to load_iv should really be a char ** instead of an unsigned char **, since it points at text. Added HOWTO about proxy certificates. There are cases when there are no files left to verify. Make sure to handle that properly. Change the memory leak FAQ entry to describe the levels of thread safety in each function Add a file with fingerprints that have recently been used to sign OpenSSL distributions, or are about to. This has been requested a little now and then by users, for years :-/... Added restrictions on the use of proxy certificates, as they may pose a security threat on unexpecting applications. Document and test. Add emacs cache files to .cvsignore. Add a NEWS item for 0.9.7g. Synchronise with ec/Makefile. Avoid compiler complaint about mismatched function signatures (void * != RSA *) Type mismatch detected by DEC C compiler. void* != void** Resolve signed vs. unsigned. Avoid compiler complaint about mismatched function signatures (void * != char *) signed vs. unsigned. Make sure id2_func is properly cast as well... signed vs. unsigned. Provide a default OPENSSL_ia32cap_loc for non-Intel platforms where util/libeay.num is important when building shared libraries, like VMS. Synchronise with Unix build system. From branch OpenSSL_0_9_7-stable, revision 1.1.4.1, 2002-05-23 17:25: Remove a bunch of false positives, fix one true positive. From branch OpenSSL_0_9_7-stable, 2002-11-13 15:30: Remove a bunch of false positives, and fix some true positives. This one deserves a note. In the change to CHANGES, there's the following: All kinds of changes from branch OpenSSL_0_9_7-stable From branch OpenSSL_0_9_7-stable, 2004-08-11 22:34: From branch OpenSSL_0_9_7-stable, 2004-09-11 11:45: Some true positives fixed, toss some false positives. A few more fingerprints... Actually, C on VMS/Alpha knows very well what a long long is, and knows how to make use of it. So let's stop pretending the Alpha doesn't know long long... Since BN_LLONG will only be defined for Alpha/VMS and not VAX/VMS, there's no need to undefine it here. Then, let's get a bit paranoid and not define BN_ULLONG on THIRTY_TWO_BIT machines when BN_LLONG isn't defined. I was incorrect about VMS/Alpha. Defining BN_LLONG with SIXTY_FOUR_BIT could cause havoc, so don't (it's lucky bn.h undefines BN_LLONG when SIXTY_FOUR_BIT is defined). I just branched 0.9.8, so HEAD needs to be bumped to 0.9.9-dev. Version changes where needed. Update status information Patches for Cygwin, provided by Corinna Vinschen When _XOPEN_SOURCE is defined, make sure it's defined to 500. Required in http://www.opengroup.org/onlinepubs/007908799/xsh/compilation.html. DEC C complains about bad subscript, but we know better, so let's shut it up. Typo correction It seems like mkdef.pl couldn't quite understand that #ifdef OPENSSL_NO_SHA512 was still active when it came down to the functions. mkdef.pl should really be corrected, but that'll be another day... Typo We have some source with \r\n as line ends. DEC C informs about that, and I really can't be bothered... Change all relevant occurences of 'ncipher' to 'chil'. That's what nCipher always wanted... Synchronise with Unixly build pqueue and dtls uses 64-bit values. Unfortunately, OpenSSL doesn't have a uniform representation for those over all architectures, so a little bit of hackery is needed. DJGPP changes. Contributed by Doug Kaufman Merge in the new news from 0.9.8-stable. Merge from 0.9.8-stable. Synchronise more with the Unix build. Synchronise yet a little more with the Unixly build From 0.9.8-stable: The macro THREADS was changed to OPENSSL_THREADS a long time ago. Updated support for NetWare, submitted by Verdon Walker . Old typo... Add support for the new Intel compiler, icc. Submitted by Keith Thompson Correct typo ia64.o -> bn-ia64.o. gcc 2.95.3 on Ultrix supports long long. Change pq_compat.h to trust the macros defined by bn.h a bit more, and thereby provide better generic support for environments that do not have 64-bit integers. Among others, this should solve PR 1086 Remove the incorrect installation of '%{openssldir}/lib'. Document the change and update the version number (d'oh!). Further change pq_compat.h to generate the flag macros PQ_64BIT_IS_INTEGER and PQ_64BIT_IS_BIGNUM with the values 0 (for false) and 1 (for true), depending on which is true. Use those flags everywhere else to provide the correct implementation for handling certain operations in q PQ_64BIT. Update from 0.9.8-stable. _GNU_SOURCE needs to be defined before any standard header. Skipping all tests just because one algorithm is disabled seems a bit harsch. Pass INSTALL_PREFIX in BUILDENV. Avoid endless loops. Really, we were using the same variable for two different conditions... When the return type of the function is int, it's better to return an in than NULL, especially when an error is signalled with a negative value. Show what the offending target was. Netware patch submitted by Verdon Walker" in PR 1107. He says: Status update 0.9.8-beta5 works on VMS/Alpha 0.9.8-beta5 works on Cygwin 0.9.8-beta5 works on SuSE 9.3 Data about which Cygwin versions 0.9.8-beta5 work on 0.9.8-beta5 works on Gentoo/arml but not /armb, and works on Linux AMD64 Do not undefine _XOPEN_SOURCE. This is currently experimental, and will be firmed up as soon as it's been verified not to break anything. Have pod2man.pl accept '=for comment ...' before the '=head1 NAME' line. Only define ZLIB_SHARED if it hasn't already been defined (on the command line, for example). Move the definition of DEVRANDOM for DJGPP from Configure to e_os.h. That should solve the issues with propagating it through the Makefiles. Add better documentation on how id_function() should be defined and what issues there are. Undefine DECRANDOM before redefining it. With DJGPP, it seems like the return code from grep, even when in the middle of a pipe, is noted. Counter that by forcing a true return code when the return code has no importance. Add crypto/bn/bn_prime.h to the collection of generated files. In the update target, place the dependency on depend last, so all necessary files are generated *before* the dependencies are figured out. Check for 'usage' and 'Usage'. Submitted by Tim Rice . His comment is: Do no try to pretend we're at the end of anything unless we're at the end of a 4-character block. Strip the engine shared libraries as well. Change dir_ctrl to check for the environment variable before using the default directory instead of the other way around. Configure update for Stratus VOS. Update for Stratus VOS. DCC doesn't like argument names in returned function pointers. The NAME section of a man page is required to have a dash followed by a short description, at least according to pod2man. Initialise dir to avoid a compiler warning. Do not defined des_crypt(), since it clashes with Solaris crypt.h. Wrap the inclusion of openssl/engine.h with a protective check for the absence of OPENSSL_NO_ENGINE. Wrap the inclusion of openssl/engine.h with a protective check for the absence of OPENSSL_NO_ENGINE. Someone did some cutting and pasting and didn't quite finish the job :-). Updated status from 0.9.8-stable. There are a few showstoppers. Unfortunately, I only remember one. Please fill this in. asn1parse doesn't support any TXT format, so let's stop pretending it does. Actually, the 64bit format specifier differs between SIXTY_FOUR_BIT and SIXTY_FOUR_BIT_LONG The private key should never have ended up in newreq.pem. Now, it ends up in newkey.pem instead. Add libcrypto.pc and libssl.pc, and install them along with openssl.pc. Changes from the 0.9.8 branch. Changes from the 0.9.8 branch. On case insensitive systems, 'install' gets mixed up with the existing file 'INSTALL', so we need to put some force into installing I'm reversing this change, as it seems the error is somewhere else. bytes_to_long_long isn't used anywhere any more, so let's remove it entirely. Synchronise with Unix changes. More synchronisation with the Unixly build. Last synchronisationn with Unixly build. I hope... Synchronise with Unixly build. Synchronise VMS build with Unixly build. Remove warnings about signed vs. unsigned... Change a comment so it corresponds to reality. Put back a character that was previously replaced with a NUL for parsing purposes. This seems to fix a very weird parsing bug involving two variable references in the same value. Renumber to follow what happens with 0.9.8. Add in CHANGES for 0.9.7i. A slight change in documentation that makes it so much more comprehensible Fix numerous bugs in the Win32 path splitter Document it Synchronise with the Unix build. When using POSIXly functions, we need to define _POSIX_C_SOURCE, at least when the source is compiled with ANSI settings. Build Whirlpool on VMS as well Whirlpool was added to EVP, so let's build it on VMS as well. wq instead of wp? That's gotta be among the more amazing typos I've made... Whoops, we were copying instead of comparing at the end of trying to find a queue element. Missing files in the VMS installation Fix signed/unsigned char clashes. The VMS I run on doesn't know socklen_t and uses size_t instead. Disable the Mixed Linkage warning for some selected modules. This is because the Compaq C compiler will not accept that a variable be declared extern then defined static without a warning. Typo... Forgot to initialize CC6DISABLEWARNINGS properly... signed vs. unsigned clash. As an effect of revisions 1.261, BUILD_CMD was changed so $(DIRS) wasn't respected when using it to build different parts of OpenSSL. 1.269 was an attempt to correct that, but unfortunately meant that we built every part that was given i $(DIRS) 7 times. This change puts back the original intent with BUILD_CMD via the new macro BUILD_ONE_CMD while keeping the intent with RECURSIVE_BUILD_CMD. Document the building macros. Break out deltree in its' own command procedure. Add TS to the VMS build. Add a TSA test. testtsa.com is a manual sh to dcl translation of testtsa. Synchronise with openss.cnf Forgot the TSA application... Make shorter TS symbols for OpenVMS. Don't convert a function pointer to a void*, ISO C doesn't like that. The actual whirlpool test was missing on VMS... Remember to *build* WP_TEST on VMS, as well :-) Resolve signed vs. unsigned issues Oh, now I noticed Bodo's change that made tlsext_ecpointformatlist unsigned... tlsext_ecpointformatlist_length is unsigned, so check if it's less than zero will only result in pissing of some compilers... Typo... Synchronise with recent changes VMS doesn't support includes of paths very well. Keep up with the changes in the Unix build system. Only try to remove the tsa.dir subdirectory if it actually exists. Since we're moving between directories, let's get an absolute path to openssl.exe. Small bug. apps/CA.sh and apps/CA.com look at SSLEAY_CONFIG, not OPENSSL_CONF. The -config option flag needs to be in the SSLEAY_CONFIG value. Synchronise with recent changes If we declare a function, like d2i_TS_MSG_IMPRINT_bio(), we'd better *define* it too, or things like shared libraries might be a bit sad. Change chop to chomp when reading lines, so CRLF is properly processed on the operating systems where they are the normal line endings Synchronise with the Unix build Synchronise what what's happening with the Unix build Got sick and tired of duplicating... Too error-prone (i.e. I forget to update both...)! Synchronise Synchronise with Unixly build. (Geez, a lot is happening right now, eh? :-)) Make sure obj_xref.h is updated during a "make update" Someone made a mistake, and some function and reason codes got duplicate numbers. Renumbering. make update Keep in sync with Unix There was a problem with too long command lines, so I rebuilt to make it work better. Signed vs. unsigned conflict rslen is unsigned, so it can never go below 0. Deal with another name that's longer than 31 characters. Use a new signed int ii instead of j (which is unsigned) to handle the return value from sk_SSL_CIPHER_find(). Because all object files are now in a file, we don't need to mention any of them on the linker command line. Besides, OBJECT_FILE now represents the last compiled file, and using it here only results in getting warnings about multiple definitions of the symbols in that file. Synchronise with the Unixly build. Synchronise with Unix A few more ENGINE strings that need shortening. Keep synchronised with the Unix build Keep synchronised with Unix Use poll() when possible to gather Unix randomness entropy Correct warnings about signedness. According to documentation, including time.h declares select() on OpenVMS, and possibly more. Complete the change for VMS. Fixes for the following claims: Synchronise with Unixly build Synchronise with Unixly build, again ;-) Replace strdup() with BUF_strdup(). Needed definition of _XOPEN_SOURCE_EXTENDED so DEC C on VMS will see the declarations of fd_set, select() and so on. Synchronise a bit more with Unixly build After objects have been freed, NULLify the pointers so there will be no double free of those objects Add STARTTLS support for IMAP and FTP. Submitted by Kees Cook Synchronise the VMS build with recent movements in the Unix build. Apply a more modern way to get the definition of select(), except for VMS. Submitted by Corinna Vinschen Synchronise VMS with Unix. VAX C can't handle 64 bit integers, making SHA512 impossible... Change submitted by Doug Kaufman. He writes: Synchronise with Unix build Provide other forms for symbols that are too long or that clash with others Further synchronisation with Unix build. I hadn't noticed pq_compat.h was gone... Synchronise with Unix. Synchronise VMS build system with the Unixly one A few more symbols that are a little bit long for VMS Stack changes made dso_vms.c not compile properly. Remove extraneous semicolons Constify where needed Further synchronisation with Unix In BIO_write(), update the write statistics, not the read statistics. PR: 1803 More synchronisation with Unix VMS stuff I forgot... Synchronise with Unix build Do the Camellia part right Hopefully resolve signed vs unsigned issue. Because DEC C - sorry, HP C - is picky about features, we need to define _XOPEN_SOURCE_EXTENDED to reach fd_set and timeval types and functionality. Data not initialised. Notified by Gerardo Ganis Reference bug. Make it possible to disable STORE. Make STORE an experimental feature. A DTLS1 symbol needs to be chopped off a bit. Include sys/time.h to declare gettimeofday(). Cast to avoid signedness confusion Add local symbol hacks for OpenVMS Add padlock data Redo the loop so it really compiles all objects for one engine, then links the engine (until now, it still thought every file was an engine of its own...). Stupid typo Reimplement time check for VMS to mimic the way it's done on Windows. Reason: gettimeofday() is deprecated. Make the NULL definition of OPENSSL_ia32cap_loc() compatible with the declaration in crypto.h. Move the time fetching code to its own static function, and thereby make sure that BOTH instances of said code get the VMS modification. Synchronise VMS with Unixly build. Make sure the padlock code compiles correctly even on hardware that doesn't have padlocks. Do not try to link the support file(s), as they aren't a complete engine ;-) Forgotten comma... Add a comment about libeay.num and ssleay.num Have mkdef.pl also handle VAX and Non-VAX differences for VMS Functional VMS changes submitted by sms at antinode.info (Steven M. Schweda). Thank you\! (note: not tested for now, a few nightly builds should give indications though) Stupid typo Update from 1.0.0-stable A few more macros for long symbols. Submitted by Steven M. Schweda Compile t1_reneg on VMS as well. Submitted by Steven M. Schweda It seems like sslroot: needs to be defined for some tests to work. Submitted by Steven M. Schweda Forgot to correct the definition of __arch in this file. Submitted by Steven M. Schweda There's really no need to use $ENV::HOME size_t doesn't compare less than zero... Apparently, test/testtsa.com was only half done Have the VMS build system catch up with the 1.0.0-stable branch. If opensslconf.h and buildinf.h are to be in an architecture specific directory, place it in the same tree as the other architecture specific things. Architecture specific header files need special handling. The previous take went wrong, try again. Typo. We redid the structure on architecture dependent source files, but apparently forgot to adapt the copying to the installation directory. Synchronise with Unix tests We expect these scripts not to bail on error, so make sure that's what happens. Tell the user what test is being performed. Taken from OpenSSL_1_0_0-stable: Synchronise with Unix and do all other needed modifications to have it build on VMS again. Better way to build tests. Taken from OpenSSL-1_0_1-stable * tests.com: Add the symbol openssl_conf, so the openssl application stops complaining about a missing configuration file. Define the logical name PERL_ENV_TABLES with values to Perl considers the DCL symbol table as part of the environment (see 'man perlvms' for details), so cms-test.pl can get the value of EXE_DIR from tests.com, among others. * cms-test.pl: Make changes to have it work on VMS as well. Upper or mixed case options need to be quoted and the openssl command needs a VMS-specific treatment. It all should work properly on Unix, I hope it does on Windows as well... Don't define an empty CFLAGS, it's much more honest not to defined it at all. Make sure to remove any [.CRYTO]BUILDINF.H so it doesn't get used instead of [.''ARCH'.CRYPTO]BUILDINF.H Give the architecture dependent directory higher priority Print openssl version information at the end of the tests Implement bc test strategy as submitted by Steven M. Schweda . Make sure we move to '__here' before trying to use it to build local sslroot: Use the same directory for architecture dependent header files as in the branches OpenSSL-1_0_0-stable and OpenSSL-1_0_1-stable. Better method for creating SSLROOT:. Make sure to include the path to evptest.txt. First attempt at adding the possibility to set the pointer size for the builds on VMS. PR: 2393 Part of the IF structure didn't get pasted here... PR: 2393 PR: 2407 Fix fault include. Submitted by Arpadffy Zoltan PR: 2425 Synchronise VMS build with Unixly build. Add rsa_crpt After some adjustments, apply the changes OpenSSL 1.0.0d on OpenVMS submitted by Steven M. Schweda Add missing source. Also, have the compile also use [.MODES] as include directory, as other parts (notably, EVP) seem to need it. A few more long symbols need shortening. * apps/openssl.c: For VMS, take care of copying argv if needed much earlier, directly in main(). 'if needed' also includes when argv is a 32 bit pointer in an otherwise 64 bit environment. * apps/makeapps.com: When using /POINTER_SIZE=64, try to use the additional =ARGV, but only if it's supported. Fortunately, DCL is very helpful telling us in this case. * apps/makeapps.com: Forgot to end the check for /POINTER_SIZE=64=ARGV with turning trapping back on. * test/maketests.com: Do the same check for /POINTER_SIZE=64=ARGV here. * test/clean-test.com: A new script for cleaning up. * apps/makeapps.com: Add srp. * util/mkdef.pl: Add crypto/o_str.h and crypto/o_time.h. Maybe some more need to be added... * crypto/crypto-lib.com: Add a few more missing modules. make update (1.1.0-dev) Implement FIPS CMAC. Implement FIPS CMAC. make update * Makefile.fips: Update and add details about cmac. * fips/cmac/fips_cmactest.c: Changed to accept all the ciphers we support (Two Key TDEA is not supported), to handle really big messages (some of the test vectors have messages 65536 bytes long), and to handle cases where there are several keys (Three Key TDEA) * fips/cmac/fips_cmactest.c: Some say TDEA, others say TDES. Support both names. * fips/fipsalgtest.pl: Test the testvectors for all the CMAC ciphers we support. * fips/cmac/fips_cmac_selftest.c: Because the examples in SP_800-38B aren't trustworthy (see examples 13 and 14, they have the same mac, as do examples 17 and 18), use examples from official test vectors instead. * Configure, crypto/ec/ec.h, crypto/ec/ecp_nistp224.c, util/mkdef.pl: Have EC_NISTP224_64_GCC_128 treated like any algorithm, and have disabled by default. If we don't do it this way, it screws up libeay.num. * util/libeay.num: make update make update For VMS, implement the possibility to choose 64-bit pointers with different options: "64" The build system will choose /POINTER_SIZE=64=ARGV if the compiler supports it, otherwise /POINTER_SIZE=64. "64=" The build system will force /POINTER_SIZE=64. "64=ARGV" The build system will force /POINTER_SIZE=64=ARGV. Corrections to the VMS build system. Submitted by Steven M. Schweda Error discrepancy corrected. fips_check_dsa_prng() should only be built when OPENSSL_FIPS is defined. No spaces in assignements in a shell script... Add symbols for the parameters on a couple more functions. Add a symbol for the first parameter to OPENSSL_showfatal(). Add a tool that (semi)automatically created the API documentation required for FIPS. Teach mkshared.com to have a look for disabled algorithms in opensslconf.h Add missing algorithms to disable, and in particular, disable EC_NISTP_64_GCC_128 by default, as GCC isn't currently supported on VMS. Synchronise with Unix. Typo... Correct environment variable is OPENSSL_ALLOW_PROXY_CERTS. Harmonise symhacks.h in this branch with lower versions. Add aliases for SSL_CTX_set_not_resumable_session_callback and SSL_set_not_resumable_session_callback on top of that. Add the missing modules for Camellia, as well as dh_rfc5114 and evp_cnf. Add d1_srtp and t1_trce. Install srtp.h * ssl/t1_enc.c (tls1_change_cipher_state): Stupid bug. Fortunately in debugging code that's seldom used. * Configure: make the debug-levitte-linux{elf,noasm} less extreme. * crypto/ui/ui_lib.c: misplaced brace in switch statement. Detected by dcruette at qualitesys.com Followup on RT3334 fix: make sure that a directory that's the empty string returns 0 with errno = ENOENT. Include "constant_time_locl.h" rather than "../constant_time_locl.h". The different -I compiler parameters will take care of the rest... Correct some layout issues, convert all remaining tabs to appropriate amounts of spaces. [PR3597] Advance to the next state variant when reusing messages. Check for FindNextFile when defining it rather than FindFirstFile Clear warnings/errors within BN_CTX_DEBUG code sections Clear warnings/errors within CIPHER_DEBUG code sections Clear warnings/errors within CIPHER_DEBUG code sections Clear warnings/errors within KSSL_DEBUG code sections Clear warnings/errors within TLS_DEBUG code sections Clear warnings/errors within RL_DEBUG code sections (RL_DEBUG should be renamed) Small typo Rob Austein (1): RT2465: Silence some gcc warnings Rob Stradling (11): Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers. Fix compilation with no-ec and/or no-tlsext. Use TLS version supplied by client when fingerprinting Safari. Tidy up comments. Update CHANGES. Additional "chain_cert" functions. Show the contents of the RFC6962 Signed Certificate Timestamp List Certificate/OCSP Extensions. Add the RFC6962 OIDs to the objects table. Move the SCT List extension parser into libssl. Add the extension parser in the s_client, ocsp and x509 apps. Parse non-v1 SCTs less awkwardly. CABForum EV OIDs for Subject Jurisdiction of Incorporation or Registration. Separate the SCT List parser from the SCT List viewer Robin Lee (1): RT3031: Need to #undef some names for win32 Robin Seggelmann (2): DTLS/SCTP Finished Auth Bug DTLS/SCTP struct authchunks Bug Russell Coker (1): Fix datarace reported by valgrind/helgrind Sami Farin (1): Typo: set i to -1 before goto. Samuel Neves (1): Use only unsigned arithmetic in constant-time operations Scott Deboy (7): Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions) Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API Tests exercising the new supplemental data registration and callback api can be found in ssltest.c. Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation. Free generated supp data after handshake completion, add comment regarding use of num_renegotiations in TLS and supp data generation callbacks Initialize next_proto in s_server - resolves incorrect attempts to free Update custom TLS extension and supplemental data 'generate' callbacks to support sending an alert. Updating DTCP authorization type to expected value Re-add alert variables removed during rebase Whitespace fixes Don't break out of the custom extension callback loop - continue instead The contract for custom extension callbacks has changed - all custom extension callbacks are triggered Scott Schaefer (5): Document pkcs12 -password behavior Fix various spelling errors RT 2517: Various typo's. RT 2517: Various typo's. Reviewed-by: Emilia Kasper RT2518: fix pod2man errors Serguei E. Leontiev (1): Replace manual ASN1 decoder with ASN1_get_object Steve Marquess (2): Remove gratuitous patent references Add new sponsors TANABE Hiroyasu (1): RT1325,2973: Add more extensions to c_rehash Thijs Alkemade (1): Make disabling last cipher work. Thorsten Glaser (1): Document openssl dgst -hmac option Tim Hudson (12): Add option to generate old hash format. - fix coverity issues 966593-966596 fix coverity issue 966597 - error line is not always initialised PR#3342 fix resource leak coverity issue 966577 coverity 966576 - close socket in error path safety check to ensure we dont send out beyond the users buffer Minor documentation update removing "really" and a statement of opinion rather than a fact. Remove old unused and unmaintained demonstration code. Fixed error introduced in commit f2be92b94dad3c6cbdf79d99a324804094cf1617 that fixed PR#3450 where an existing cast masked an issue when i was changed from int to long in that commit Add constant_time_locl.h to HEADERS, so the Win32 compile picks it up correctly. no-ssl2 with no-ssl3 does not mean drop the ssl lib mark all block comments that need format preserving so that indent will not alter them when reformatting comments Tom Greenslade (1): Handle IPv6 addresses in OCSP_parse_url. Tomas Mraz (1): Don't advertise ECC ciphersuits in SSLv2 compatible client hello. Trevor (3): Add support for arbitrary TLS extensions. Cleanup of custom extension stuff. Cosmetic touchups. Trevor Perrin (5): Various custom extension fixes. Redo deletion of some serverinfo code that supplemental data code mistakenly reinstated. Require ServerInfo PEMs to be named "BEGIN SERVERINFO FOR"... Update docs to mention "BEGIN SERVERINFO FOR ". Redo deletion of some serverinfo code that supplemental data code mistakenly reinstated. Ulf M??ller (661): New switch "386" to generate 80386 code (emulate bswap). Typo. Remove file that is to be auto-generated by sha1-586.pl. New option to generate 80386 code. pre-0.9.3 development version. New Makefile variables $(RANLIB) and $(PERL). Pointer to Ariel Glenn's SSLeay documentation. Remove obsolete files. Include bn.h instead of defining BIGNUM as char. Remove obsolete files from SSLeay 0.8. Bug fix for X.509 two-digit year. More assembler problems; new OCSP patch; obsolete patches removed from list. bn_div_words has been added to alpha.s (Hannes Reinecke's patch). Fix linux-mips entry. Test RSA after the BN library it is based on. Bad dependencies. Avoid error message about missing gcc. Bugs. Separate DSA functionality from ASN.1 encoding. New functions DSA_do_sign and DSA_do_verify to provide access to the raw DSA values. Use Perl 5 even if Perl 4 comes first in the search path. Test PKCS#1 v1.5 padding as well. recent changes. New Configure option "rsaref". Write random seed file in binary mode. Another bug. Pass $PERL on make errors. SPARC v8 assembler BIGNUM code. Defunct assembler files removed; various cleanups. Definition did not match prototype. Fix typos in error codes. Error in comment. Document additional Configure flags. Clean up prototypes (prepare for removing NOPROTO). Change functions to ANSI C. Missing #endif. Arguments are des_cblock. Problems with 64-bit long. Pointed out by Andy Polyakov . Remove useless defines. Problems with 64-bit long. -Wall implies -Wuninitialized. Fix some warnings. Fix lots of warnings. Move all autogenerated header file parts to crypto/opensslconf.h. New header file opensslconf.h contains the macros set by Configure. Ultrix compatibility. Be more specify about system requirements. Set the 386 flag automatically when building on i386. Pass the $PROCESSOR variable through. Remove references to .org header file names. Recognize CPU version on NetBSD and FreeBSD. Function didn't get ANSIfied because of unusual formatting. Undo evil cast! Andy Polyakov points out that BF_PTR2 is slower than the generic case. *.org files are gone for good. Remove header files from .cvsignore. ANSIfy, fix typo in error message, and remove redundant statement from my code. Replaced by mkerr.pl New Configure option --openssldir to replace util/ssldir.pl. New Configure option --openssldir to replace ssldir.pl. *** empty log message *** exit on error. Submitted by: Reviewed by: PR: Remove NOPROTO definitions and error code comments. Ignore autogenerated file. Last week I proposed to increase the version number to 1.0. So far nobody complained... Remove NOPROTO-related macros. New Configure option no- (rsa, idea, rc5, ...). Add missing DEPFLAG. New Configure option no- (rsa, idea, rc5, ...). Message digest stuff. Undo. Update NO_* macros. *** empty log message *** More portable blowfish macros. Typo. Remove autogenerated file. Do make rehash automatically at make test. Linux shared libraries. Linux shared libraries (now in Makefile.ssl). Pass $PERL on make dclean. Decrypt test vector data even if previous decryption failed to get better diagnostics. Ignore autogenerated assembler files. Autogenerated files. Change error message for consistency. Missing "else". exptest dumps core. Optimizer bug? Ignore Makefile.save Compare with BN_mod_exp_simple, too. Close files. Bug fix. OAEP bug fix. Unused file. Typo. $perl should never be empty. More information about installing. Better Sun config. Typo. (You ought to trademark "Configurion". :) Update HPUX config, work around HPUX library incompatibility. c_rehash doesn't work at that point of the installation, so don't even try. Sparc v8plus assembler. Andy Polyakov points out there are default rules in make in gmake for this. solaris64 entry. Recognise Ultra Sparc and compiler version number. SHA-1 cleanups and performance enhancements. Fix problem with /usr/ccs/lib/cpp. C++ bug fix. Use ANSI stdarg. Note about required SC5.0 patches. v8plus must be specified. Remove unreachable return statements. Info on how to submit patches. Support additional Win32 compilers. Borland C++ builder. Typo. Add missing semicolon. config is Unix specific. Get the Mingw32 makefiles right. Generate DLLs with Mingw32. Superseded by sparcv8.S and sparcv8plus.s. pass $PERL on make files. Mingw32. The libssl32.dll definition file is called ssleay32.def. (why?) no-xxx option to exclude ciphers. Fix for +xxx options. Update. Move openssl.cnf out of lib/. Move openssl.cnf out of lib/. Use ifndef PEDANTIC for all inline assembler. Missing argument in prototype. Caldera OpenLinux passes test now. mk1mf.pl and mkdef.pl read OPTIONS from toplevel Makefile. Configure no longer changes files in place. VMS support. Reorganize and speed up MD5. VMS support. VMS support bug fixes. Remove redundant ifdef. Oops. Close the file. Cut&paste error. Missed one line. mk1mf.pl syntax has been changed. Mention Andy's assembler stuff. Mention "make depend". Move prototypes to the right place. BC now compiles crypto/des Spelling error. BSD alpha config. no-xxx options. gcc < 2.8 does not support ultrasparc. Small corrections. Oops. Typos. Bignum library bug fix. IRIX 6 passes "make test" now! This also avoids the problems with SC4.2 and unpatched SC5. Declare test key data as static. Avoid a warning. Detect Siemens platforms. NeXT doesn't have dirent. Bring VMS in sync with the recent changes. Borland C fix. Remove redundant line. gcc dumps core on HPUX. Define a macro to avoid name conflicts. Avoid type conflict on Unix with DEC C. Hint about unresolved symbols when mixing compilers. Test apps. Generate no-xxx options for missing ciphers. Support the EBCDIC character set and BS2000/OSD-POSIX (work in progress). Support the EBCDIC character set and BS2000/OSD-POSIX (work in progress). Support the EBCDIC character set and BS2000/OSD-POSIX (work in progress). Prevent name conflicts. Fix to compile the des app. Don't #define _, and eliminate casts. Warnings and casts. Casts. Call our crypt implementation des_crypt(). crypt() now is a wrapper if there is no system crypt() available. crypt(), demos patched. The des app. Remove old libdes version number. "extern" is a C++ reserved word. Don't define _ANSI_SOURCE for NetBSD. Circumvent bug in SC5 without patch #107357-01. Put SC5 warning back in, future changes might trigger the compiler bug again. Recognize CPU on BSD/OS. Typo. Use the same CPU recogition method for FreeBSD 3 as for the other FreeBSD versions. (The FreeBSD and FreeBSD-elf Configure entries were identical.) Use "long long" for all Win32 gcc ports. Fix no-hmac and no-ripemd. More no-xxx option tweaks. Broken HPUX cc. Obsolete/experimental code. NO_HMAC. RSA private keys without dmp1/dmq1/iqmp are also valid (but slower). More DES library cleanups: remove references to srand/rand and delete an unused file. Did not check the last SDIR line for excluded algorithms. DES library changes. Make the perl module compile and eliminate some of the warnings. Still doesn't work (the destructor on BIO and SSL is called immediately after creating the object. Why that??) Remove obsolete files. VMS updates. Submitted by: Richard Levitte Restore compability with kerberos/des.h (I had deleted some seemingly useless definitions such as C_Block earlier). obj_dat.h is autogenerated (it was in the CVS because old versions of Configure didn't generate the file in Windows builds). *** empty log message *** No use in naming the cblock _; the structure still is incompatible to Kerberos. Avoid path separator problems. Compile pkcs7 and des apps. Add pkcs7 and des apps to "make all". Fix faulty base64 decoding of data that was 46 or 47 bytes long. Honor $PERL environment variable in Configure. editing error. Undo base64 decoding change (was not a bug fix). make update. make testapps after the library. Check the as version on Solaris x86. People don't read INSTALL anyway. :) *** empty log message *** Correct address in a comment. Use proper flags to build the testapps (default CC value causes confusion on Solaris) Correction for the testapps lines. Parantheses not needed. note a few things that need to be done More patches. Generate obj_dat.h in "make update". VC++ warning. Cosmetic changes. HPUX 11 flags. Contributed by: Peter Huang More patches. *** empty log message *** Missing #ifdef NO_DES Circumvent an exploitable buffer overrun error in RSA Security's RSAREF library. See: http://www.CORE-SDI.COM/english/ssh/index.html Oops! CORE SDI proposed patch doesn't make any sense. Undo. Don't use inline assembler on x86 Solaris (would need a different syntax). Solaris x86 assembler problem is already addressed in ./config (bug reports keep coming in because that was still missing in 0.9.4) Update contact information (openssl-bugs, openssl-security). Add some newlines needed for pod2man, and run ispell. ispell. Remove obsolete SSLeay instructions. Honor the no-xxx Configure options when creating .DEF files. Submitted by: Reviewed by: PR: Minor format changes. Install man pages. Add missing =back. dep/ directory is not needed. Document the RSA library. Dummy page superseded by crypto/crypto.pod corrections PKCS#1 signatures don't use randomness. Add a note about the padding functions. Precautions against using the PRNG uninitialized: RAND_bytes() now returns int (1 = ok, 0 = not seeded). New function RAND_add() is the same as RAND_seed() but takes an estimate of the entropy as an additional argument. minor change for the prng RAND_seed New function RAND_pseudo_bytes() generated pseudorandom numbers that are not guaranteed to be unpredictable. remove debug modification that I checked in accidentally Header for RAND_seed() Add missing #ifndefs that caused missing symbols when building libssl as a shared library without RSA. Use #ifndef NO_SSL2 instead of NO_RSA in ssl/s2*.c. Rename rsa_oaep_test to the more appropriate name rsa_test for the benefit of MS-DOS users. WINDOWS is defined in e_os.h. The problem was WIN32 (the new egcs uses _WIN32). AFAICS lst1 stands for "lshift test" not "list". Don't build the testapps automatically because the openssl program now has s/mime functionality. Some more ifdefs for no-xxx options. Check RAND_bytes() return value or use RAND_pseudo_bytes(). Move ssl.pod to doc/ssl Document RAND library. Use comment from md_rand.c in rand.pod Use comment from md_rand.c (part 2, as well). Move ssl.pod to doc/ssl Document the DH library, and make some minor changes along the way. fail on all errors. config string comment dh renamed to dhparam Document the BN library. Rename asn1/pkcs8.c to asn1/p8_key.c to avoid name conflict. RSA_print etc Documented in the RSA_print page Run ispell. Clean up bn_mont.c. New manpage. Increase the year by one. New news. Document DSA and SHA. New function BN_pseudo_rand(). Use BN_prime_checks_size(BN_num_bits(w)) rounds of Miller-Rabin when generating DSA primes (why not use BN_is_prime()?) Update comment from bn.h comment was wrong. fix link Update docs: corrections, turn buffer docs into manpage, fold SHA1 pages into one for improved readability, add lhash manpage Source code cleanups: Use void * rather than char * in lhash, eliminate some of the -Wcast-qual warnings (debug-ben-strict target) Typos. Seek out and destroy another evil cast. Note changes. Checked in some junk. Sorry. Print a reassuring message when Configure is done. spelling Document ERR library. EBCDIC support. undo. I keep confusing my directories. :( dhgen is gone. link to SSL_get_error(3) Remove an =over that never ends match the prototype Bug fix: BN_is_prime() would fail with a high probability for small primes (negligible for larger ones). Document hash functions. ispell (and minor modifications) a short page for "speed" *** empty log message *** Replace ridiculous libdes PRNG with RAND_bytes. These functions are not used anywhere in OpenSSL, but might be used by libdes applications. Document RC4. md2 is documented in the md5 page. lets see if this works... New functions BN_CTX_start(), BN_CTX_get(), BN_CTX_end() to access temporary BIGNUMs. BN_CTX still uses a fixed number of BIGNUMs, but the BN_CTX implementation could now easily be changed. Use MONT_WORD macro to control if the word-based or the bignum algorithm is used. BN_div bugfix. The q-- loop should not be entered in the n0==d0 case. Improve bntest slightly, and fix another bug in the BN library. put missing line back in. BN bug fixes Refer to EVP_DigestInit() in the hash function descriptions. "print" is GNU bc specific. Create the man directories where the manpages will be put. Install manpages below OPENSSLDIR (I think it was meant to be this way?). New variable for man directory. Make excluded cipher entry in opensslconf.h a bit more descriptive. Fix gcc warnings. Document OPENSSL_VERSION_NUMBER More compact Configure usage message. Correction for RSA_padding_check_xxx() documentation. Correction to RSA_padding_check_xxx() docs (this time for real). Check tlen size in all padding_check functions. As called within the rsa library, the output buffer always is large enough, but if the tlen parameter is there, it should be checked in the interest of clarity, as proposed by David Sacerdote . Don't list prototypes for internal functions. warning. Frequently asked questions. minor docs changes (added links is the openssl(1) text) threads mapage. another faq. add missing names. Run the test suite and generate a report. *** empty log message *** correct macro. yet another faq. New make target "report" to run util/selftest.pl CRYPTO_num_locks() Support EGD. remove test "goto err" EGD info, as requested. Fix NO_RSA (misplaced #endif). nicer manpages remove some (apparently) obsolete entries. please put them back in if they're still valid, and remove others that are outdated EGD socket info. mention that EGD is used in non-blocking mode. Use public domain snprintf() implementation by Patrick Powell to avoid potential buffer overrun in BIO_printf(). ---------------------------------------------------------------------- crypto/bio/b_print.c CVS: ---------------------------------------------------------------------- Yet another "unixware" spelling. some test results. BIO_printf() change work around a bug in BN_div_recp or BN_reciprocal divide the correct number... different snprintf version. signed/unsigned mismatch (VC++) linux-ppc ispell EGD bugfix. *** empty log message *** VC++ problem mt contained an old copy of mttest.c. remove it and move the other files to crypto/threads mention RAND_egd() links The main() return value is a program's exit code. Test the division functions. flush output. Looks like it fails when b is a power of 2, but I never get incorrect results. Make clear which naming convention is meant. minor clarification Reorganize bn_mul.c (no bugfix yet), remove obsolete files in BN library. remove workaround no longer needed *** empty log message *** Bug fix! Overly long lines look ugly in the DOS editor. :) put function names in the title. remove obsolete BN_CTX info corrections works on solaris Shared library support for Solaris and HPUX by Lutz Behnke and by Lutz Jaenicke. Support assembler for Mingw32. Fix for non-monolithic build. Switch for turning on the predictable "random" number generator. Mingw32 can now use assembler. Bug fix. how to recognize assembler problems change wording some people can't read :) Keep the references to other INSTALL files short. These are the Unix instructions. check for WIN32 (needed by Mingw32) change info text (as on the web site) add RAND_status() to title pseudo-seed for the PRNG before testing DSA Note bug fix for the DSA infinite loop Bug fix. add comment. gcc warnings new component The selftest sometimes lacked important information bug fix release planned bug fix. Submitted by: "Yoram Meroz" clarify. Repair bss_log. Don't generate asm files for no-asm. Use L for all constants. ssize_t NO_SYSLOG is defined for MSDOS anyway. just don't include the Unix header... make update asm workaround for SuSE Linux proposed by Holger Reif change manpages to pod. Contents are not up to date! superseded by des_modes.pod DES in Perl was incomplete and not very useful add =cut des_quad_cksum() byte order bug fix. See http://www.pdc.kth.se/kth-krb/ libdes manpage. cleanup. make update Integrate podd.h sk.h into set_key.c FLAT_INC is not needed; we use -I.. all the time New function RAND_event() collects entropy from Windows events. oops. don't use "entropy" directly. Bug fix: RAND_write_file() failed to write to files created by open() on Win32. Sample application using RAND_event() to collect entropy from mouse movements, keyboard etc. and write it to a seed file. Mention the bug fixes. Problems with the Windows build. In some of the Makefiles CPP was not defined. OpenBSD complains. More failures. more failures RAND_event() ssize_t for Ultrix Test results. Add pointer to EGD manpage. Update the "randomness" section for the upcoming 0.9.5a release. Submitted by: Reviewed by: PR: linux-elf bugfix MacOS changes. Missing cases when no_rsa is defined Make sure that NO-RSA applications etc can include evp.h prototype. Get rid of more non-ANSI declarations. #include is not needed. #include not needed. is needed. Bug fix for 64 bit HP-UX. Don't include . In the NO_FP_API case, don't include . Use NO_FP_API. Yet another bc FAQ. CygWin32 support. Increased consideration for stupid Linux users. Option "no-symlinks" to configure without creating the links (e.g. for use with makefile.one) typo protoypes use faster version Add PRNGD link. Randomness polling function for Win9x. Move RNG initialization to RAND_poll(), and shared definitions to rand_lcl.h don't print debug output oops. Profiling option for mk1mf.pl Fix some CygWin problems. bug: RAND_poll(). Don't set the two top bits to one when generating a random number < q.:wq Not the DSA change. More Windows failures reported The other log message should have read "Note the DSA change". Point to Peter Gutmann's revised paper. The copy at www.usenix.org is the old version. Bug fix: Montgomery multiplication could produce results with the wrong sign. Jeffrey Altman points out that GetQueueStatus() crashes on NT. add links to the new BIO and SSL manpages to make them visible on the web. ispell and some other nit-picking Note the BN_mod_exp_word bug. (Markus Friedl provided a test program.) ispell Note about contribtions from the US ispell. The RSA patent will have expired when the next version is released... Malloc() -> OPENSSL_malloc() etc. ispell. URL to "latest" Mingw release (which is almost a year old :() tlhelp32.h is currently missing in Mingw32 (release 2.95.2 and 2.95.2-1) Add some missing info. Workaround for tlhelp32.h: place the missing header file in outinc tlhelp32.h more manpage links. stop perlpod from complaining. update info to match the README. spelling print the perlasm rule only for linux-elf (it seems it confuses some version of make for Mingw32) ---------------------------------------------------------------------- ---------------------------------------------------------------------- typo The des_modes manpage is in section 7. fix problems in the selftest cosmetic change cosmetic changes Add short overview, move header files section further down. correction from Lutz "DESCRIPTION" is required. give pseudo prototypes instead of macro definitions for better clarity Correction from Tani Hosokawa s_server not s_client . -engine is gone. _lrotl() is a call to the C runtime library! Minor corrections (HPUX). From: Lutz Jaenicke increase the value a bit Set the CryptoAPI randomness estimate back to 0. The randomness may not actually be very good (we don't know). looks like a cut&paste error in some new file names the first 8 characters were not unique ignore Remove RSAREF (not used). use standard C fix for Borland C Add a warning about the usage of the montgomery functions (if the inputs are not reduced modulo m, the outputs won't be either). typo Borland C fix. GPL FAQ. remove unused static function Fix bn_cmp_part_words() and move it to bn_lib.c. New function BN_bntest_rand() to detect more BN library bugs. Note the bntest change. Move the rijndael "test" to the bf and cast tests. Loops like this one: forgot to remove the loop variable remember the problem with ftime() argl last commit was wrong. Now it works. :) Use assert as in the rest of the BN library. PERLASM - the wierdest programming language since Intercal. minor modification to the previous change more of the same: add printf() for perlasm. save registers in the debug output code (return value is overwritten too) looks like it works now push the flags too move constants for debug functions to end of file test_mod_mul is useful, let's run it more often. another fix for the debug print Intel assembler version for bn_sub_part_words(). I haven't got reliable timings yet, please try it out! remove useless instruction remove a comment that shouldn't have been there any more Don't check for bc at all. We can now run a meaningful test even if it is missing. bn_part_sub_word prototype. Test for SCO bc bug *** empty log message *** Stop on bntest error. c&p error spotted by Martin Forssen "Andrew W. Gray" says /GD is no longer a valid compiler switch. Stop build when an error occurs. "Peter 'Luna' Runestig" branches have been merged. rsa_num is not used with NO_RSA link to the new manpage. Mention the ./config script fixes. Use the correct number of arguments in the example. Definition of NO_KRB5 in ssl.h for external applications. There is no C version of bn_div_3_words new year Fix potential buffer overrun for EBCDIC. format strings Bleichenbacher's DSA attack cleanup Note that EGD is used automatically. point out that RAND_load_file() etc are only for seed files, not for entropy devices or sockets. use <= instead of == IRIX bugfix New function OPENSSL_issetugid(). Needs more work. That was misleading. The problem won't happen with 0.9.6a anyway. pod format error ispell Temporary fix for build break. It's still inconsistent - probably better to undo the whole OPENSSL_NO_* thing. note OPENSSL_issetugid(). BN_rand_range() needs a BN_rand() variant that doesn't set the MSB. Fix warning. Use BN_rand_range(). make it a loop as in dsa autoconf would be useful... That statement seems to be not true. In fact, I have said that I would like to use libtool, but not automake. run self-test with no-krb5 don't read from tty in test mode %f conversion bug fix Submitted by: Henrik Eriksson DEC Forgot a '$'. old MSVC versions don't have rdtsc use _emit instead note the rand_win.c change mips check CRT check CRT Note the Alpha asm change the backslash is significant... make sure we don't write to seed[-1] move check to avoid memory leak. more error codes fixed typo. zlib default was broken on most platforms. make update strsep implementation to allow the file to compile on non-BSD systems *** empty log message *** undo, didn't work strsep implementation to allow the file to compile on non-BSD systems Use GCC 2.95/3.0 optimization Eric Hanchrow points out that Cygwin perl works. bug fix: bn_sqr_recursive output is twice its input size. double definition include the proper header file unused function make engine file names unique in 8.3 ispell ispell missed one file openbsd-x86 macros remove compatibility notes that no longer apply name confusion with HP library function prototype (?) Cygwin patch. Submitted by Michael Kobar ssl3_read_bytes bug fix *** empty log message *** Cygwin target name has been changed! error reported by Karsten Braaten another error discovered by Karsten Braaten. The number was not even prime! updated Mingw32 instructions. values were reset for no reason. Use assembler implementations with Cygwin. This also fixes the bn_sub_part_word problem. Cygnus correction. (I thought I had tested that...) make files didn't work on case insensitive filesystems use OPENSSL_SYS_MSDOS rather than __DJGPP__ to disable egd, this is not compiler specific update mingw info clean up MinGW build. MinGW make now supports the Windows path name conventions. avoid duplicate definiton of bn_sub_part_words add test more mingw related cleanups. remove some more useless code. The mingw target can now be built under cygwin. Copy rather than symlink the test data. This is needed because Windows doesn't support symlinks. Add instructions for building the MinGW target in Cygwin, and rearrange some of the other text for better readability. Cygwin debugging cleanup as discussed with Geoff typo in comment oops... the description of ->top was inaccurate (the example is correct though) Geoff suggested a more succinct description for "top". BN_set_bit() etc should use "unsigned int". Keep it as is to avoid an API change, but check for negativ values. The x9.62 tests replace the PRNG with specific numbers, so don't run them if BN_DEBUG_RAND is defined. re-enable the test, keeping the original method for RAND_pseudo_bytes which is used by BN_DEBUG_RAND Submitted by: Nils Larsch Avoid segfault if ret==0. Skip a curve with generator of non-prime order. Add "dif" variable to clean up the loop implementations. typo typo fix breakage for Perl versions that do boolean operations on long words Use Windows randomness code on Cygwin undo Cygwin change comments RFC 3161 compliant time stamp request creation, response generation and response verification. time stamp Makefile, test files Submitted by: Zoltan Glozik make update *** empty log message *** shorter filenames wrap shlib for testtsa Submitted by: David Somers oops message style ignore TS bugfixes: Do not hardcode message digest algorithms; fix ASN1 decoding. unused function Clarification for CPU specific config options. *** empty log message *** improve make dclean to remove files generated during build uncomment; that one slipped through Use Dl_info only on systems where it is known to exist. It does not exist on AIX 4.3.3, AIX 5.1, SCO 5, or Cygwin. manual pages as HTML Submitted by: Oliver Tappe Add BeOS support. declare as in prototype Submitted by: Gisle Vanem Bug fix. bug fix. PR: 1326 Submitted by: John Skodon Add includes in synopsis. Submitted by: Mike Frysinger Correct punctuation. PR: 1367 Use gmtime on cygwin Submitted by: Corinna Vinschen wording (can't really call shared libs experimental after several years in the major Linux distributions) Veres Lajos (1): misspellings fixes by https://github.com/vlajos/misspell_fixer Viktor Dkhovni (1): RT1325,2973: Add more extensions to c_rehash Viktor Dukhovni (16): Fix infinite loop. PR#3347 Fixes to host checking. Client-side namecheck wildcards. Enforce _X509_CHECK_FLAG_DOT_SUBDOMAINS internal-only More complete X509_check_host documentation. Drop hostlen from X509_VERIFY_PARAM_ID. X509_check_mumble() failure is <= 0, not just 0 More complete input validation of X509_check_mumble Implement sk_deep_copy. Multiple verifier reference identities. Fix typo in last commit One more typo when changing !result to result <= 0 New peername element in X509_VERIFY_PARAM_ID Set optional peername when X509_check_host() succeeds. Update API to use (char *) for email addresses and hostnames Improve X509_check_host() documentation. Viktor Szakats (1): RT 1988: Add "const" to SSL_use_RSAPrivateKey_ASN1 ZNV (1): Make EVP_CIPHER_CTX_copy work in GCM mode. l.montecchiani at gmail.com (1): RT2193: #ifdef errors in bss_dgram.c mancha (2): Fix eckey_priv_encode() Fix version documentation. nnposter at users.sourceforge.net (2): PR 718: Configure not exiting with child status PR 719: Configure not exiting with child status rfkrocktk (2): Added documentation for -iter for PKCS#8 Conform to whitespace conventions stephen (5): external error lib number now global and allow error lib to have a name fix pk7_doit.c for new i2d_ASN1_SET argument Fix for sk_insert bug: it never worked properly. Allow explicit tag asn macros to handle indefinite length constructed stuff: without this certain "certificates" can't be read in. Update CHANGES file for latest additions This is a quick hack conversion of the 'CA.sh' script to perl. It fixes one bug in the original but is otherwise just as horrible :-) yogesh nagarkar (1): Fix compilation with -DSSL_DEBUG -DTLS_DEBUG -DKSSL_DEBUG zhu qun-ying (1): Free up s->d1->buffered_app_data.q properly. ----------------------------------------------------------------------- From matt at openssl.org Mon Feb 9 13:14:09 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 9 Feb 2015 14:14:09 +0100 (CET) Subject: [openssl-commits] [openssl] master-post-reformat create Message-ID: <20150209131409.5871D1DF1AB@butler.localdomain> The annotated tag master-post-reformat has been created at 48c4781590e1ab4f9fd9d132ef91773a1df99d7e (tag) tagging 35a1cc90bc1795e8893c11e442790ee7f659fffb (commit) replaces master-post-auto-reformat tagged by Matt Caswell on Mon Feb 9 13:08:24 2015 +0000 - Log ----------------------------------------------------------------- Post reformat of master Reviewed-by: Richard Levitte Matt Caswell (2): Re-align some comments after running the reformat script. This should be a one off operation (subsequent invokation of the script should not move them) More comment realignment ----------------------------------------------------------------------- From matt at openssl.org Mon Feb 9 13:26:12 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 9 Feb 2015 14:26:12 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-post-auto-reformat create Message-ID: <20150209132612.1BBAE1E0360@butler.localdomain> The annotated tag OpenSSL_1_0_2-post-auto-reformat has been created at 12b69d483d9954b9754f0eedd0c34b4cbab1c0d0 (tag) tagging 323d39e87f86bc4524881942aafc7539532aefff (commit) replaces OpenSSL_1_0_2-pre-auto-reformat tagged by Matt Caswell on Mon Feb 9 13:17:15 2015 +0000 - Log ----------------------------------------------------------------- Post run of automated reformating script on OpenSSL_1_0_2 Reviewed-by: Richard Levitte Matt Caswell (2): Run util/openssl-format-source -v -c . Rerun util/openssl-format-source -v -c . ----------------------------------------------------------------------- From matt at openssl.org Mon Feb 9 13:26:12 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 9 Feb 2015 14:26:12 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-pre-auto-reformat create Message-ID: <20150209132612.228CE1E0361@butler.localdomain> The annotated tag OpenSSL_1_0_2-pre-auto-reformat has been created at a73e48759f52155f773fe9673f39dcb3ce27fcda (tag) tagging aae3233e1e08e9f11742f8f351af5c98cd8add16 (commit) replaces OpenSSL_1_0_2-pre-reformat tagged by Matt Caswell on Mon Feb 9 13:17:46 2015 +0000 - Log ----------------------------------------------------------------- Pre run of automated reformating script on OpenSSL_1_0_2 Reviewed-by: Richard Levitte Andy Polyakov (19): bn/rsaz_exp.c: make it indent-friendly. apps/speed.c: make it indent-friendly. engines/e_ubsec.c: make it indent-friendly. bn/bn_recp.c: make it indent-friendly. bn/bntest.c: make it indent-friendly. crypto/cryptlib.c: make it indent-friendly. crypto/mem_dbg.c: make it indent-friendly. modes/cts128.c: make it indent-friendly. modes/gcm128.c: make it indent-friendly. modes/modes_lcl.h: make it indent-friendly. bn/bn_exp.c: make it indent-friendly. bn/bn_asm.c: make it indent-friendly. bn/asm/x86_64-gcc.cL make it indent-friendly. bn/bn_const.c: make it indent-friendly. ec/ecp_nistz256.c: harmonize with latest indent script. modes/cfb128.c: make it indent-friendly. modes/ctr128.c: make it indent-friendly. crypto/ofb128.c: make it indent-friendly. ec/ecp_nistz256.c: further harmonization with latest rules. Dr. Stephen Henson (4): Script fixes. Test option -nc Add -d debug option to save preprocessed files. Delete trailing whitespace from output. Matt Caswell (22): Further comment amendments to preserve formatting prior to source reformat Additional comment changes for reformat of 1.0.2 Fix source where indent will not be able to cope Provide script for filtering data initialisers for structs/unions. indent just can't handle it. Fix make errors Fix logic to check for indent.pro Fix indent issue with engine.h Fix indent issue with functions using STACK_OF More indent fixes for STACK_OF indent has problems with comments that are on the right hand side of a line. Sometimes it fails to format them very well, and sometimes it corrupts them! This commit moves some particularly problematic ones. Fix strange formatting by indent Add obj_dat.h to the list of files that will not be processed by openssl-format-source Manually reformat aes_core.c Add aes_core.c to the list of files not processed by openssl-format-source Amend openssl-format-source so that it give more repeatable output Fix indent comment corruption issue Manually reformat aes_x86core.c and add it to the list of files skipped by openssl-format-source Add ecp_nistz256.c to list of files skipped by openssl-format-source Move more comments that confuse indent Tweaks for comments due to indent's inability to handle them Backport hw_ibmca.c from master due to failed merge Fix modes.h so that indent doesn't complain More tweaks for comments due indent issues Richard Levitte (3): Force the use of our indent profile Run expand before perl, to make sure things are properly aligned Make the script a little more location agnostic Tim Hudson (2): mark all block comments that need format preserving so that indent will not alter them when reformatting comments Provide source reformating script. Requires GNU indent to be available. ----------------------------------------------------------------------- From matt at openssl.org Mon Feb 9 13:26:12 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 9 Feb 2015 14:26:12 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-post-reformat create Message-ID: <20150209132612.10B6D1DF1AB@butler.localdomain> The annotated tag OpenSSL_1_0_2-post-reformat has been created at ac1e6674c070d95ce118b77f5fe61008b4b80213 (tag) tagging 83975c80bbc3e84cc605e0491707a6517f5dd346 (commit) replaces OpenSSL_1_0_2-post-auto-reformat tagged by Matt Caswell on Mon Feb 9 13:16:32 2015 +0000 - Log ----------------------------------------------------------------- Post reformat of OpenSSL_1_0_2 Reviewed-by: Richard Levitte Matt Caswell (1): Re-align some comments after running the reformat script. This should be a one off operation (subsequent invokation of the script should not move them) ----------------------------------------------------------------------- From matt at openssl.org Mon Feb 9 13:26:12 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 9 Feb 2015 14:26:12 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-pre-reformat create Message-ID: <20150209132612.3128F1E0362@butler.localdomain> The annotated tag OpenSSL_1_0_2-pre-reformat has been created at 6b1754608f389ee2595fb7027de4e1e35eee6b02 (tag) tagging 43257b9f51de749262258668c77c2f0f99d7a15b (commit) replaces OpenSSL_1_0_2-beta3 tagged by Matt Caswell on Mon Feb 9 13:18:17 2015 +0000 - Log ----------------------------------------------------------------- Pre reformat of OpenSSL_1_0_2 Reviewed-by: Richard Levitte Adam Langley (3): Don't set client_version to the ServerHello version. Premaster secret handling fixes Ensure that the session ID context of an SSL* is updated when its SSL_CTX is updated. Alok Menghrajani (3): Fixes a minor typo in the EVP docs. Improves the proxy certificates howto doc. Improves certificates HOWTO Andr? Guerreiro (1): Add documentation on -timeout option in the ocsp utility Andy Polyakov (13): e_os.h: refine inline override logic (to address warnings in debug build). aesni-x86_64.pl: make ECB subroutine Windows ABI compliant. Add missing credit. md32_common.h: address compiler warning in HOST_c2l. armv4cpuid.S: fix compilation error in pre-ARMv7 build. ecp_nistz256-x86_64.pl: fix occasional failures. Remove inconsistency in ARM support. This facilitates "universal" builds, ones that target multiple architectures, e.g. ARMv5 through ARMv7. See commentary in Configure for details. CHANGES: mention "universal" ARM support. Revert "CHANGES: mention "universal" ARM support." CHANGES: mention "universal" ARM support. Fix irix-cc build. Fix for CVE-2014-3570 (with minor bn_asm.c revamp). Add Broadwell performance results. Ben Laurie (1): Fix single makefile. Bodo Moeller (7): DTLS 1.2 support has been added to 1.0.2. Support TLS_FALLBACK_SCSV. Oop: revert unintentional change committed along with TLS_FALLBACK_SCSV support, restoring a reviewed state instead. Add TLS_FALLBACK_SCSV documentation, and move s_client -fallback_scsv handling out of #ifndef OPENSSL_NO_DTLS1 section. Fix SSL_R naming inconsistency. When processing ClientHello.cipher_suites, don't ignore cipher suites listed after TLS_FALLBACK_SCSV. Fix and improve SSL_MODE_SEND_FALLBACK_SCSV documentation. Bodo M?ller (1): Backport regression test Daniel Kahn Gillmor (1): Allow ECDHE and DHE as forward-compatible aliases for EECDH and EDH David Benjamin (1): Do not resume a session if the negotiated protocol version does not match the session's version (server). Dominik Neubauer (1): typo in s_client Dr. Stephen Henson (27): Add additional DigestInfo checks. Fix for session tickets memory leak. Parse custom extensions after SNI. Process signature algorithms in ClientHello late. Copy negotiated parameters in SSL_set_SSL_CTX. Fix cross reference table generator. Process signature algorithms before deciding on certificate. Fix excert logic. New option no-ssl3-method which removes SSLv3_*method Fix SuiteB chain checking logic. Print out Suite B status. Check return value of ssl3_output_cert_chain Reject invalid constructed encodings. Clear existing extension state. Remove MS SGC Update SGC flag comment. Fix various certificate fingerprint issues. Constify ASN1_TYPE_cmp add X509_ALGOR_cmp. update ordinals ECDH downgrade bug fix. Only allow ephemeral RSA keys in export ciphersuites. RT3662: Allow leading . in nameConstraints use correct function name use correct credit in CHANGES fix error discrepancy Fix crash in dtls1_get_record whilst in the listen state where you get two separate reads performed - one for the header and one for the body of the handshake record. Unauthenticated DH client certificate fix. Emilia Kasper (20): Fix ssltest logic when some protocols are compiled out. Sync CHANGES Tighten session ticket handling Reset s->tlsext_ticket_expected in ssl_scan_serverhello_tlsext. This ensures that it's zeroed even if the SSL object is reused (as in ssltest.c). It also ensures that it applies to DTLS, too. Set s->hit when resuming from external pre-shared secret. Remove ssl3_check_finished. Always require an advertised NewSessionTicket message. Ensure SSL3_FLAGS_CCS_OK (or d1->change_cipher_spec_ok for DTLS) is reset once the ChangeCipherSpec message is received. Previously, the server would set the flag once at SSL3_ST_SR_CERT_VRFY and again at SSL3_ST_SR_FINISHED. This would allow a second CCS to arrive and would corrupt the server state. Clean up CHANGES Reject elliptic curve lists of odd lengths. Make 'make update' succeed and run it Add extra checks for odd-length EC curve lists. Clarify the return values for SSL_get_shared_curve. Fix unused variable warning Check for invalid divisors in BN_div. Build fixes Revert "RT3425: constant-time evp_enc" Add a comment noting the padding oracle. Add a clang build target for linux-x86_64 Only inherit the session ID context in SSL_set_SSL_CTX if the existing context was also inherited (matches that of the existing SSL_CTX). Geoff Thorpe (1): Fix no-ssl3 configuration option Guenter (1): NetWare compilation fix. Jan Hykel (1): Don't use msg on error. Kurt Cancemi (1): RT3547: Add missing static qualifier Kurt Roeckx (8): Keep old method in case of an unsupported protocol Fix warning about negative unsigned intergers Use the SSLv23 method by default Return error when a bit string indicates an invalid amount of bits left Fix memory leak in the apps dlfcn: always define _GNU_SOURCE Make "run" volatile Make build reproducible Martin Brejcha (1): Fix memory leak. Matt Caswell (57): Prepare for 1.0.2-beta4-dev Removed duplicate definition of PKCS7_type_is_encrypted Fix for SRTP Memory Leak Fix SRTP compile issues for windows Updates to CHANGES file Updates to NEWS file Fix free of garbage pointer. PR#3595 Added OPENSSL_NO_EC2M guards around the default EC curves Fixed cms-test.pl for no-ec2m Added RFC 7027 references Fix s_server -ssl2. Previously this reported "Error setting EC curve" When using EVP_PKEY_derive with a KDF set, a negative error from ECDH_compute_key is silently ignored and the KDF is run on duff data Corrected comments in ssl.h about SSLv23_method and friends Fixed memory leak due to incorrect freeing of DTLS reassembly bit mask Add include of ssl.h which is required by srtp.h Updates to EVP_PKEY_encrypt.pod submitted by user Bernardh via the wiki Minor changes made by Matt Caswell. Updates to X509_NAME_add_entry_by_txt.pod submitted by user Bernardh via the wiki Minor changes made by Matt Caswell. Updates to X509_NAME_get_index_by_NID.pod submitted by user Bernardh via the wiki Minor changes made by Matt Caswell Tidy up ocsp help output Remove duplicated code Remove redundant checks in ssl_cert_dup. This was causing spurious error messages when using GOST Add checks to the return value of EVP_Cipher to prevent silent encryption failure. Delete unused file Check EVP_Cipher return values for SSL2 Remove more references to dtls1_enc Fix warning in ssl2_enc Verify that we have a sensible message len and fail if not RT#3592 provides an instance where the OPENSSL_assert that this commit replaces can be hit. I was able to recreate this issue by forcing the underlying BIO to misbehave and come back with very small mtu values. This happens the second time around the while loop after we have detected that the MTU has been exceeded following the call to dtls1_write_bytes. The SSL_OP_NO_QUERY_MTU option is supposed to stop the mtu from being automatically updated, and we should use the one provided instead. Unfortunately there are a couple of locations where this is not respected. The first call to query the mtu in dtls1_do_write correctly checks that the mtu that we have received is not less than the minimum. If its less it uses the minimum instead. The second call to query the mtu does not do that, but instead uses whatever comes back. We have seen an instance in RT#3592 where we have got an unreasonably small mtu come back. This commit makes both query checks consistent. There are a number of instances throughout the code where the constant 28 is used with no explanation. Some of this was introduced as part of RT#1929. The value 28 is the length of the IP header (20 bytes) plus the UDP header (8 bytes). However use of this constant is incorrect because there may be instances where a different value is needed, e.g. an IPv4 header is 20 bytes but an IPv6 header is 40. Similarly you may not be using UDP (e.g. SCTP). This commit introduces a new BIO_CTRL that provides the value to be used for this mtu "overhead". It will be used by subsequent commits. Remove instances in libssl of the constant 28 (for size of IPv4 header + UDP) and instead use the value provided by the underlying BIO. Also provide some new DTLS_CTRLs so that the library user can set the mtu without needing to know this constant. These new DTLS_CTRLs provide the capability to set the link level mtu to be used (i.e. including this IP/UDP overhead). The previous DTLS_CTRLs required the library user to subtract this overhead first. Fix dtls_query_mtu so that it will always either complete with an mtu that is at least the minimum or it will fail. There were some instances in dtls1_query_mtu where the final mtu can end up being less than the minimum, i.e. where the user has set an mtu manually. This shouldn't be allowed. Also remove dtls1_guess_mtu that, despite having logic for guessing an mtu, was actually only ever used to work out the minimum mtu to use. If we really get a situation where the underlying mtu is less than the minimum we will support then dtls1_do_write can go into an infinite loop. This commit fixes that. Updates to s_client and s_server to remove the constant 28 (for IPv4 header and UDP header) when setting an mtu. This constant is not always correct (e.g. if using IPv6). Use the new DTLS_CTRL functions instead. Only use the fallback mtu after 2 unsuccessful retransmissions if it is less than the mtu we are already using Remove "#if 0" code Remove incorrect code inadvertently introduced through commit 59669b6ab. Fix memory leak in SSL_new if errors occur. Fixed memory leak in the event of a failure of BUF_MEM_grow Fixed memory leak if BUF_MEM_grow fails Fix memory leak in s2_srvr.c if BUF_MEM_grow fails DTLS fixes for signed/unsigned issues Remove extraneous white space, and add some braces Add OPENSSL_NO_ECDH guards Add more meaningful OPENSSL_NO_ECDH error message for suite b mode The dtls1_output_cert_chain function no longer exists so remove it from ssl_locl.h Fix a problem if CFLAGS is too long cversion.c fails to compile when config is run with --strict-warnings. Additional fix required for no-srtp to work Remove blank line from start of cflags character array in buildinf.h Follow on from CVE-2014-3571. This fixes the code that was the original source of the crash due to p being NULL. Steve's fix prevents this situation from occuring - however this is by no means obvious by looking at the code for dtls1_get_record. This fix just makes things look a bit more sane. A memory leak can occur in dtls1_buffer_record if either of the calls to ssl3_setup_buffers or pqueue_insert fail. The former will fail if there is a malloc failure, whilst the latter will fail if attempting to add a duplicate record to the queue. This should never happen because duplicate records should be detected and dropped before any attempt to add them to the queue. Unfortunately records that arrive that are for the next epoch are not being recorded correctly, and therefore replays are not being detected. Additionally, these "should not happen" failures that can occur in dtls1_buffer_record are not being treated as fatal and therefore an attacker could exploit this by sending repeated replay records for the next epoch, eventually causing a DoS through memory exhaustion. Fix build failure on Windows due to undefined cflags identifier Update .gitignore with windows files to be excluded from git Further windows specific .gitignore entries Avoid deprecation problems in Visual Studio 13 Fix warning where BIO_FLAGS_UPLINK was being redefined. This warning breaks the build in 1.0.0 and 0.9.8 Make output from openssl version -f consistent with previous versions Michael Tuexen (1): Fix incorrect OPENSSL_assert() usage. Michal Bozon (1): Correct timestamp output when clock_precision_digits > 0 Piotr Sikora (1): Fix building with no-srtp Rich Salz (4): RT2309: Fix podpage MMNNFFPPS->MNNFFPPS RT3462: Document actions when data==NULL RT2914: NULL check missing in X509_name_canon Allow multiple IDN xn-- indicators Richard Levitte (13): Correct some layout issues, convert all remaining tabs to appropriate amounts of spaces. [PR3597] Advance to the next state variant when reusing messages. Check for FindNextFile when defining it rather than FindFirstFile s_client and s_server take -verify_{host,email,ip}, not -check* Clear warnings/errors within BN_CTX_DEBUG code sections Clear warnings/errors within CIPHER_DEBUG code sections Clear warnings/errors within CIPHER_DEBUG code sections Clear warnings/errors within KSSL_DEBUG code sections Clear warnings/errors within TLS_DEBUG code sections Clear warnings/errors within RL_DEBUG code sections (RL_DEBUG should be renamed) Small typo VMS fixups for 1.0.2 Define CFLAGS as cflags on VMS as well Russell Coker (1): Fix datarace reported by valgrind/helgrind Samuel Neves (1): Use only unsigned arithmetic in constant-time operations Thorsten Glaser (1): Document openssl dgst -hmac option Tim Hudson (1): no-ssl2 with no-ssl3 does not mean drop the ssl lib ----------------------------------------------------------------------- From matt at openssl.org Mon Feb 9 13:33:34 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 9 Feb 2015 14:33:34 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-post-reformat create Message-ID: <20150209133334.6F3571DF1AB@butler.localdomain> The annotated tag OpenSSL_1_0_1-post-reformat has been created at d5de757dfd569cb6c99253cf4172ed118862c486 (tag) tagging cda8845ded7c0739c9142283ed4c449130b1b546 (commit) replaces OpenSSL_1_0_1-post-auto-reformat tagged by Matt Caswell on Mon Feb 9 13:30:34 2015 +0000 - Log ----------------------------------------------------------------- Post reformat of OpenSSL_1_0_1 Reviewed-by: Richard Levitte Matt Caswell (1): Re-align some comments after running the reformat script. This should be a one off operation (subsequent invokation of the script should not move them) ----------------------------------------------------------------------- From matt at openssl.org Mon Feb 9 13:33:34 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 9 Feb 2015 14:33:34 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-post-auto-reformat create Message-ID: <20150209133334.797481E0360@butler.localdomain> The annotated tag OpenSSL_1_0_1-post-auto-reformat has been created at 614fd42311baad9ec41d7440b1ff18c0b130cc0e (tag) tagging 47050853f13b07f91b5b4a058dcb188621296f21 (commit) replaces OpenSSL_1_0_1-pre-auto-reformat tagged by Matt Caswell on Mon Feb 9 13:31:28 2015 +0000 - Log ----------------------------------------------------------------- Post run of automated reformating script on OpenSSL_1_0_1 Reviewed-by: Richard Levitte Matt Caswell (2): Run util/openssl-format-source -v -c . Rerun util/openssl-format-source -v -c . ----------------------------------------------------------------------- From matt at openssl.org Mon Feb 9 13:33:34 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 9 Feb 2015 14:33:34 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-pre-reformat create Message-ID: <20150209133334.A72F11E0362@butler.localdomain> The annotated tag OpenSSL_1_0_1-pre-reformat has been created at f12958ee75eb1362556cfd193df003b4414b2754 (tag) tagging 3a9a0321638ae13957b66baae6d4955597fc128d (commit) replaces OpenSSL_1_0_1l tagged by Matt Caswell on Mon Feb 9 13:32:24 2015 +0000 - Log ----------------------------------------------------------------- Pre reformat of OpenSSL_1_0_1 Reviewed-by: Richard Levitte Matt Caswell (1): Prepare for 1.0.1m-dev ----------------------------------------------------------------------- From matt at openssl.org Mon Feb 9 13:33:34 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 9 Feb 2015 14:33:34 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-pre-auto-reformat create Message-ID: <20150209133334.9D56C1E0361@butler.localdomain> The annotated tag OpenSSL_1_0_1-pre-auto-reformat has been created at 5e6f171ca5b9083aaf2a70ccb97bca002ecabe29 (tag) tagging e498b83fed7025eeacb4dd2ad183c3f6236467b2 (commit) replaces OpenSSL_1_0_1-pre-reformat tagged by Matt Caswell on Mon Feb 9 13:31:54 2015 +0000 - Log ----------------------------------------------------------------- Pre run of automated reformating script on OpenSSL_1_0_1 Reviewed-by: Richard Levitte Andy Polyakov (16): apps/speed.c: make it indent-friendly. engines/e_ubsec.c: make it indent-friendly. bn/bn_recp.c: make it indent-friendly. bn/bntest.c: make it indent-friendly. crypto/cryptlib.c: make it indent-friendly. crypto/mem_dbg.c: make it indent-friendly. modes/cts128.c: make it indent-friendly. modes/gcm128.c: make it indent-friendly. modes/modes_lcl.h: make it indent-friendly. bn/bn_exp.c: make it indent-friendly. bn/bn_asm.c: make it indent-friendly. bn/asm/x86_64-gcc.cL make it indent-friendly. bn/bn_const.c: make it indent-friendly. modes/cfb128.c: make it indent-friendly. modes/ctr128.c: make it indent-friendly. crypto/ofb128.c: make it indent-friendly. Dr. Stephen Henson (4): Script fixes. Test option -nc Add -d debug option to save preprocessed files. Delete trailing whitespace from output. Matt Caswell (22): Further comment changes for reformat Additional comment changes for reformat of 1.0.1 Fix source where indent will not be able to cope Provide script for filtering data initialisers for structs/unions. indent just can't handle it. Fix make errors Fix logic to check for indent.pro Fix indent issue with engine.h Fix indent issue with functions using STACK_OF More indent fixes for STACK_OF indent has problems with comments that are on the right hand side of a line. Sometimes it fails to format them very well, and sometimes it corrupts them! This commit moves some particularly problematic ones. Fix strange formatting by indent Add obj_dat.h to the list of files that will not be processed by openssl-format-source Manually reformat aes_core.c Add aes_core.c to the list of files not processed by openssl-format-source Amend openssl-format-source so that it give more repeatable output Fix indent comment corruption issue Manually reformat aes_x86core.c and add it to the list of files skipped by openssl-format-source Add ecp_nistz256.c to list of files skipped by openssl-format-source Move more comments that confuse indent Tweaks for comments due to indent's inability to handle them Backport hw_ibmca.c from master due to failed merge Fix modes.h so that indent doesn't complain More tweaks for comments due indent issues Richard Levitte (3): Force the use of our indent profile Run expand before perl, to make sure things are properly aligned Make the script a little more location agnostic Tim Hudson (2): mark all block comments that need format preserving so that indent will not alter them when reformatting comments Provide source reformating script. Requires GNU indent to be available. ----------------------------------------------------------------------- From matt at openssl.org Mon Feb 9 13:38:00 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 9 Feb 2015 14:38:00 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-post-auto-reformat create Message-ID: <20150209133800.D48B21E0360@butler.localdomain> The annotated tag OpenSSL_1_0_0-post-auto-reformat has been created at 775021164244df079a561e83fa0be7ec4a1e4203 (tag) tagging 4bc991384404d05e49e3aa622c142c7b7d05ef7b (commit) replaces OpenSSL_1_0_0-pre-auto-reformat tagged by Matt Caswell on Mon Feb 9 13:36:12 2015 +0000 - Log ----------------------------------------------------------------- Post run of automated reformating script on OpenSSL_1_0_0 Reviewed-by: Richard Levitte Matt Caswell (2): Run util/openssl-format-source -v -c . Rerun util/openssl-format-source -v -c . ----------------------------------------------------------------------- From matt at openssl.org Mon Feb 9 13:38:00 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 9 Feb 2015 14:38:00 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-post-reformat create Message-ID: <20150209133800.CC3091DF1AB@butler.localdomain> The annotated tag OpenSSL_1_0_0-post-reformat has been created at 4d4af8b7a0f02b9f31fde7c9be0dbbc175459c68 (tag) tagging 3d7a9aca8c400683d2fb7eca799fa547f70e4832 (commit) replaces OpenSSL_1_0_0-post-auto-reformat tagged by Matt Caswell on Mon Feb 9 13:34:34 2015 +0000 - Log ----------------------------------------------------------------- Post reformat of OpenSSL_1_0_0 Reviewed-by: Richard Levitte Matt Caswell (1): Re-align some comments after running the reformat script. This should be a one off operation (subsequent invokation of the script should not move them) ----------------------------------------------------------------------- From matt at openssl.org Mon Feb 9 13:38:00 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 9 Feb 2015 14:38:00 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-pre-reformat create Message-ID: <20150209133800.EC4891E0362@butler.localdomain> The annotated tag OpenSSL_1_0_0-pre-reformat has been created at a0714275f2618e0df717fc29bd9657e46dd8f702 (tag) tagging 569c68744ab18ff48074a683a57962d959fcb13c (commit) replaces OpenSSL_1_0_0q tagged by Matt Caswell on Mon Feb 9 13:37:17 2015 +0000 - Log ----------------------------------------------------------------- Pre reformat of OpenSSL_1_0_0 Reviewed-by: Richard Levitte Matt Caswell (1): Prepare for 1.0.0r-dev ----------------------------------------------------------------------- From matt at openssl.org Mon Feb 9 13:38:00 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 9 Feb 2015 14:38:00 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-pre-auto-reformat create Message-ID: <20150209133800.E4F251E0361@butler.localdomain> The annotated tag OpenSSL_1_0_0-pre-auto-reformat has been created at c980ebae0d279d02dadb12e1a8686e52ea2da151 (tag) tagging e3db68b766609ad5a3d1ab1fbf68d9286e6cf8b3 (commit) replaces OpenSSL_1_0_0-pre-reformat tagged by Matt Caswell on Mon Feb 9 13:36:42 2015 +0000 - Log ----------------------------------------------------------------- Pre run of automated reformating script on OpenSSL_1_0_0 Reviewed-by: Richard Levitte Andy Polyakov (14): apps/speed.c: make it indent-friendly. engines/e_ubsec.c: make it indent-friendly. bn/bn_recp.c: make it indent-friendly. bn/bntest.c: make it indent-friendly. crypto/cryptlib.c: make it indent-friendly. crypto/mem_dbg.c: make it indent-friendly. modes/cts128.c: make it indent-friendly. bn/bn_exp.c: make it indent-friendly. bn/bn_asm.c: make it indent-friendly. bn/asm/x86_64-gcc.cL make it indent-friendly. bn/bn_const.c: make it indent-friendly. modes/cfb128.c: make it indent-friendly. modes/ctr128.c: make it indent-friendly. crypto/ofb128.c: make it indent-friendly. Dr. Stephen Henson (4): Script fixes. Test option -nc Add -d debug option to save preprocessed files. Delete trailing whitespace from output. Matt Caswell (23): Further comment amendments to preserve formatting prior to source reformat Additional comment changes for reformat of 1.0.0 Fix source where indent will not be able to cope Provide script for filtering data initialisers for structs/unions. indent just can't handle it. Fix make errors Fix logic to check for indent.pro Fix indent issue with engine.h Fix indent issue with functions using STACK_OF More indent fixes for STACK_OF indent has problems with comments that are on the right hand side of a line. Sometimes it fails to format them very well, and sometimes it corrupts them! This commit moves some particularly problematic ones. Fix strange formatting by indent Add obj_dat.h to the list of files that will not be processed by openssl-format-source Manually reformat aes_core.c Add aes_core.c to the list of files not processed by openssl-format-source Amend openssl-format-source so that it give more repeatable output Fix indent comment corruption issue Manually reformat aes_x86core.c and add it to the list of files skipped by openssl-format-source Add ecp_nistz256.c to list of files skipped by openssl-format-source Move more comments that confuse indent Tweaks for comments due to indent's inability to handle them Backport hw_ibmca.c from master due to failed merge Fix modes.h so that indent doesn't complain More tweaks for comments due indent issues Yet more changes to comments Richard Levitte (3): Force the use of our indent profile Run expand before perl, to make sure things are properly aligned Make the script a little more location agnostic Tim Hudson (2): mark all block comments that need format preserving so that indent will not alter them when reformatting comments Provide source reformating script. Requires GNU indent to be available. ----------------------------------------------------------------------- From matt at openssl.org Mon Feb 9 13:42:07 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 9 Feb 2015 14:42:07 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-post-reformat create Message-ID: <20150209134208.4435F1DF1AB@butler.localdomain> The annotated tag OpenSSL_0_9_8-post-reformat has been created at 157c7c73f853a773833d72dbe6ac3ca7e193c48d (tag) tagging 02f0c26cea09e4ea847fba303a856b9475382ba5 (commit) replaces OpenSSL_0_9_8-post-auto-reformat tagged by Matt Caswell on Mon Feb 9 13:39:45 2015 +0000 - Log ----------------------------------------------------------------- Post reformat of OpenSSL_0_9_8 Reviewed-by: Richard Levitte Matt Caswell (1): Re-align some comments after running the reformat script. This should be a one off operation (subsequent invokation of the script should not move them) ----------------------------------------------------------------------- From matt at openssl.org Mon Feb 9 13:42:08 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 9 Feb 2015 14:42:08 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-pre-auto-reformat create Message-ID: <20150209134208.625DA1E0361@butler.localdomain> The annotated tag OpenSSL_0_9_8-pre-auto-reformat has been created at 096a6bc15694ee72968f26254ef26a44a6eb3c1e (tag) tagging 9d03aabea3ead1fe6a194297ddffd4a87f89b93c (commit) replaces OpenSSL_0_9_8-pre-reformat tagged by Matt Caswell on Mon Feb 9 13:40:50 2015 +0000 - Log ----------------------------------------------------------------- Pre run of automated reformating script on OpenSSL_0_9_8 Reviewed-by: Richard Levitte Andy Polyakov (10): apps/speed.c: make it indent-friendly. engines/e_ubsec.c: make it indent-friendly. bn/bn_recp.c: make it indent-friendly. bn/bntest.c: make it indent-friendly. crypto/cryptlib.c: make it indent-friendly. crypto/mem_dbg.c: make it indent-friendly. bn/bn_exp.c: make it indent-friendly. bn/bn_asm.c: make it indent-friendly. bn/asm/x86_64-gcc.cL make it indent-friendly. bn/bn_const.c: make it indent-friendly. Dr. Stephen Henson (4): Script fixes. Test option -nc Add -d debug option to save preprocessed files. Delete trailing whitespace from output. Matt Caswell (22): Further comment amendments to preserve formatting prior to source reformat Additional comment changes for reformat of 0.9.8 Fix source where indent will not be able to cope Provide script for filtering data initialisers for structs/unions. indent just can't handle it. Fix make errors Fix logic to check for indent.pro Fix indent issue with engine.h More indent fixes for STACK_OF indent has problems with comments that are on the right hand side of a line. Sometimes it fails to format them very well, and sometimes it corrupts them! This commit moves some particularly problematic ones. Fix strange formatting by indent Add obj_dat.h to the list of files that will not be processed by openssl-format-source Manually reformat aes_core.c Add aes_core.c to the list of files not processed by openssl-format-source Amend openssl-format-source so that it give more repeatable output Fix indent comment corruption issue Manually reformat aes_x86core.c and add it to the list of files skipped by openssl-format-source Add ecp_nistz256.c to list of files skipped by openssl-format-source Move more comments that confuse indent Tweaks for comments due to indent's inability to handle them Backport hw_ibmca.c from master due to failed merge More tweaks for comments due indent issues Yet more changes to comments More comment changes required for indent Richard Levitte (3): Force the use of our indent profile Run expand before perl, to make sure things are properly aligned Make the script a little more location agnostic Tim Hudson (2): mark all block comments that need format preserving so that indent will not alter them when reformatting comments Provide source reformating script. Requires GNU indent to be available. ----------------------------------------------------------------------- From matt at openssl.org Mon Feb 9 13:42:08 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 9 Feb 2015 14:42:08 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-post-auto-reformat create Message-ID: <20150209134208.5C1381E0360@butler.localdomain> The annotated tag OpenSSL_0_9_8-post-auto-reformat has been created at 75825ee7edda525fc9e3f6f3b2816bd8ba094d61 (tag) tagging 6f1f3c665331d73c4ec08d653d100fa52c44cd60 (commit) replaces OpenSSL_0_9_8-pre-auto-reformat tagged by Matt Caswell on Mon Feb 9 13:40:17 2015 +0000 - Log ----------------------------------------------------------------- Post run of automated reformating script on OpenSSL_0_9_8 Reviewed-by: Richard Levitte Matt Caswell (2): Run util/openssl-format-source -v -c . Rerun util/openssl-format-source -v -c . ----------------------------------------------------------------------- From matt at openssl.org Mon Feb 9 13:42:08 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 9 Feb 2015 14:42:08 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-pre-reformat create Message-ID: <20150209134208.6F7D51E0362@butler.localdomain> The annotated tag OpenSSL_0_9_8-pre-reformat has been created at 109031518137daa5557ebe31e663ee8d935c2c27 (tag) tagging ba442a7e1ba96d0b189bc627a2a750c928a42d13 (commit) replaces OpenSSL_0_9_8ze tagged by Matt Caswell on Mon Feb 9 13:41:23 2015 +0000 - Log ----------------------------------------------------------------- Pre reformat of OpenSSL_0_9_8 Reviewed-by: Richard Levitte Matt Caswell (1): Prepare for 0.9.8zf-dev ----------------------------------------------------------------------- From appro at openssl.org Mon Feb 9 14:55:44 2015 From: appro at openssl.org (Andy Polyakov) Date: Mon, 9 Feb 2015 15:55:44 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150209145544.41ABE1DF1AB@butler.localdomain> The branch master has been updated via c2cfc956e5ef2de480cded493b88926c7f29be18 (commit) from 9c7a780bbebc1b6d87dc38a6aa3339033911a8bb (commit) - Log ----------------------------------------------------------------- commit c2cfc956e5ef2de480cded493b88926c7f29be18 Author: Andy Polyakov Date: Mon Feb 9 15:54:58 2015 +0100 bn/bn_add.c: fix dead code elimination that went bad. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_add.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/bn/bn_add.c b/crypto/bn/bn_add.c index e09451d..57e1cda 100644 --- a/crypto/bn/bn_add.c +++ b/crypto/bn/bn_add.c @@ -222,7 +222,7 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) break; } } - memcpy(rp, ap, sizeof(*rp) * (max - i)); + memcpy(rp, ap, sizeof(*rp) * dif); r->top = max; r->neg = 0; From appro at openssl.org Mon Feb 9 14:59:30 2015 From: appro at openssl.org (Andy Polyakov) Date: Mon, 9 Feb 2015 15:59:30 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150209145930.8303C1DF1AB@butler.localdomain> The branch master has been updated via 849037169d98d070c27d094ac341fc6aca1ed2ca (commit) from c2cfc956e5ef2de480cded493b88926c7f29be18 (commit) - Log ----------------------------------------------------------------- commit 849037169d98d070c27d094ac341fc6aca1ed2ca Author: Andy Polyakov Date: Mon Feb 9 15:59:09 2015 +0100 Bring objects.pl output even closer to new format. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/objects/objects.pl | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/crypto/objects/objects.pl b/crypto/objects/objects.pl index a653985..d0ed459 100644 --- a/crypto/objects/objects.pl +++ b/crypto/objects/objects.pl @@ -187,7 +187,6 @@ print OUT <<'EOF'; #define LN_undef "undefined" #define NID_undef 0 #define OBJ_undef 0L - EOF sub expand @@ -202,11 +201,11 @@ sub expand foreach (sort { $a <=> $b } keys %ordern) { $Cname=$ordern{$_}; + print OUT "\n"; print OUT expand("#define SN_$Cname\t\t\"$sn{$Cname}\"\n") if $sn{$Cname} ne ""; print OUT expand("#define LN_$Cname\t\t\"$ln{$Cname}\"\n") if $ln{$Cname} ne ""; print OUT expand("#define NID_$Cname\t\t$nid{$Cname}\n") if $nid{$Cname} ne ""; print OUT expand("#define OBJ_$Cname\t\t$obj{$Cname}\n") if $obj{$Cname} ne ""; - print OUT "\n"; } close OUT; From appro at openssl.org Mon Feb 9 15:08:58 2015 From: appro at openssl.org (Andy Polyakov) Date: Mon, 9 Feb 2015 16:08:58 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <20150209150858.CF5401E0360@butler.localdomain> The branch OpenSSL_1_0_0-stable has been updated via 0e5e7af95584281548841cc8f3da5298a84eb5f9 (commit) from 2487d7710459c428a6cfc9aff00a0544125a9efe (commit) - Log ----------------------------------------------------------------- commit 0e5e7af95584281548841cc8f3da5298a84eb5f9 Author: Andy Polyakov Date: Mon Feb 9 15:59:09 2015 +0100 Bring objects.pl output even closer to new format. Reviewed-by: Matt Caswell (cherry picked from commit 849037169d98d070c27d094ac341fc6aca1ed2ca) ----------------------------------------------------------------------- Summary of changes: crypto/objects/objects.pl | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/crypto/objects/objects.pl b/crypto/objects/objects.pl index a653985..d0ed459 100644 --- a/crypto/objects/objects.pl +++ b/crypto/objects/objects.pl @@ -187,7 +187,6 @@ print OUT <<'EOF'; #define LN_undef "undefined" #define NID_undef 0 #define OBJ_undef 0L - EOF sub expand @@ -202,11 +201,11 @@ sub expand foreach (sort { $a <=> $b } keys %ordern) { $Cname=$ordern{$_}; + print OUT "\n"; print OUT expand("#define SN_$Cname\t\t\"$sn{$Cname}\"\n") if $sn{$Cname} ne ""; print OUT expand("#define LN_$Cname\t\t\"$ln{$Cname}\"\n") if $ln{$Cname} ne ""; print OUT expand("#define NID_$Cname\t\t$nid{$Cname}\n") if $nid{$Cname} ne ""; print OUT expand("#define OBJ_$Cname\t\t$obj{$Cname}\n") if $obj{$Cname} ne ""; - print OUT "\n"; } close OUT; From appro at openssl.org Mon Feb 9 15:08:58 2015 From: appro at openssl.org (Andy Polyakov) Date: Mon, 9 Feb 2015 16:08:58 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <20150209150858.E4DD71E0361@butler.localdomain> The branch OpenSSL_1_0_1-stable has been updated via e48e86232e20cb3352e83c36555f1ab748605ee5 (commit) from 66aacf387224e8977d8214437939227d7e0c91d8 (commit) - Log ----------------------------------------------------------------- commit e48e86232e20cb3352e83c36555f1ab748605ee5 Author: Andy Polyakov Date: Mon Feb 9 15:59:09 2015 +0100 Bring objects.pl output even closer to new format. Reviewed-by: Matt Caswell (cherry picked from commit 849037169d98d070c27d094ac341fc6aca1ed2ca) ----------------------------------------------------------------------- Summary of changes: crypto/objects/objects.pl | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/crypto/objects/objects.pl b/crypto/objects/objects.pl index a653985..d0ed459 100644 --- a/crypto/objects/objects.pl +++ b/crypto/objects/objects.pl @@ -187,7 +187,6 @@ print OUT <<'EOF'; #define LN_undef "undefined" #define NID_undef 0 #define OBJ_undef 0L - EOF sub expand @@ -202,11 +201,11 @@ sub expand foreach (sort { $a <=> $b } keys %ordern) { $Cname=$ordern{$_}; + print OUT "\n"; print OUT expand("#define SN_$Cname\t\t\"$sn{$Cname}\"\n") if $sn{$Cname} ne ""; print OUT expand("#define LN_$Cname\t\t\"$ln{$Cname}\"\n") if $ln{$Cname} ne ""; print OUT expand("#define NID_$Cname\t\t$nid{$Cname}\n") if $nid{$Cname} ne ""; print OUT expand("#define OBJ_$Cname\t\t$obj{$Cname}\n") if $obj{$Cname} ne ""; - print OUT "\n"; } close OUT; From appro at openssl.org Mon Feb 9 15:08:58 2015 From: appro at openssl.org (Andy Polyakov) Date: Mon, 9 Feb 2015 16:08:58 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <20150209150858.C4AAB1DF1AB@butler.localdomain> The branch OpenSSL_0_9_8-stable has been updated via 6d4655c27e4bc582836ae37accdb82833d6ddd00 (commit) from 9eca2cbc1617015cec2318d732098208889d9929 (commit) - Log ----------------------------------------------------------------- commit 6d4655c27e4bc582836ae37accdb82833d6ddd00 Author: Andy Polyakov Date: Mon Feb 9 15:59:09 2015 +0100 Bring objects.pl output even closer to new format. Reviewed-by: Matt Caswell (cherry picked from commit 849037169d98d070c27d094ac341fc6aca1ed2ca) ----------------------------------------------------------------------- Summary of changes: crypto/objects/objects.pl | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/crypto/objects/objects.pl b/crypto/objects/objects.pl index 719b5cd..e2fbd15 100644 --- a/crypto/objects/objects.pl +++ b/crypto/objects/objects.pl @@ -184,7 +184,6 @@ print OUT <<'EOF'; #define LN_undef "undefined" #define NID_undef 0 #define OBJ_undef 0L - EOF sub expand @@ -199,11 +198,11 @@ sub expand foreach (sort { $a <=> $b } keys %ordern) { $Cname=$ordern{$_}; + print OUT "\n"; print OUT expand("#define SN_$Cname\t\t\"$sn{$Cname}\"\n") if $sn{$Cname} ne ""; print OUT expand("#define LN_$Cname\t\t\"$ln{$Cname}\"\n") if $ln{$Cname} ne ""; print OUT expand("#define NID_$Cname\t\t$nid{$Cname}\n") if $nid{$Cname} ne ""; print OUT expand("#define OBJ_$Cname\t\t$obj{$Cname}\n") if $obj{$Cname} ne ""; - print OUT "\n"; } close OUT; From appro at openssl.org Mon Feb 9 15:08:58 2015 From: appro at openssl.org (Andy Polyakov) Date: Mon, 9 Feb 2015 16:08:58 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150209150858.F387F1E0362@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via cb43fd046716466e1c6cb0655563ebd74aaa1dac (commit) from ba25221226f0c9b033d8ff8a2a2bde8b359c6426 (commit) - Log ----------------------------------------------------------------- commit cb43fd046716466e1c6cb0655563ebd74aaa1dac Author: Andy Polyakov Date: Mon Feb 9 15:59:09 2015 +0100 Bring objects.pl output even closer to new format. Reviewed-by: Matt Caswell (cherry picked from commit 849037169d98d070c27d094ac341fc6aca1ed2ca) ----------------------------------------------------------------------- Summary of changes: crypto/objects/objects.pl | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/crypto/objects/objects.pl b/crypto/objects/objects.pl index a653985..d0ed459 100644 --- a/crypto/objects/objects.pl +++ b/crypto/objects/objects.pl @@ -187,7 +187,6 @@ print OUT <<'EOF'; #define LN_undef "undefined" #define NID_undef 0 #define OBJ_undef 0L - EOF sub expand @@ -202,11 +201,11 @@ sub expand foreach (sort { $a <=> $b } keys %ordern) { $Cname=$ordern{$_}; + print OUT "\n"; print OUT expand("#define SN_$Cname\t\t\"$sn{$Cname}\"\n") if $sn{$Cname} ne ""; print OUT expand("#define LN_$Cname\t\t\"$ln{$Cname}\"\n") if $ln{$Cname} ne ""; print OUT expand("#define NID_$Cname\t\t$nid{$Cname}\n") if $nid{$Cname} ne ""; print OUT expand("#define OBJ_$Cname\t\t$obj{$Cname}\n") if $obj{$Cname} ne ""; - print OUT "\n"; } close OUT; From steve at openssl.org Mon Feb 9 16:19:54 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 9 Feb 2015 17:19:54 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150209161954.985141DF1AB@butler.localdomain> The branch master has been updated via d6c5462ef84356446ed133f6d28d34a5c7168bf4 (commit) from 849037169d98d070c27d094ac341fc6aca1ed2ca (commit) - Log ----------------------------------------------------------------- commit d6c5462ef84356446ed133f6d28d34a5c7168bf4 Author: Dr. Stephen Henson Date: Fri Feb 6 12:08:45 2015 +0000 Support for alternative KDFs. Don't hard code NID_id_pbkdf2 in PBES2: look it up in PBE table. Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: crypto/evp/evp.h | 2 ++ crypto/evp/evp_pbe.c | 1 + crypto/evp/p5_crpt2.c | 8 ++++---- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index ff6665d..f12e866 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -1073,6 +1073,8 @@ int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, # define EVP_PBE_TYPE_OUTER 0x0 /* Is an PRF type OID */ # define EVP_PBE_TYPE_PRF 0x1 +/* Is a PKCS#5 v2.0 KDF */ +# define EVP_PBE_TYPE_KDF 0x2 int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, int md_nid, EVP_PBE_KEYGEN *keygen); diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c index 3534652..7db9511 100644 --- a/crypto/evp/evp_pbe.c +++ b/crypto/evp/evp_pbe.c @@ -118,6 +118,7 @@ static const EVP_PBE_CTL builtin_pbe[] = { {EVP_PBE_TYPE_PRF, NID_hmacWithSHA384, -1, NID_sha384, 0}, {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512, -1, NID_sha512, 0}, {EVP_PBE_TYPE_PRF, NID_id_HMACGostR3411_94, -1, NID_id_GostR3411_94, 0}, + {EVP_PBE_TYPE_KDF, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen} }; #ifdef TEST diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index 6c458e9..27e3fa5 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -194,6 +194,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, int plen; PBE2PARAM *pbe2 = NULL; const EVP_CIPHER *cipher; + EVP_PBE_KEYGEN *kdf; int rv = 0; @@ -211,8 +212,8 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, } /* See if we recognise the key derivation function */ - - if (OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) { + if (!EVP_PBE_find(EVP_PBE_TYPE_KDF, OBJ_obj2nid(pbe2->keyfunc->algorithm), + NULL, NULL, &kdf)) { EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION); goto err; @@ -236,8 +237,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_CIPHER_PARAMETER_ERROR); goto err; } - rv = PKCS5_v2_PBKDF2_keyivgen(ctx, pass, passlen, - pbe2->keyfunc->parameter, c, md, en_de); + rv = kdf(ctx, pass, passlen, pbe2->keyfunc->parameter, NULL, NULL, en_de); err: PBE2PARAM_free(pbe2); return rv; From appro at openssl.org Mon Feb 9 22:21:42 2015 From: appro at openssl.org (Andy Polyakov) Date: Mon, 9 Feb 2015 23:21:42 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150209222142.C1C1E1DF1AB@butler.localdomain> The branch master has been updated via 79ee5afa26da1f2e3d16376d20b273cc759b0c1b (commit) via aa9db2d292f81769f0f48b1740a6b3a36b1c31af (commit) from d6c5462ef84356446ed133f6d28d34a5c7168bf4 (commit) - Log ----------------------------------------------------------------- commit 79ee5afa26da1f2e3d16376d20b273cc759b0c1b Author: Andy Polyakov Date: Mon Feb 9 23:21:11 2015 +0100 Engage ecp_nistz256-x86 module. Reviewed-by: Emilia K?sper commit aa9db2d292f81769f0f48b1740a6b3a36b1c31af Author: Andy Polyakov Date: Mon Feb 9 23:19:16 2015 +0100 Add ec/asm/ecp_nistz256-x86.pl module. Reviewed-by: Emilia K?sper ----------------------------------------------------------------------- Summary of changes: Configure | 2 +- TABLE | 60 +- crypto/ec/Makefile | 3 + crypto/ec/asm/ecp_nistz256-x86.pl | 1823 +++++++++++++++++++++++++++++++++++++ 4 files changed, 1857 insertions(+), 31 deletions(-) create mode 100755 crypto/ec/asm/ecp_nistz256-x86.pl diff --git a/Configure b/Configure index 5fb5f13..f6dd38e 100755 --- a/Configure +++ b/Configure @@ -128,7 +128,7 @@ my $tlib="-lnsl -lsocket"; my $bits1="THIRTY_TWO_BIT "; my $bits2="SIXTY_FOUR_BIT "; -my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o x86-gf2m.o::des-586.o crypt586.o:aes-586.o vpaes-x86.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o:ghash-x86.o:e_padlock-x86.o"; +my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o x86-gf2m.o:ecp_nistz256.o ecp_nistz256-x86.o:des-586.o crypt586.o:aes-586.o vpaes-x86.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o:ghash-x86.o:e_padlock-x86.o"; my $x86_elf_asm="$x86_asm:elf"; diff --git a/TABLE b/TABLE index 6235666..7193a5a 100644 --- a/TABLE +++ b/TABLE @@ -248,7 +248,7 @@ $lflags = $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = +$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o $des_obj = des-586.o crypt586.o $aes_obj = aes-586.o vpaes-x86.o aesni-x86.o $bf_obj = bf-586.o @@ -282,7 +282,7 @@ $lflags = $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = +$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o $des_obj = des-586.o crypt586.o $aes_obj = aes-586.o vpaes-x86.o aesni-x86.o $bf_obj = bf-586.o @@ -350,7 +350,7 @@ $lflags = $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = +$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o $des_obj = des-586.o crypt586.o $aes_obj = aes-586.o vpaes-x86.o aesni-x86.o $bf_obj = bf-586.o @@ -418,7 +418,7 @@ $lflags = -L/dev/env/WATT_ROOT/lib -lwatt $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = +$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o $des_obj = des-586.o crypt586.o $aes_obj = aes-586.o vpaes-x86.o aesni-x86.o $bf_obj = bf-586.o @@ -588,7 +588,7 @@ $lflags = -lsocket $bn_ops = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = +$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o $des_obj = des-586.o crypt586.o $aes_obj = aes-586.o vpaes-x86.o aesni-x86.o $bf_obj = bf-586.o @@ -690,7 +690,7 @@ $lflags = $bn_ops = BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = +$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o $des_obj = des-586.o crypt586.o $aes_obj = aes-586.o vpaes-x86.o aesni-x86.o $bf_obj = bf-586.o @@ -1064,7 +1064,7 @@ $lflags = -ldl $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = +$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o $des_obj = des-586.o crypt586.o $aes_obj = aes-586.o vpaes-x86.o aesni-x86.o $bf_obj = bf-586.o @@ -1132,7 +1132,7 @@ $lflags = -ldl $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = +$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o $des_obj = des-586.o crypt586.o $aes_obj = aes-586.o vpaes-x86.o aesni-x86.o $bf_obj = bf-586.o @@ -1200,7 +1200,7 @@ $lflags = -Wl,-search_paths_first% $bn_ops = BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = +$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o $des_obj = des-586.o crypt586.o $aes_obj = aes-586.o vpaes-x86.o aesni-x86.o $bf_obj = bf-586.o @@ -1404,7 +1404,7 @@ $lflags = $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = +$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o $des_obj = des-586.o crypt586.o $aes_obj = aes-586.o vpaes-x86.o aesni-x86.o $bf_obj = bf-586.o @@ -1438,7 +1438,7 @@ $lflags = $bn_ops = BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = +$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o $des_obj = des-586.o crypt586.o $aes_obj = aes-586.o vpaes-x86.o aesni-x86.o $bf_obj = bf-586.o @@ -1948,7 +1948,7 @@ $lflags = -Wl,-search_paths_first% $bn_ops = BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = +$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o $des_obj = des-586.o crypt586.o $aes_obj = aes-586.o vpaes-x86.o aesni-x86.o $bf_obj = bf-586.o @@ -2152,7 +2152,7 @@ $lflags = -ldl $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = +$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o $des_obj = des-586.o crypt586.o $aes_obj = aes-586.o vpaes-x86.o aesni-x86.o $bf_obj = bf-586.o @@ -2186,7 +2186,7 @@ $lflags = -ldl $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = +$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o $des_obj = des-586.o crypt586.o $aes_obj = aes-586.o vpaes-x86.o aesni-x86.o $bf_obj = bf-586.o @@ -2288,7 +2288,7 @@ $lflags = -lefence -ldl $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = +$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o $des_obj = des-586.o crypt586.o $aes_obj = aes-586.o vpaes-x86.o aesni-x86.o $bf_obj = bf-586.o @@ -2322,7 +2322,7 @@ $lflags = -ldl $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = +$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o $des_obj = des-586.o crypt586.o $aes_obj = aes-586.o vpaes-x86.o aesni-x86.o $bf_obj = bf-586.o @@ -2458,7 +2458,7 @@ $lflags = -ldl $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = +$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o $des_obj = des-586.o crypt586.o $aes_obj = aes-586.o vpaes-x86.o aesni-x86.o $bf_obj = bf-586.o @@ -2492,7 +2492,7 @@ $lflags = -ldl $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = +$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o $des_obj = des-586.o crypt586.o $aes_obj = aes-586.o vpaes-x86.o aesni-x86.o $bf_obj = bf-586.o @@ -2560,7 +2560,7 @@ $lflags = $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = +$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o $des_obj = des-586.o crypt586.o $aes_obj = aes-586.o vpaes-x86.o aesni-x86.o $bf_obj = bf-586.o @@ -2764,7 +2764,7 @@ $lflags = -rdynamic -ldl $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = +$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o $des_obj = des-586.o crypt586.o $aes_obj = aes-586.o vpaes-x86.o aesni-x86.o $bf_obj = bf-586.o @@ -3478,7 +3478,7 @@ $lflags = -ldl $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = +$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o $des_obj = des-586.o crypt586.o $aes_obj = aes-586.o vpaes-x86.o aesni-x86.o $bf_obj = bf-586.o @@ -3954,7 +3954,7 @@ $lflags = $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = +$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o $des_obj = des-586.o crypt586.o $aes_obj = aes-586.o vpaes-x86.o aesni-x86.o $bf_obj = bf-586.o @@ -4056,7 +4056,7 @@ $lflags = -ldl $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = +$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o $des_obj = des-586.o crypt586.o $aes_obj = aes-586.o vpaes-x86.o aesni-x86.o $bf_obj = bf-586.o @@ -4158,7 +4158,7 @@ $lflags = -ldl -no_cpprt $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = +$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o $des_obj = des-586.o crypt586.o $aes_obj = aes-586.o vpaes-x86.o aesni-x86.o $bf_obj = bf-586.o @@ -4770,7 +4770,7 @@ $lflags = -lws2_32 -lgdi32 -lcrypt32 $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT EXPORT_VAR_AS_FN $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = +$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o $des_obj = des-586.o crypt586.o $aes_obj = aes-586.o vpaes-x86.o aesni-x86.o $bf_obj = bf-586.o @@ -5314,7 +5314,7 @@ $lflags = -lsocket -lnsl $bn_ops = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = +$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o $des_obj = des-586.o crypt586.o $aes_obj = aes-586.o vpaes-x86.o aesni-x86.o $bf_obj = bf-586.o @@ -5348,7 +5348,7 @@ $lflags = -lsocket -lnsl $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = +$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o $des_obj = des-586.o crypt586.o $aes_obj = aes-586.o vpaes-x86.o aesni-x86.o $bf_obj = bf-586.o @@ -5620,7 +5620,7 @@ $lflags = -lsocket -lnsl -ldl $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = +$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o $des_obj = des-586.o crypt586.o $aes_obj = aes-586.o vpaes-x86.o aesni-x86.o $bf_obj = bf-586.o @@ -6028,7 +6028,7 @@ $lflags = -lsocket -lnsl $bn_ops = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = +$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o $des_obj = des-586.o crypt586.o $aes_obj = aes-586.o vpaes-x86.o aesni-x86.o $bf_obj = bf-586.o @@ -6062,7 +6062,7 @@ $lflags = -lsocket -lnsl $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = +$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o $des_obj = des-586.o crypt586.o $aes_obj = aes-586.o vpaes-x86.o aesni-x86.o $bf_obj = bf-586.o diff --git a/crypto/ec/Makefile b/crypto/ec/Makefile index 852183a..319e003 100644 --- a/crypto/ec/Makefile +++ b/crypto/ec/Makefile @@ -48,6 +48,9 @@ lib: $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib +ecp_nistz256-x86.s: asm/ecp_nistz256-x86.pl + $(PERL) asm/ecp_nistz256-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ + ecp_nistz256-x86_64.s: asm/ecp_nistz256-x86_64.pl $(PERL) asm/ecp_nistz256-x86_64.pl $(PERLASM_SCHEME) > $@ diff --git a/crypto/ec/asm/ecp_nistz256-x86.pl b/crypto/ec/asm/ecp_nistz256-x86.pl new file mode 100755 index 0000000..0670c69 --- /dev/null +++ b/crypto/ec/asm/ecp_nistz256-x86.pl @@ -0,0 +1,1823 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# ECP_NISTZ256 module for x86/SSE2. +# +# October 2014. +# +# Original ECP_NISTZ256 submission targeting x86_64 is detailed in +# http://eprint.iacr.org/2013/816. In the process of adaptation +# original .c module was made 32-bit savvy in order to make this +# implementation possible. +# +# with/without -DECP_NISTZ256_ASM +# Pentium +66-163% +# PIII +72-172% +# P4 +65-132% +# Core2 +90-215% +# Sandy Bridge +105-265% (contemporary i[57]-* are all close to this) +# Atom +65-155% +# Opteron +54-110% +# Bulldozer +99-240% +# VIA Nano +93-290% +# +# Ranges denote minimum and maximum improvement coefficients depending +# on benchmark. Lower coefficients are for ECDSA sign, server-side +# operation. Keep in mind that +200% means 3x improvement. + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); +require "x86asm.pl"; + +&asm_init($ARGV[0],"ecp_nistz256-x86.pl",$ARGV[$#ARGV] eq "386"); + +$sse2=0; +for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } + +&external_label("OPENSSL_ia32cap_P") if ($sse2); + + +######################################################################## +# Convert ecp_nistz256_table.c to layout expected by ecp_nistz_gather_w7 +# +open TABLE,") { + s/TOBN$\s*(0x[0-9a-f]+),\s*(0x[0-9a-f]+)\s*$/push @arr,hex($2),hex($1)/geo; +} +close TABLE; + +# See ecp_nistz256_table.c for explanation for why it's 64*16*37. +# 64*16*37-1 is because $#arr returns last valid index or @arr, not +# amount of elements. +die "insane number of elements" if ($#arr != 64*16*37-1); + +&public_label("ecp_nistz256_precomputed"); +&align(4096); +&set_label("ecp_nistz256_precomputed"); + +######################################################################## +# this conversion smashes P256_POINT_AFFINE by individual bytes with +# 64 byte interval, similar to +# 1111222233334444 +# 1234123412341234 +for(1..37) { + @tbl = splice(@arr,0,64*16); + for($i=0;$i<64;$i++) { + undef @line; + for($j=0;$j<64;$j++) { + push @line,(@tbl[$j*16+$i/4]>>(($i%4)*8))&0xff; + } + &data_byte(join(',',map { sprintf "0x%02x",$_} @line)); + } +} + +######################################################################## +# Keep in mind that constants are stored least to most significant word +&static_label("RR"); +&set_label("RR",64); +&data_word(3,0,-1,-5,-2,-1,-3,4); # 2^512 mod P-256 + +&static_label("ONE_mont"); +&set_label("ONE_mont"); +&data_word(1,0,0,-1,-1,-1,-2,0); + +&static_label("ONE"); +&set_label("ONE"); +&data_word(1,0,0,0,0,0,0,0); +&asciz("ECP_NISZ256 for x86/SSE2, CRYPTOGAMS by "); +&align(64); + +######################################################################## +# void ecp_nistz256_mul_by_2(BN_ULONG edi[8],const BN_ULONG esi[8]); +&function_begin("ecp_nistz256_mul_by_2"); + &mov ("esi",&wparam(1)); + &mov ("edi",&wparam(0)); + &mov ("ebp","esi"); +######################################################################## +# common pattern for internal functions is that %edi is result pointer, +# %esi and %ebp are input ones, %ebp being optional. %edi is preserved. + &call ("_ecp_nistz256_add"); +&function_end("ecp_nistz256_mul_by_2"); + +######################################################################## +# void ecp_nistz256_mul_by_3(BN_ULONG edi[8],const BN_ULONG esi[8]); +&function_begin("ecp_nistz256_mul_by_3"); + &mov ("esi",&wparam(1)); + # multiplication by 3 is performed + # as 2*n+n, but we can't use output + # to store 2*n, because if output + # pointer equals to input, then + # we'll get 2*n+2*n. + &stack_push(8); # therefore we need to allocate + # 256-bit intermediate buffer. + &mov ("edi","esp"); + &mov ("ebp","esi"); + &call ("_ecp_nistz256_add"); + &lea ("esi",&DWP(0,"edi")); + &mov ("ebp",&wparam(1)); + &mov ("edi",&wparam(0)); + &call ("_ecp_nistz256_add"); + &stack_pop(8); +&function_end("ecp_nistz256_mul_by_3"); + +######################################################################## +# void ecp_nistz256_div_by_2(BN_ULONG edi[8],const BN_ULONG esi[8]); +&function_begin("ecp_nistz256_div_by_2"); + &mov ("esi",&wparam(1)); + &mov ("edi",&wparam(0)); + &call ("_ecp_nistz256_div_by_2"); +&function_end("ecp_nistz256_div_by_2"); + +&function_begin_B("_ecp_nistz256_div_by_2"); + # tmp = a is odd ? a+mod : a + # + # note that because mod has special form, i.e. consists of + # 0xffffffff, 1 and 0s, we can conditionally synthesize it by + # assigning least significant bit of input to one register, + # %ebp, and its negative to another, %edx. + + &mov ("ebp",&DWP(0,"esi")); + &xor ("edx","edx"); + &mov ("ebx",&DWP(4,"esi")); + &mov ("eax","ebp"); + &and ("ebp",1); + &mov ("ecx",&DWP(8,"esi")); + &sub ("edx","ebp"); + + &add ("eax","edx"); + &adc ("ebx","edx"); + &mov (&DWP(0,"edi"),"eax"); + &adc ("ecx","edx"); + &mov (&DWP(4,"edi"),"ebx"); + &mov (&DWP(8,"edi"),"ecx"); + + &mov ("eax",&DWP(12,"esi")); + &mov ("ebx",&DWP(16,"esi")); + &adc ("eax",0); + &mov ("ecx",&DWP(20,"esi")); + &adc ("ebx",0); + &mov (&DWP(12,"edi"),"eax"); + &adc ("ecx",0); + &mov (&DWP(16,"edi"),"ebx"); + &mov (&DWP(20,"edi"),"ecx"); + + &mov ("eax",&DWP(24,"esi")); + &mov ("ebx",&DWP(28,"esi")); + &adc ("eax","ebp"); + &adc ("ebx","edx"); + &mov (&DWP(24,"edi"),"eax"); + &sbb ("esi","esi"); # broadcast carry bit + &mov (&DWP(28,"edi"),"ebx"); + + # ret = tmp >> 1 + + &mov ("eax",&DWP(0,"edi")); + &mov ("ebx",&DWP(4,"edi")); + &mov ("ecx",&DWP(8,"edi")); + &mov ("edx",&DWP(12,"edi")); + + &shr ("eax",1); + &mov ("ebp","ebx"); + &shl ("ebx",31); + &or ("eax","ebx"); + + &shr ("ebp",1); + &mov ("ebx","ecx"); + &shl ("ecx",31); + &mov (&DWP(0,"edi"),"eax"); + &or ("ebp","ecx"); + &mov ("eax",&DWP(16,"edi")); + + &shr ("ebx",1); + &mov ("ecx","edx"); + &shl ("edx",31); + &mov (&DWP(4,"edi"),"ebp"); + &or ("ebx","edx"); + &mov ("ebp",&DWP(20,"edi")); + + &shr ("ecx",1); + &mov ("edx","eax"); + &shl ("eax",31); + &mov (&DWP(8,"edi"),"ebx"); + &or ("ecx","eax"); + &mov ("ebx",&DWP(24,"edi")); + + &shr ("edx",1); + &mov ("eax","ebp"); + &shl ("ebp",31); + &mov (&DWP(12,"edi"),"ecx"); + &or ("edx","ebp"); + &mov ("ecx",&DWP(28,"edi")); + + &shr ("eax",1); + &mov ("ebp","ebx"); + &shl ("ebx",31); + &mov (&DWP(16,"edi"),"edx"); + &or ("eax","ebx"); + + &shr ("ebp",1); + &mov ("ebx","ecx"); + &shl ("ecx",31); + &mov (&DWP(20,"edi"),"eax"); + &or ("ebp","ecx"); + + &shr ("ebx",1); + &shl ("esi",31); + &mov (&DWP(24,"edi"),"ebp"); + &or ("ebx","esi"); # handle top-most carry bit + &mov (&DWP(28,"edi"),"ebx"); + + &ret (); +&function_end_B("_ecp_nistz256_div_by_2"); + +######################################################################## +# void ecp_nistz256_add(BN_ULONG edi[8],const BN_ULONG esi[8], +# const BN_ULONG ebp[8]); +&function_begin("ecp_nistz256_add"); + &mov ("esi",&wparam(1)); + &mov ("ebp",&wparam(2)); + &mov ("edi",&wparam(0)); + &call ("_ecp_nistz256_add"); +&function_end("ecp_nistz256_add"); + +&function_begin_B("_ecp_nistz256_add"); + &mov ("eax",&DWP(0,"esi")); + &mov ("ebx",&DWP(4,"esi")); + &mov ("ecx",&DWP(8,"esi")); + &add ("eax",&DWP(0,"ebp")); + &mov ("edx",&DWP(12,"esi")); + &adc ("ebx",&DWP(4,"ebp")); + &mov (&DWP(0,"edi"),"eax"); + &adc ("ecx",&DWP(8,"ebp")); + &mov (&DWP(4,"edi"),"ebx"); + &adc ("edx",&DWP(12,"ebp")); + &mov (&DWP(8,"edi"),"ecx"); + &mov (&DWP(12,"edi"),"edx"); + + &mov ("eax",&DWP(16,"esi")); + &mov ("ebx",&DWP(20,"esi")); + &mov ("ecx",&DWP(24,"esi")); + &adc ("eax",&DWP(16,"ebp")); + &mov ("edx",&DWP(28,"esi")); + &adc ("ebx",&DWP(20,"ebp")); + &mov (&DWP(16,"edi"),"eax"); + &adc ("ecx",&DWP(24,"ebp")); + &mov (&DWP(20,"edi"),"ebx"); + &adc ("edx",&DWP(28,"ebp")); + &mov (&DWP(24,"edi"),"ecx"); + &sbb ("esi","esi"); # broadcast carry bit + &mov (&DWP(28,"edi"),"edx"); + + # if a+b carries, subtract modulus. + # + # Note that because mod has special form, i.e. consists of + # 0xffffffff, 1 and 0s, we can conditionally synthesize it by + # assigning carry bit to one register, %ebp, and its negative + # to another, %esi. But we started by calculating %esi... + + &mov ("eax",&DWP(0,"edi")); + &mov ("ebp","esi"); + &mov ("ebx",&DWP(4,"edi")); + &shr ("ebp",31); + &mov ("ecx",&DWP(8,"edi")); + &sub ("eax","esi"); + &mov ("edx",&DWP(12,"edi")); + &sbb ("ebx","esi"); + &mov (&DWP(0,"edi"),"eax"); + &sbb ("ecx","esi"); + &mov (&DWP(4,"edi"),"ebx"); + &sbb ("edx",0); + &mov (&DWP(8,"edi"),"ecx"); + &mov (&DWP(12,"edi"),"edx"); + + &mov ("eax",&DWP(16,"edi")); + &mov ("ebx",&DWP(20,"edi")); + &mov ("ecx",&DWP(24,"edi")); + &sbb ("eax",0); + &mov ("edx",&DWP(28,"edi")); + &sbb ("ebx",0); + &mov (&DWP(16,"edi"),"eax"); + &sbb ("ecx","ebp"); + &mov (&DWP(20,"edi"),"ebx"); + &sbb ("edx","esi"); + &mov (&DWP(24,"edi"),"ecx"); + &mov (&DWP(28,"edi"),"edx"); + + &ret (); +&function_end_B("_ecp_nistz256_add"); + +######################################################################## +# void ecp_nistz256_sub(BN_ULONG edi[8],const BN_ULONG esi[8], +# const BN_ULONG ebp[8]); +&function_begin("ecp_nistz256_sub"); + &mov ("esi",&wparam(1)); + &mov ("ebp",&wparam(2)); + &mov ("edi",&wparam(0)); + &call ("_ecp_nistz256_sub"); +&function_end("ecp_nistz256_sub"); + +&function_begin_B("_ecp_nistz256_sub"); + &mov ("eax",&DWP(0,"esi")); + &mov ("ebx",&DWP(4,"esi")); + &mov ("ecx",&DWP(8,"esi")); + &sub ("eax",&DWP(0,"ebp")); + &mov ("edx",&DWP(12,"esi")); + &sbb ("ebx",&DWP(4,"ebp")); + &mov (&DWP(0,"edi"),"eax"); + &sbb ("ecx",&DWP(8,"ebp")); + &mov (&DWP(4,"edi"),"ebx"); + &sbb ("edx",&DWP(12,"ebp")); + &mov (&DWP(8,"edi"),"ecx"); + &mov (&DWP(12,"edi"),"edx"); + + &mov ("eax",&DWP(16,"esi")); + &mov ("ebx",&DWP(20,"esi")); + &mov ("ecx",&DWP(24,"esi")); + &sbb ("eax",&DWP(16,"ebp")); + &mov ("edx",&DWP(28,"esi")); + &sbb ("ebx",&DWP(20,"ebp")); + &sbb ("ecx",&DWP(24,"ebp")); + &mov (&DWP(16,"edi"),"eax"); + &sbb ("edx",&DWP(28,"ebp")); + &mov (&DWP(20,"edi"),"ebx"); + &sbb ("esi","esi"); # broadcast borrow bit + &mov (&DWP(24,"edi"),"ecx"); + &mov (&DWP(28,"edi"),"edx"); + + # if a-b borrows, add modulus. + # + # Note that because mod has special form, i.e. consists of + # 0xffffffff, 1 and 0s, we can conditionally synthesize it by + # assigning borrow bit to one register, %ebp, and its negative + # to another, %esi. But we started by calculating %esi... + + &mov ("eax",&DWP(0,"edi")); + &mov ("ebp","esi"); + &mov ("ebx",&DWP(4,"edi")); + &shr ("ebp",31); + &mov ("ecx",&DWP(8,"edi")); + &add ("eax","esi"); + &mov ("edx",&DWP(12,"edi")); + &adc ("ebx","esi"); + &mov (&DWP(0,"edi"),"eax"); + &adc ("ecx","esi"); + &mov (&DWP(4,"edi"),"ebx"); + &adc ("edx",0); + &mov (&DWP(8,"edi"),"ecx"); + &mov (&DWP(12,"edi"),"edx"); + + &mov ("eax",&DWP(16,"edi")); + &mov ("ebx",&DWP(20,"edi")); + &mov ("ecx",&DWP(24,"edi")); + &adc ("eax",0); + &mov ("edx",&DWP(28,"edi")); + &adc ("ebx",0); + &mov (&DWP(16,"edi"),"eax"); + &adc ("ecx","ebp"); + &mov (&DWP(20,"edi"),"ebx"); + &adc ("edx","esi"); + &mov (&DWP(24,"edi"),"ecx"); + &mov (&DWP(28,"edi"),"edx"); + + &ret (); +&function_end_B("_ecp_nistz256_sub"); + +######################################################################## +# void ecp_nistz256_neg(BN_ULONG edi[8],const BN_ULONG esi[8]); +&function_begin("ecp_nistz256_neg"); + &mov ("ebp",&wparam(1)); + &mov ("edi",&wparam(0)); + + &xor ("eax","eax"); + &stack_push(8); + &mov (&DWP(0,"esp"),"eax"); + &mov ("esi","esp"); + &mov (&DWP(4,"esp"),"eax"); + &mov (&DWP(8,"esp"),"eax"); + &mov (&DWP(12,"esp"),"eax"); + &mov (&DWP(16,"esp"),"eax"); + &mov (&DWP(20,"esp"),"eax"); + &mov (&DWP(24,"esp"),"eax"); + &mov (&DWP(28,"esp"),"eax"); + + &call ("_ecp_nistz256_sub"); + + &stack_pop(8); +&function_end("ecp_nistz256_neg"); + +&function_begin_B("_picup_eax"); + &mov ("eax",&DWP(0,"esp")); + &ret (); +&function_end_B("_picup_eax"); + +######################################################################## +# void ecp_nistz256_to_mont(BN_ULONG edi[8],const BN_ULONG esi[8]); +&function_begin("ecp_nistz256_to_mont"); + &mov ("esi",&wparam(1)); + &call ("_picup_eax"); + &set_label("pic"); + &lea ("ebp",&DWP(&label("RR")."-".&label("pic"),"eax")); + if ($sse2) { + &picmeup("eax","OPENSSL_ia32cap_P","eax",&label("pic")); + &mov ("eax",&DWP(0,"eax")); } + &mov ("edi",&wparam(0)); + &call ("_ecp_nistz256_mul_mont"); +&function_end("ecp_nistz256_to_mont"); + +######################################################################## +# void ecp_nistz256_from_mont(BN_ULONG edi[8],const BN_ULONG esi[8]); +&function_begin("ecp_nistz256_from_mont"); + &mov ("esi",&wparam(1)); + &call ("_picup_eax"); + &set_label("pic"); + &lea ("ebp",&DWP(&label("ONE")."-".&label("pic"),"eax")); + if ($sse2) { + &picmeup("eax","OPENSSL_ia32cap_P","eax",&label("pic")); + &mov ("eax",&DWP(0,"eax")); } + &mov ("edi",&wparam(0)); + &call ("_ecp_nistz256_mul_mont"); +&function_end("ecp_nistz256_from_mont"); + +######################################################################## +# void ecp_nistz256_mul_mont(BN_ULONG edi[8],const BN_ULONG esi[8], +# const BN_ULONG ebp[8]); +&function_begin("ecp_nistz256_mul_mont"); + &mov ("esi",&wparam(1)); + &mov ("ebp",&wparam(2)); + if ($sse2) { + &call ("_picup_eax"); + &set_label("pic"); + &picmeup("eax","OPENSSL_ia32cap_P","eax",&label("pic")); + &mov ("eax",&DWP(0,"eax")); } + &mov ("edi",&wparam(0)); + &call ("_ecp_nistz256_mul_mont"); +&function_end("ecp_nistz256_mul_mont"); + +######################################################################## +# void ecp_nistz256_sqr_mont(BN_ULONG edi[8],const BN_ULONG esi[8]); +&function_begin("ecp_nistz256_sqr_mont"); + &mov ("esi",&wparam(1)); + if ($sse2) { + &call ("_picup_eax"); + &set_label("pic"); + &picmeup("eax","OPENSSL_ia32cap_P","eax",&label("pic")); + &mov ("eax",&DWP(0,"eax")); } + &mov ("edi",&wparam(0)); + &mov ("ebp","esi"); + &call ("_ecp_nistz256_mul_mont"); +&function_end("ecp_nistz256_sqr_mont"); + +&function_begin_B("_ecp_nistz256_mul_mont"); + if ($sse2) { + &and ("eax",1<<24|1<<26); + &cmp ("eax",1<<24|1<<26); # see if XMM+SSE2 is on + &jne (&label("mul_mont_ialu")); + + ######################################## + # SSE2 code path featuring 32x16-bit + # multiplications is ~2x faster than + # IALU counterpart (except on Atom)... + ######################################## + # stack layout: + # +------------------------------------+< %esp + # | 7 16-byte temporary XMM words, | + # | "sliding" toward lower address | + # . . + # +------------------------------------+ + # | unused XMM word | + # +------------------------------------+< +128,%ebx + # | 8 16-byte XMM words holding copies | + # | of a[i]<<64|a[i] | + # . . + # . . + # +------------------------------------+< +256 + &mov ("edx","esp"); + &sub ("esp",0x100); + + &movd ("xmm7",&DWP(0,"ebp")); # b[0] -> 0000.00xy + &lea ("ebp",&DWP(4,"ebp")); + &pcmpeqd("xmm6","xmm6"); + &psrlq ("xmm6",48); # compose 0xffff<<64|0xffff + + &pshuflw("xmm7","xmm7",0b11011100); # 0000.00xy -> 0000.0x0y + &and ("esp",-64); + &pshufd ("xmm7","xmm7",0b11011100); # 0000.0x0y -> 000x.000y + &lea ("ebx",&DWP(0x80,"esp")); + + &movd ("xmm0",&DWP(4*0,"esi")); # a[0] -> 0000.00xy + &pshufd ("xmm0","xmm0",0b11001100); # 0000.00xy -> 00xy.00xy + &movd ("xmm1",&DWP(4*1,"esi")); # a[1] -> ... + &movdqa (&QWP(0x00,"ebx"),"xmm0"); # offload converted a[0] + &pmuludq("xmm0","xmm7"); # a[0]*b[0] + + &movd ("xmm2",&DWP(4*2,"esi")); + &pshufd ("xmm1","xmm1",0b11001100); + &movdqa (&QWP(0x10,"ebx"),"xmm1"); + &pmuludq("xmm1","xmm7"); # a[1]*b[0] + + &movq ("xmm4","xmm0"); # clear upper 64 bits + &pslldq("xmm4",6); + &paddq ("xmm4","xmm0"); + &movdqa("xmm5","xmm4"); + &psrldq("xmm4",10); # upper 32 bits of a[0]*b[0] + &pand ("xmm5","xmm6"); # lower 32 bits of a[0]*b[0] + + # Upper half of a[0]*b[i] is carried into next multiplication + # iteration, while lower one "participates" in actual reduction. + # Normally latter is done by accumulating result of multiplication + # of modulus by "magic" digit, but thanks to special form of modulus + # and "magic" digit it can be performed only with additions and + # subtractions (see note in IALU section below). Note that we are + # not bothered with carry bits, they are accumulated in "flatten" + # phase after all multiplications and reductions. + + &movd ("xmm3",&DWP(4*3,"esi")); + &pshufd ("xmm2","xmm2",0b11001100); + &movdqa (&QWP(0x20,"ebx"),"xmm2"); + &pmuludq("xmm2","xmm7"); # a[2]*b[0] + &paddq ("xmm1","xmm4"); # a[1]*b[0]+hw(a[0]*b[0]), carry + &movdqa (&QWP(0x00,"esp"),"xmm1"); # t[0] + + &movd ("xmm0",&DWP(4*4,"esi")); + &pshufd ("xmm3","xmm3",0b11001100); + &movdqa (&QWP(0x30,"ebx"),"xmm3"); + &pmuludq("xmm3","xmm7"); # a[3]*b[0] + &movdqa (&QWP(0x10,"esp"),"xmm2"); + + &movd ("xmm1",&DWP(4*5,"esi")); + &pshufd ("xmm0","xmm0",0b11001100); + &movdqa (&QWP(0x40,"ebx"),"xmm0"); + &pmuludq("xmm0","xmm7"); # a[4]*b[0] + &paddq ("xmm3","xmm5"); # a[3]*b[0]+lw(a[0]*b[0]), reduction step + &movdqa (&QWP(0x20,"esp"),"xmm3"); + + &movd ("xmm2",&DWP(4*6,"esi")); + &pshufd ("xmm1","xmm1",0b11001100); + &movdqa (&QWP(0x50,"ebx"),"xmm1"); + &pmuludq("xmm1","xmm7"); # a[5]*b[0] + &movdqa (&QWP(0x30,"esp"),"xmm0"); + &pshufd("xmm4","xmm5",0b10110001); # xmm4 = xmm5<<32, reduction step + + &movd ("xmm3",&DWP(4*7,"esi")); + &pshufd ("xmm2","xmm2",0b11001100); + &movdqa (&QWP(0x60,"ebx"),"xmm2"); + &pmuludq("xmm2","xmm7"); # a[6]*b[0] + &movdqa (&QWP(0x40,"esp"),"xmm1"); + &psubq ("xmm4","xmm5"); # xmm4 = xmm5*0xffffffff, reduction step + + &movd ("xmm0",&DWP(0,"ebp")); # b[1] -> 0000.00xy + &pshufd ("xmm3","xmm3",0b11001100); + &movdqa (&QWP(0x70,"ebx"),"xmm3"); + &pmuludq("xmm3","xmm7"); # a[7]*b[0] + + &pshuflw("xmm7","xmm0",0b11011100); # 0000.00xy -> 0000.0x0y + &movdqa ("xmm0",&QWP(0x00,"ebx")); # pre-load converted a[0] + &pshufd ("xmm7","xmm7",0b11011100); # 0000.0x0y -> 000x.000y + + &mov ("ecx",6); + &lea ("ebp",&DWP(4,"ebp")); + &jmp (&label("madd_sse2")); + +&set_label("madd_sse2",16); + &paddq ("xmm2","xmm5"); # a[6]*b[i-1]+lw(a[0]*b[i-1]), reduction step [modulo-scheduled] + &paddq ("xmm3","xmm4"); # a[7]*b[i-1]+lw(a[0]*b[i-1])*0xffffffff, reduction step [modulo-scheduled] + &movdqa ("xmm1",&QWP(0x10,"ebx")); + &pmuludq("xmm0","xmm7"); # a[0]*b[i] + &movdqa(&QWP(0x50,"esp"),"xmm2"); + + &movdqa ("xmm2",&QWP(0x20,"ebx")); + &pmuludq("xmm1","xmm7"); # a[1]*b[i] + &movdqa(&QWP(0x60,"esp"),"xmm3"); + &paddq ("xmm0",&QWP(0x00,"esp")); + + &movdqa ("xmm3",&QWP(0x30,"ebx")); + &pmuludq("xmm2","xmm7"); # a[2]*b[i] + &movq ("xmm4","xmm0"); # clear upper 64 bits + &pslldq("xmm4",6); + &paddq ("xmm1",&QWP(0x10,"esp")); + &paddq ("xmm4","xmm0"); + &movdqa("xmm5","xmm4"); + &psrldq("xmm4",10); # upper 33 bits of a[0]*b[i]+t[0] + + &movdqa ("xmm0",&QWP(0x40,"ebx")); + &pmuludq("xmm3","xmm7"); # a[3]*b[i] + &paddq ("xmm1","xmm4"); # a[1]*b[i]+hw(a[0]*b[i]), carry + &paddq ("xmm2",&QWP(0x20,"esp")); + &movdqa (&QWP(0x00,"esp"),"xmm1"); + + &movdqa ("xmm1",&QWP(0x50,"ebx")); + &pmuludq("xmm0","xmm7"); # a[4]*b[i] + &paddq ("xmm3",&QWP(0x30,"esp")); + &movdqa (&QWP(0x10,"esp"),"xmm2"); + &pand ("xmm5","xmm6"); # lower 32 bits of a[0]*b[i] + + &movdqa ("xmm2",&DWP(0x60,"ebx")); + &pmuludq("xmm1","xmm7"); # a[5]*b[i] + &paddq ("xmm3","xmm5"); # a[3]*b[i]+lw(a[0]*b[i]), reduction step + &paddq ("xmm0",&QWP(0x40,"esp")); + &movdqa (&QWP(0x20,"esp"),"xmm3"); + &pshufd("xmm4","xmm5",0b10110001); # xmm4 = xmm5<<32, reduction step + + &movdqa ("xmm3","xmm7"); + &pmuludq("xmm2","xmm7"); # a[6]*b[i] + &movd ("xmm7",&DWP(0,"ebp")); # b[i++] -> 0000.00xy + &lea ("ebp",&DWP(4,"ebp")); + &paddq ("xmm1",&QWP(0x50,"esp")); + &psubq ("xmm4","xmm5"); # xmm4 = xmm5*0xffffffff, reduction step + &movdqa (&QWP(0x30,"esp"),"xmm0"); + &pshuflw("xmm7","xmm7",0b11011100); # 0000.00xy -> 0000.0x0y + + &pmuludq("xmm3",&QWP(0x70,"ebx")); # a[7]*b[i] + &pshufd("xmm7","xmm7",0b11011100); # 0000.0x0y -> 000x.000y + &movdqa("xmm0",&QWP(0x00,"ebx")); # pre-load converted a[0] + &movdqa (&QWP(0x40,"esp"),"xmm1"); + &paddq ("xmm2",&QWP(0x60,"esp")); + + &dec ("ecx"); + &jnz (&label("madd_sse2")); + + &paddq ("xmm2","xmm5"); # a[6]*b[6]+lw(a[0]*b[6]), reduction step [modulo-scheduled] + &paddq ("xmm3","xmm4"); # a[7]*b[6]+lw(a[0]*b[6])*0xffffffff, reduction step [modulo-scheduled] + &movdqa ("xmm1",&QWP(0x10,"ebx")); + &pmuludq("xmm0","xmm7"); # a[0]*b[7] + &movdqa(&QWP(0x50,"esp"),"xmm2"); + + &movdqa ("xmm2",&QWP(0x20,"ebx")); + &pmuludq("xmm1","xmm7"); # a[1]*b[7] + &movdqa(&QWP(0x60,"esp"),"xmm3"); + &paddq ("xmm0",&QWP(0x00,"esp")); + + &movdqa ("xmm3",&QWP(0x30,"ebx")); + &pmuludq("xmm2","xmm7"); # a[2]*b[7] + &movq ("xmm4","xmm0"); # clear upper 64 bits + &pslldq("xmm4",6); + &paddq ("xmm1",&QWP(0x10,"esp")); + &paddq ("xmm4","xmm0"); + &movdqa("xmm5","xmm4"); + &psrldq("xmm4",10); # upper 33 bits of a[0]*b[i]+t[0] + + &movdqa ("xmm0",&QWP(0x40,"ebx")); + &pmuludq("xmm3","xmm7"); # a[3]*b[7] + &paddq ("xmm1","xmm4"); # a[1]*b[7]+hw(a[0]*b[7]), carry + &paddq ("xmm2",&QWP(0x20,"esp")); + &movdqa (&QWP(0x00,"esp"),"xmm1"); + + &movdqa ("xmm1",&QWP(0x50,"ebx")); + &pmuludq("xmm0","xmm7"); # a[4]*b[7] + &paddq ("xmm3",&QWP(0x30,"esp")); + &movdqa (&QWP(0x10,"esp"),"xmm2"); + &pand ("xmm5","xmm6"); # lower 32 bits of a[0]*b[i] + + &movdqa ("xmm2",&DWP(0x60,"ebx")); + &pmuludq("xmm1","xmm7"); # a[5]*b[7] + &paddq ("xmm3","xmm5"); # reduction step + &paddq ("xmm0",&QWP(0x40,"esp")); + &movdqa (&QWP(0x20,"esp"),"xmm3"); + &pshufd("xmm4","xmm5",0b10110001); # xmm4 = xmm5<<32, reduction step + + &movdqa ("xmm3",&QWP(0x70,"ebx")); + &pmuludq("xmm2","xmm7"); # a[6]*b[7] + &paddq ("xmm1",&QWP(0x50,"esp")); + &psubq ("xmm4","xmm5"); # xmm4 = xmm5*0xffffffff, reduction step + &movdqa (&QWP(0x30,"esp"),"xmm0"); + + &pmuludq("xmm3","xmm7"); # a[7]*b[7] + &pcmpeqd("xmm7","xmm7"); + &movdqa ("xmm0",&QWP(0x00,"esp")); + &pslldq ("xmm7",8); + &movdqa (&QWP(0x40,"esp"),"xmm1"); + &paddq ("xmm2",&QWP(0x60,"esp")); + + &paddq ("xmm2","xmm5"); # a[6]*b[7]+lw(a[0]*b[7]), reduction step + &paddq ("xmm3","xmm4"); # a[6]*b[7]+lw(a[0]*b[7])*0xffffffff, reduction step + &movdqa(&QWP(0x50,"esp"),"xmm2"); + &movdqa(&QWP(0x60,"esp"),"xmm3"); + + &movdqa ("xmm1",&QWP(0x10,"esp")); + &movdqa ("xmm2",&QWP(0x20,"esp")); + &movdqa ("xmm3",&QWP(0x30,"esp")); + + &movq ("xmm4","xmm0"); # "flatten" + &pand ("xmm0","xmm7"); + &xor ("ebp","ebp"); + &pslldq ("xmm4",6); + &movq ("xmm5","xmm1"); + &paddq ("xmm0","xmm4"); + &pand ("xmm1","xmm7"); + &psrldq ("xmm0",6); + &movd ("eax","xmm0"); + &psrldq ("xmm0",4); + + &paddq ("xmm5","xmm0"); + &movdqa ("xmm0",&QWP(0x40,"esp")); + &sub ("eax",-1); # start subtracting modulus, + # this is used to determine + # if result is larger/smaller + # than modulus (see below) + &pslldq ("xmm5",6); + &movq ("xmm4","xmm2"); + &paddq ("xmm1","xmm5"); + &pand ("xmm2","xmm7"); + &psrldq ("xmm1",6); + &mov (&DWP(4*0,"edi"),"eax"); + &movd ("eax","xmm1"); + &psrldq ("xmm1",4); + + &paddq ("xmm4","xmm1"); + &movdqa ("xmm1",&QWP(0x50,"esp")); + &sbb ("eax",-1); + &pslldq ("xmm4",6); + &movq ("xmm5","xmm3"); + &paddq ("xmm2","xmm4"); + &pand ("xmm3","xmm7"); + &psrldq ("xmm2",6); + &mov (&DWP(4*1,"edi"),"eax"); + &movd ("eax","xmm2"); + &psrldq ("xmm2",4); + + &paddq ("xmm5","xmm2"); + &movdqa ("xmm2",&QWP(0x60,"esp")); + &sbb ("eax",-1); + &pslldq ("xmm5",6); + &movq ("xmm4","xmm0"); + &paddq ("xmm3","xmm5"); + &pand ("xmm0","xmm7"); + &psrldq ("xmm3",6); + &mov (&DWP(4*2,"edi"),"eax"); + &movd ("eax","xmm3"); + &psrldq ("xmm3",4); + + &paddq ("xmm4","xmm3"); + &sbb ("eax",0); + &pslldq ("xmm4",6); + &movq ("xmm5","xmm1"); + &paddq ("xmm0","xmm4"); + &pand ("xmm1","xmm7"); + &psrldq ("xmm0",6); + &mov (&DWP(4*3,"edi"),"eax"); + &movd ("eax","xmm0"); + &psrldq ("xmm0",4); + + &paddq ("xmm5","xmm0"); + &sbb ("eax",0); + &pslldq ("xmm5",6); + &movq ("xmm4","xmm2"); + &paddq ("xmm1","xmm5"); + &pand ("xmm2","xmm7"); + &psrldq ("xmm1",6); + &movd ("ebx","xmm1"); + &psrldq ("xmm1",4); + &mov ("esp","edx"); + + &paddq ("xmm4","xmm1"); + &pslldq ("xmm4",6); + &paddq ("xmm2","xmm4"); + &psrldq ("xmm2",6); + &movd ("ecx","xmm2"); + &psrldq ("xmm2",4); + &sbb ("ebx",0); + &movd ("edx","xmm2"); + &pextrw ("esi","xmm2",2); # top-most overflow bit + &sbb ("ecx",1); + &sbb ("edx",-1); + &sbb ("esi",0); # borrow from subtraction + + # Final step is "if result > mod, subtract mod", and at this point + # we have result - mod written to output buffer, as well as borrow + # bit from this subtraction, and if borrow bit is set, we add + # modulus back. + # + # Note that because mod has special form, i.e. consists of + # 0xffffffff, 1 and 0s, we can conditionally synthesize it by + # assigning borrow bit to one register, %ebp, and its negative + # to another, %esi. But we started by calculating %esi... + + &sub ("ebp","esi"); + &add (&DWP(4*0,"edi"),"esi"); # add modulus or zero + &adc (&DWP(4*1,"edi"),"esi"); + &adc (&DWP(4*2,"edi"),"esi"); + &adc (&DWP(4*3,"edi"),0); + &adc ("eax",0); + &adc ("ebx",0); + &mov (&DWP(4*4,"edi"),"eax"); + &adc ("ecx","ebp"); + &mov (&DWP(4*5,"edi"),"ebx"); + &adc ("edx","esi"); + &mov (&DWP(4*6,"edi"),"ecx"); + &mov (&DWP(4*7,"edi"),"edx"); + + &ret (); + +&set_label("mul_mont_ialu",16); } + + ######################################## + # IALU code path suitable for all CPUs. + ######################################## + # stack layout: + # +------------------------------------+< %esp + # | 8 32-bit temporary words, accessed | + # | as circular buffer | + # . . + # . . + # +------------------------------------+< +32 + # | offloaded destination pointer | + # +------------------------------------+ + # | unused | + # +------------------------------------+< +40 + &sub ("esp",10*4); + + &mov ("eax",&DWP(0*4,"esi")); # a[0] + &mov ("ebx",&DWP(0*4,"ebp")); # b[0] + &mov (&DWP(8*4,"esp"),"edi"); # off-load dst ptr + + &mul ("ebx"); # a[0]*b[0] + &mov (&DWP(0*4,"esp"),"eax"); # t[0] + &mov ("eax",&DWP(1*4,"esi")); + &mov ("ecx","edx") + + &mul ("ebx"); # a[1]*b[0] + &add ("ecx","eax"); + &mov ("eax",&DWP(2*4,"esi")); + &adc ("edx",0); + &mov (&DWP(1*4,"esp"),"ecx"); # t[1] + &mov ("ecx","edx"); + + &mul ("ebx"); # a[2]*b[0] + &add ("ecx","eax"); + &mov ("eax",&DWP(3*4,"esi")); + &adc ("edx",0); + &mov (&DWP(2*4,"esp"),"ecx"); # t[2] + &mov ("ecx","edx"); + + &mul ("ebx"); # a[3]*b[0] + &add ("ecx","eax"); + &mov ("eax",&DWP(4*4,"esi")); + &adc ("edx",0); + &mov (&DWP(3*4,"esp"),"ecx"); # t[3] + &mov ("ecx","edx"); + + &mul ("ebx"); # a[4]*b[0] + &add ("ecx","eax"); + &mov ("eax",&DWP(5*4,"esi")); + &adc ("edx",0); + &mov (&DWP(4*4,"esp"),"ecx"); # t[4] + &mov ("ecx","edx"); + + &mul ("ebx"); # a[5]*b[0] + &add ("ecx","eax"); + &mov ("eax",&DWP(6*4,"esi")); + &adc ("edx",0); + &mov (&DWP(5*4,"esp"),"ecx"); # t[5] + &mov ("ecx","edx"); + + &mul ("ebx"); # a[6]*b[0] + &add ("ecx","eax"); + &mov ("eax",&DWP(7*4,"esi")); + &adc ("edx",0); + &mov (&DWP(6*4,"esp"),"ecx"); # t[6] + &mov ("ecx","edx"); + + &xor ("edi","edi"); # initial top-most carry + &mul ("ebx"); # a[7]*b[0] + &add ("ecx","eax"); # t[7] + &mov ("eax",&DWP(0*4,"esp")); # t[0] + &adc ("edx",0); # t[8] + +for ($i=0;$i<7;$i++) { + my $j=$i+1; + + # Reduction iteration is normally performed by accumulating + # result of multiplication of modulus by "magic" digit [and + # omitting least significant word, which is guaranteed to + # be 0], but thanks to special form of modulus and "magic" + # digit being equal to least significant word, it can be + # performed with additions and subtractions alone. Indeed: + # + # ffff.0001.0000.0000.0000.ffff.ffff.ffff + # * abcd + # + xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.abcd + # + # Now observing that ff..ff*x = (2^n-1)*x = 2^n*x-x, we + # rewrite above as: + # + # xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.abcd + # + abcd.0000.abcd.0000.0000.abcd.0000.0000.0000 + # - abcd.0000.0000.0000.0000.0000.0000.abcd + # + # or marking redundant operations: + # + # xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.---- + # + abcd.0000.abcd.0000.0000.abcd.----.----.---- + # - abcd.----.----.----.----.----.----.---- + + &add (&DWP((($i+3)%8)*4,"esp"),"eax"); # t[3]+=t[0] + &adc (&DWP((($i+4)%8)*4,"esp"),0); # t[4]+=0 + &adc (&DWP((($i+5)%8)*4,"esp"),0); # t[5]+=0 + &adc (&DWP((($i+6)%8)*4,"esp"),"eax"); # t[6]+=t[0] + &adc ("ecx",0); # t[7]+=0 + &adc ("edx","eax"); # t[8]+=t[0] + &adc ("edi",0); # top-most carry + &mov ("ebx",&DWP($j*4,"ebp")); # b[i] + &sub ("ecx","eax"); # t[7]-=t[0] + &mov ("eax",&DWP(0*4,"esi")); # a[0] + &sbb ("edx",0); # t[8]-=0 + &mov (&DWP((($i+7)%8)*4,"esp"),"ecx"); + &sbb ("edi",0); # top-most carry, + # keep in mind that + # netto result is + # *addition* of value + # with (abcd<<32)-abcd + # on top, so that + # underflow is + # impossible, because + # (abcd<<32)-abcd + # doesn't underflow + &mov (&DWP((($i+8)%8)*4,"esp"),"edx"); + + &mul ("ebx"); # a[0]*b[i] + &add ("eax",&DWP((($j+0)%8)*4,"esp")); + &adc ("edx",0); + &mov (&DWP((($j+0)%8)*4,"esp"),"eax"); + &mov ("eax",&DWP(1*4,"esi")); + &mov ("ecx","edx") + + &mul ("ebx"); # a[1]*b[i] + &add ("ecx",&DWP((($j+1)%8)*4,"esp")); + &adc ("edx",0); + &add ("ecx","eax"); + &adc ("edx",0); + &mov ("eax",&DWP(2*4,"esi")); + &mov (&DWP((($j+1)%8)*4,"esp"),"ecx"); + &mov ("ecx","edx"); + + &mul ("ebx"); # a[2]*b[i] + &add ("ecx",&DWP((($j+2)%8)*4,"esp")); + &adc ("edx",0); + &add ("ecx","eax"); + &adc ("edx",0); + &mov ("eax",&DWP(3*4,"esi")); + &mov (&DWP((($j+2)%8)*4,"esp"),"ecx"); + &mov ("ecx","edx"); + + &mul ("ebx"); # a[3]*b[i] + &add ("ecx",&DWP((($j+3)%8)*4,"esp")); + &adc ("edx",0); + &add ("ecx","eax"); + &adc ("edx",0); + &mov ("eax",&DWP(4*4,"esi")); + &mov (&DWP((($j+3)%8)*4,"esp"),"ecx"); + &mov ("ecx","edx"); + + &mul ("ebx"); # a[4]*b[i] + &add ("ecx",&DWP((($j+4)%8)*4,"esp")); + &adc ("edx",0); + &add ("ecx","eax"); + &adc ("edx",0); + &mov ("eax",&DWP(5*4,"esi")); + &mov (&DWP((($j+4)%8)*4,"esp"),"ecx"); + &mov ("ecx","edx"); + + &mul ("ebx"); # a[5]*b[i] + &add ("ecx",&DWP((($j+5)%8)*4,"esp")); + &adc ("edx",0); + &add ("ecx","eax"); + &adc ("edx",0); + &mov ("eax",&DWP(6*4,"esi")); + &mov (&DWP((($j+5)%8)*4,"esp"),"ecx"); + &mov ("ecx","edx"); + + &mul ("ebx"); # a[6]*b[i] + &add ("ecx",&DWP((($j+6)%8)*4,"esp")); + &adc ("edx",0); + &add ("ecx","eax"); + &adc ("edx",0); + &mov ("eax",&DWP(7*4,"esi")); + &mov (&DWP((($j+6)%8)*4,"esp"),"ecx"); + &mov ("ecx","edx"); + + &mul ("ebx"); # a[7]*b[i] + &add ("ecx",&DWP((($j+7)%8)*4,"esp")); + &adc ("edx",0); + &add ("ecx","eax"); # t[7] + &mov ("eax",&DWP((($j+0)%8)*4,"esp")); # t[0] + &adc ("edx","edi"); # t[8] + &mov ("edi",0); + &adc ("edi",0); # top-most carry +} + &mov ("ebp",&DWP(8*4,"esp")); # restore dst ptr + &xor ("esi","esi"); + my $j=$i+1; + + # last multiplication-less reduction + &add (&DWP((($i+3)%8)*4,"esp"),"eax"); # t[3]+=t[0] + &adc (&DWP((($i+4)%8)*4,"esp"),0); # t[4]+=0 + &adc (&DWP((($i+5)%8)*4,"esp"),0); # t[5]+=0 + &adc (&DWP((($i+6)%8)*4,"esp"),"eax"); # t[6]+=t[0] + &adc ("ecx",0); # t[7]+=0 + &adc ("edx","eax"); # t[8]+=t[0] + &adc ("edi",0); # top-most carry + &mov ("ebx",&DWP((($j+1)%8)*4,"esp")); + &sub ("ecx","eax"); # t[7]-=t[0] + &mov ("eax",&DWP((($j+0)%8)*4,"esp")); + &sbb ("edx",0); # t[8]-=0 + &mov (&DWP((($i+7)%8)*4,"esp"),"ecx"); + &sbb ("edi",0); # top-most carry + &mov (&DWP((($i+8)%8)*4,"esp"),"edx"); + + # Final step is "if result > mod, subtract mod", but we do it + # "other way around", namely write result - mod to output buffer + # and if subtraction borrowed, add modulus back. + + &mov ("ecx",&DWP((($j+2)%8)*4,"esp")); + &sub ("eax",-1); + &mov ("edx",&DWP((($j+3)%8)*4,"esp")); + &sbb ("ebx",-1); + &mov (&DWP(0*4,"ebp"),"eax"); + &sbb ("ecx",-1); + &mov (&DWP(1*4,"ebp"),"ebx"); + &sbb ("edx",0); + &mov (&DWP(2*4,"ebp"),"ecx"); + &mov (&DWP(3*4,"ebp"),"edx"); + + &mov ("eax",&DWP((($j+4)%8)*4,"esp")); + &mov ("ebx",&DWP((($j+5)%8)*4,"esp")); + &mov ("ecx",&DWP((($j+6)%8)*4,"esp")); + &sbb ("eax",0); + &mov ("edx",&DWP((($j+7)%8)*4,"esp")); + &sbb ("ebx",0); + &sbb ("ecx",1); + &sbb ("edx",-1); + &sbb ("edi",0); + + # Note that because mod has special form, i.e. consists of + # 0xffffffff, 1 and 0s, we can conditionally synthesize it by + # assigning borrow bit to one register, %ebp, and its negative + # to another, %esi. But we started by calculating %esi... + + &sub ("esi","edi"); + &add (&DWP(0*4,"ebp"),"edi"); # add modulus or zero + &adc (&DWP(1*4,"ebp"),"edi"); + &adc (&DWP(2*4,"ebp"),"edi"); + &adc (&DWP(3*4,"ebp"),0); + &adc ("eax",0); + &adc ("ebx",0); + &mov (&DWP(4*4,"ebp"),"eax"); + &adc ("ecx","esi"); + &mov (&DWP(5*4,"ebp"),"ebx"); + &adc ("edx","edi"); + &mov (&DWP(6*4,"ebp"),"ecx"); + &mov ("edi","ebp"); # fulfill contract + &mov (&DWP(7*4,"ebp"),"edx"); + + &add ("esp",10*4); + &ret (); +&function_end_B("_ecp_nistz256_mul_mont"); + +######################################################################## +# void ecp_nistz256_scatter_w5(void *edi,const P256_POINT *esi, +# int ebp); +&function_begin("ecp_nistz256_scatter_w5"); + &mov ("edi",&wparam(0)); + &mov ("esi",&wparam(1)); + &mov ("ebp",&wparam(2)); + + &lea ("edi",&DWP(128-4,"edi","ebp",4)); + &mov ("ebp",96/16); +&set_label("scatter_w5_loop"); + &mov ("eax",&DWP(0,"esi")); + &mov ("ebx",&DWP(4,"esi")); + &mov ("ecx",&DWP(8,"esi")); + &mov ("edx",&DWP(12,"esi")); + &lea ("esi",&DWP(16,"esi")); + &mov (&DWP(64*0-128,"edi"),"eax"); + &mov (&DWP(64*1-128,"edi"),"ebx"); + &mov (&DWP(64*2-128,"edi"),"ecx"); + &mov (&DWP(64*3-128,"edi"),"edx"); + &lea ("edi",&DWP(64*4,"edi")); + &dec ("ebp"); + &jnz (&label("scatter_w5_loop")); +&function_end("ecp_nistz256_scatter_w5"); + +######################################################################## +# void ecp_nistz256_gather_w5(P256_POINT *edi,const void *esi, +# int ebp); +&function_begin("ecp_nistz256_gather_w5"); + &mov ("esi",&wparam(1)); + &mov ("ebp",&wparam(2)); + + &lea ("esi",&DWP(0,"esi","ebp",4)); + &neg ("ebp"); + &sar ("ebp",31); + &mov ("edi",&wparam(0)); + &lea ("esi",&DWP(0,"esi","ebp",4)); + + for($i=0;$i<24;$i+=4) { + &mov ("eax",&DWP(64*($i+0),"esi")); + &mov ("ebx",&DWP(64*($i+1),"esi")); + &mov ("ecx",&DWP(64*($i+2),"esi")); + &mov ("edx",&DWP(64*($i+3),"esi")); + &and ("eax","ebp"); + &and ("ebx","ebp"); + &and ("ecx","ebp"); + &and ("edx","ebp"); + &mov (&DWP(4*($i+0),"edi"),"eax"); + &mov (&DWP(4*($i+1),"edi"),"ebx"); + &mov (&DWP(4*($i+2),"edi"),"ecx"); + &mov (&DWP(4*($i+3),"edi"),"edx"); + } +&function_end("ecp_nistz256_gather_w5"); + +######################################################################## +# void ecp_nistz256_scatter_w7(void *edi,const P256_POINT_AFFINE *esi, +# int ebp); +&function_begin("ecp_nistz256_scatter_w7"); + &mov ("edi",&wparam(0)); + &mov ("esi",&wparam(1)); + &mov ("ebp",&wparam(2)); + + &lea ("edi",&DWP(-1,"edi","ebp")); + &mov ("ebp",64/4); +&set_label("scatter_w7_loop"); + &mov ("eax",&DWP(0,"esi")); + &lea ("esi",&DWP(4,"esi")); + &mov (&BP(64*0,"edi"),"al"); + &mov (&BP(64*1,"edi"),"ah"); + &shr ("eax",16); + &mov (&BP(64*2,"edi"),"al"); + &mov (&BP(64*3,"edi"),"ah"); + &lea ("edi",&DWP(64*4,"edi")); + &dec ("ebp"); + &jnz (&label("scatter_w7_loop")); +&function_end("ecp_nistz256_scatter_w7"); + +######################################################################## +# void ecp_nistz256_gather_w7(P256_POINT_AFFINE *edi,const void *esi, +# int ebp); +&function_begin("ecp_nistz256_gather_w7"); + &mov ("esi",&wparam(1)); + &mov ("ebp",&wparam(2)); + + &add ("esi","ebp"); + &neg ("ebp"), + &sar ("ebp",31); + &mov ("edi",&wparam(0)); + &lea ("esi",&DWP(0,"esi","ebp")); + + for($i=0;$i<64;$i+=4) { + &movz ("eax",&BP(64*($i+0),"esi")); + &movz ("ebx",&BP(64*($i+1),"esi")); + &movz ("ecx",&BP(64*($i+2),"esi")); + &and ("eax","ebp"); + &movz ("edx",&BP(64*($i+3),"esi")); + &and ("ebx","ebp"); + &mov (&BP($i+0,"edi"),"al"); + &and ("ecx","ebp"); + &mov (&BP($i+1,"edi"),"bl"); + &and ("edx","ebp"); + &mov (&BP($i+2,"edi"),"cl"); + &mov (&BP($i+3,"edi"),"dl"); + } +&function_end("ecp_nistz256_gather_w7"); + +######################################################################## +# following subroutines are "literal" implementation of those found in +# ecp_nistz256.c +# +######################################################################## +# void ecp_nistz256_point_double(P256_POINT *out,const P256_POINT *inp); +# +&function_begin("ecp_nistz256_point_double"); +{ my ($S,$M,$Zsqr,$in_x,$tmp0)=map(32*$_,(0..4)); + + &mov ("esi",&wparam(1)); + + # above map() describes stack layout with 5 temporary + # 256-bit vectors on top, then we take extra word for + # OPENSS_ia32cap_P copy. + &stack_push(8*5+1); + if ($sse2) { + &call ("_picup_eax"); + &set_label("pic"); + &picmeup("edx","OPENSSL_ia32cap_P","eax",&label("pic")); + &mov ("ebp",&DWP(0,"edx")); } + + &mov ("eax",&DWP(0,"esi")); # copy in_x + &mov ("ebx",&DWP(4,"esi")); + &mov ("ecx",&DWP(8,"esi")); + &mov ("edx",&DWP(12,"esi")); + &mov (&DWP($in_x+0,"esp"),"eax"); + &mov (&DWP($in_x+4,"esp"),"ebx"); + &mov (&DWP($in_x+8,"esp"),"ecx"); + &mov (&DWP($in_x+12,"esp"),"edx"); + &mov ("eax",&DWP(16,"esi")); + &mov ("ebx",&DWP(20,"esi")); + &mov ("ecx",&DWP(24,"esi")); + &mov ("edx",&DWP(28,"esi")); + &mov (&DWP($in_x+16,"esp"),"eax"); + &mov (&DWP($in_x+20,"esp"),"ebx"); + &mov (&DWP($in_x+24,"esp"),"ecx"); + &mov (&DWP($in_x+28,"esp"),"edx"); + &mov (&DWP(32*5,"esp"),"ebp"); # OPENSSL_ia32cap_P copy + + &lea ("ebp",&DWP(32,"esi")); + &lea ("esi",&DWP(32,"esi")); + &lea ("edi",&DWP($S,"esp")); + &call ("_ecp_nistz256_add"); # p256_mul_by_2(S, in_y); + + &mov ("eax",&DWP(32*5,"esp")); # OPENSSL_ia32cap_P copy + &mov ("esi",64); + &add ("esi",&wparam(1)); + &lea ("edi",&DWP($Zsqr,"esp")); + &mov ("ebp","esi"); + &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(Zsqr, in_z); + + &mov ("eax",&DWP(32*5,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($S,"esp")); + &lea ("ebp",&DWP($S,"esp")); + &lea ("edi",&DWP($S,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(S, S); + + &mov ("eax",&DWP(32*5,"esp")); # OPENSSL_ia32cap_P copy + &mov ("ebp",&wparam(1)); + &lea ("esi",&DWP(32,"ebp")); + &lea ("ebp",&DWP(64,"ebp")); + &lea ("edi",&DWP($tmp0,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(tmp0, in_z, in_y); + + &lea ("esi",&DWP($in_x,"esp")); + &lea ("ebp",&DWP($Zsqr,"esp")); + &lea ("edi",&DWP($M,"esp")); + &call ("_ecp_nistz256_add"); # p256_add(M, in_x, Zsqr); + + &mov ("edi",64); + &lea ("esi",&DWP($tmp0,"esp")); + &lea ("ebp",&DWP($tmp0,"esp")); + &add ("edi",&wparam(0)); + &call ("_ecp_nistz256_add"); # p256_mul_by_2(res_z, tmp0); + + &lea ("esi",&DWP($in_x,"esp")); + &lea ("ebp",&DWP($Zsqr,"esp")); + &lea ("edi",&DWP($Zsqr,"esp")); + &call ("_ecp_nistz256_sub"); # p256_sub(Zsqr, in_x, Zsqr); + + &mov ("eax",&DWP(32*5,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($S,"esp")); + &lea ("ebp",&DWP($S,"esp")); + &lea ("edi",&DWP($tmp0,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(tmp0, S); + + &mov ("eax",&DWP(32*5,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($M,"esp")); + &lea ("ebp",&DWP($Zsqr,"esp")); + &lea ("edi",&DWP($M,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(M, M, Zsqr); + + &mov ("edi",32); + &lea ("esi",&DWP($tmp0,"esp")); + &add ("edi",&wparam(0)); + &call ("_ecp_nistz256_div_by_2"); # p256_div_by_2(res_y, tmp0); + + &lea ("esi",&DWP($M,"esp")); + &lea ("ebp",&DWP($M,"esp")); + &lea ("edi",&DWP($tmp0,"esp")); + &call ("_ecp_nistz256_add"); # 1/2 p256_mul_by_3(M, M); + + &mov ("eax",&DWP(32*5,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($in_x,"esp")); + &lea ("ebp",&DWP($S,"esp")); + &lea ("edi",&DWP($S,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(S, S, in_x); + + &lea ("esi",&DWP($tmp0,"esp")); + &lea ("ebp",&DWP($M,"esp")); + &lea ("edi",&DWP($M,"esp")); + &call ("_ecp_nistz256_add"); # 2/2 p256_mul_by_3(M, M); + + &lea ("esi",&DWP($S,"esp")); + &lea ("ebp",&DWP($S,"esp")); + &lea ("edi",&DWP($tmp0,"esp")); + &call ("_ecp_nistz256_add"); # p256_mul_by_2(tmp0, S); + + &mov ("eax",&DWP(32*5,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($M,"esp")); + &lea ("ebp",&DWP($M,"esp")); + &mov ("edi",&wparam(0)); + &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(res_x, M); + + &mov ("esi","edi"); # %edi is still res_x here + &lea ("ebp",&DWP($tmp0,"esp")); + &call ("_ecp_nistz256_sub"); # p256_sub(res_x, res_x, tmp0); + + &lea ("esi",&DWP($S,"esp")); + &mov ("ebp","edi"); # %edi is still res_x + &lea ("edi",&DWP($S,"esp")); + &call ("_ecp_nistz256_sub"); # p256_sub(S, S, res_x); + + &mov ("eax",&DWP(32*5,"esp")); # OPENSSL_ia32cap_P copy + &mov ("esi","edi"); # %edi is still &S + &lea ("ebp",&DWP($M,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(S, S, M); + + &mov ("ebp",32); + &lea ("esi",&DWP($S,"esp")); + &add ("ebp",&wparam(0)); + &mov ("edi","ebp"); + &call ("_ecp_nistz256_sub"); # p256_sub(res_y, S, res_y); + + &stack_pop(8*5+1); +} &function_end("ecp_nistz256_point_double"); + +######################################################################## +# void ecp_nistz256_point_add(P256_POINT *out,const P256_POINT *in1, +# const P256_POINT *in2); +&function_begin("ecp_nistz256_point_add"); +{ my ($res_x,$res_y,$res_z, + $in1_x,$in1_y,$in1_z, + $in2_x,$in2_y,$in2_z, + $H,$Hsqr,$R,$Rsqr,$Hcub, + $U1,$U2,$S1,$S2)=map(32*$_,(0..17)); + my ($Z1sqr, $Z2sqr) = ($Hsqr, $Rsqr); + + &mov ("esi",&wparam(2)); + + # above map() describes stack layout with 18 temporary + # 256-bit vectors on top, then we take extra words for + # !in1infty, !in2infty, result of check for zero and + # OPENSS_ia32cap_P copy. [one unused word for padding] + &stack_push(8*18+5); + if ($sse2) { + &call ("_picup_eax"); + &set_label("pic"); + &picmeup("edx","OPENSSL_ia32cap_P","eax",&label("pic")); + &mov ("ebp",&DWP(0,"edx")); } + + &lea ("edi",&DWP($in2_x,"esp")); + for($i=0;$i<96;$i+=16) { + &mov ("eax",&DWP($i+0,"esi")); # copy in2 + &mov ("ebx",&DWP($i+4,"esi")); + &mov ("ecx",&DWP($i+8,"esi")); + &mov ("edx",&DWP($i+12,"esi")); + &mov (&DWP($i+0,"edi"),"eax"); + &mov (&DWP(32*18+12,"esp"),"ebp") if ($i==0); + &mov ("ebp","eax") if ($i==0); + &or ("ebp","eax") if ($i!=0 && $i<64); + &mov (&DWP($i+4,"edi"),"ebx"); + &or ("ebp","ebx") if ($i<64); + &mov (&DWP($i+8,"edi"),"ecx"); + &or ("ebp","ecx") if ($i<64); + &mov (&DWP($i+12,"edi"),"edx"); + &or ("ebp","edx") if ($i<64); + } + &xor ("eax","eax"); + &mov ("esi",&wparam(1)); + &sub ("eax","ebp"); + &or ("ebp","eax"); + &sar ("ebp",31); + &mov (&DWP(32*18+4,"esp"),"ebp"); # !in2infty + + &lea ("edi",&DWP($in1_x,"esp")); + for($i=0;$i<96;$i+=16) { + &mov ("eax",&DWP($i+0,"esi")); # copy in1 + &mov ("ebx",&DWP($i+4,"esi")); + &mov ("ecx",&DWP($i+8,"esi")); + &mov ("edx",&DWP($i+12,"esi")); + &mov (&DWP($i+0,"edi"),"eax"); + &mov ("ebp","eax") if ($i==0); + &or ("ebp","eax") if ($i!=0 && $i<64); + &mov (&DWP($i+4,"edi"),"ebx"); + &or ("ebp","ebx") if ($i<64); + &mov (&DWP($i+8,"edi"),"ecx"); + &or ("ebp","ecx") if ($i<64); + &mov (&DWP($i+12,"edi"),"edx"); + &or ("ebp","edx") if ($i<64); + } + &xor ("eax","eax"); + &sub ("eax","ebp"); + &or ("ebp","eax"); + &sar ("ebp",31); + &mov (&DWP(32*18+0,"esp"),"ebp"); # !in1infty + + &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($in2_z,"esp")); + &lea ("ebp",&DWP($in2_z,"esp")); + &lea ("edi",&DWP($Z2sqr,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(Z2sqr, in2_z); + + &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($in1_z,"esp")); + &lea ("ebp",&DWP($in1_z,"esp")); + &lea ("edi",&DWP($Z1sqr,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(Z1sqr, in1_z); + + &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($Z2sqr,"esp")); + &lea ("ebp",&DWP($in2_z,"esp")); + &lea ("edi",&DWP($S1,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(S1, Z2sqr, in2_z); + + &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($Z1sqr,"esp")); + &lea ("ebp",&DWP($in1_z,"esp")); + &lea ("edi",&DWP($S2,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(S2, Z1sqr, in1_z); + + &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($in1_y,"esp")); + &lea ("ebp",&DWP($S1,"esp")); + &lea ("edi",&DWP($S1,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(S1, S1, in1_y); + + &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($in2_y,"esp")); + &lea ("ebp",&DWP($S2,"esp")); + &lea ("edi",&DWP($S2,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(S2, S2, in2_y); + + &lea ("esi",&DWP($S2,"esp")); + &lea ("ebp",&DWP($S1,"esp")); + &lea ("edi",&DWP($R,"esp")); + &call ("_ecp_nistz256_sub"); # p256_sub(R, S2, S1); + + &or ("ebx","eax"); # see if result is zero + &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy + &or ("ebx","ecx"); + &or ("ebx","edx"); + &or ("ebx",&DWP(0,"edi")); + &or ("ebx",&DWP(4,"edi")); + &lea ("esi",&DWP($in1_x,"esp")); + &or ("ebx",&DWP(8,"edi")); + &lea ("ebp",&DWP($Z2sqr,"esp")); + &or ("ebx",&DWP(12,"edi")); + &lea ("edi",&DWP($U1,"esp")); + &mov (&DWP(32*18+8,"esp"),"ebx"); + + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(U1, in1_x, Z2sqr); + + &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($in2_x,"esp")); + &lea ("ebp",&DWP($Z1sqr,"esp")); + &lea ("edi",&DWP($U2,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(U2, in2_x, Z1sqr); + + &lea ("esi",&DWP($U2,"esp")); + &lea ("ebp",&DWP($U1,"esp")); + &lea ("edi",&DWP($H,"esp")); + &call ("_ecp_nistz256_sub"); # p256_sub(H, U2, U1); + + &or ("eax","ebx"); # see if result is zero + &or ("eax","ecx"); + &or ("eax","edx"); + &or ("eax",&DWP(0,"edi")); + &or ("eax",&DWP(4,"edi")); + &or ("eax",&DWP(8,"edi")); + &or ("eax",&DWP(12,"edi")); + + &data_byte(0x3e); # predict taken + &jnz (&label("add_proceed")); # is_equal(U1,U2)? + + &mov ("eax",&DWP(32*18+0,"esp")); + &and ("eax",&DWP(32*18+4,"esp")); + &mov ("ebx",&DWP(32*18+8,"esp")); + &jz (&label("add_proceed")); # (in1infty || in2infty)? + &test ("ebx","ebx"); + &jz (&label("add_proceed")); # is_equal(S1,S2)? + + &mov ("edi",&wparam(0)); + &xor ("eax","eax"); + &mov ("ecx",96/4); + &data_byte(0xfc,0xf3,0xab); # cld; stosd + &jmp (&label("add_done")); + +&set_label("add_proceed",16); + &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($R,"esp")); + &lea ("ebp",&DWP($R,"esp")); + &lea ("edi",&DWP($Rsqr,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(Rsqr, R); + + &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($H,"esp")); + &lea ("ebp",&DWP($in1_z,"esp")); + &lea ("edi",&DWP($res_z,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(res_z, H, in1_z); + + &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($H,"esp")); + &lea ("ebp",&DWP($H,"esp")); + &lea ("edi",&DWP($Hsqr,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(Hsqr, H); + + &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($in2_z,"esp")); + &lea ("ebp",&DWP($res_z,"esp")); + &lea ("edi",&DWP($res_z,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(res_z, res_z, in2_z); + + &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($Hsqr,"esp")); + &lea ("ebp",&DWP($U1,"esp")); + &lea ("edi",&DWP($U2,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(U2, U1, Hsqr); + + &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($H,"esp")); + &lea ("ebp",&DWP($Hsqr,"esp")); + &lea ("edi",&DWP($Hcub,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(Hcub, Hsqr, H); + + &lea ("esi",&DWP($U2,"esp")); + &lea ("ebp",&DWP($U2,"esp")); + &lea ("edi",&DWP($Hsqr,"esp")); + &call ("_ecp_nistz256_add"); # p256_mul_by_2(Hsqr, U2); + + &lea ("esi",&DWP($Rsqr,"esp")); + &lea ("ebp",&DWP($Hsqr,"esp")); + &lea ("edi",&DWP($res_x,"esp")); + &call ("_ecp_nistz256_sub"); # p256_sub(res_x, Rsqr, Hsqr); + + &lea ("esi",&DWP($res_x,"esp")); + &lea ("ebp",&DWP($Hcub,"esp")); + &lea ("edi",&DWP($res_x,"esp")); + &call ("_ecp_nistz256_sub"); # p256_sub(res_x, res_x, Hcub); + + &lea ("esi",&DWP($U2,"esp")); + &lea ("ebp",&DWP($res_x,"esp")); + &lea ("edi",&DWP($res_y,"esp")); + &call ("_ecp_nistz256_sub"); # p256_sub(res_y, U2, res_x); + + &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($Hcub,"esp")); + &lea ("ebp",&DWP($S1,"esp")); + &lea ("edi",&DWP($S2,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(S2, S1, Hcub); + + &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($R,"esp")); + &lea ("ebp",&DWP($res_y,"esp")); + &lea ("edi",&DWP($res_y,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(res_y, R, res_y); + + &lea ("esi",&DWP($res_y,"esp")); + &lea ("ebp",&DWP($S2,"esp")); + &lea ("edi",&DWP($res_y,"esp")); + &call ("_ecp_nistz256_sub"); # p256_sub(res_y, res_y, S2); + + &mov ("ebp",&DWP(32*18+0,"esp")); # !in1infty + &mov ("esi",&DWP(32*18+4,"esp")); # !in2infty + &mov ("edi",&wparam(0)); + &mov ("edx","ebp"); + ¬ ("ebp"); + &and ("edx","esi"); + &and ("ebp","esi"); + ¬ ("esi"); + + ######################################## + # conditional moves + for($i=64;$i<96;$i+=4) { + &mov ("eax","edx"); + &and ("eax",&DWP($res_x+$i,"esp")); + &mov ("ebx","ebp"); + &and ("ebx",&DWP($in2_x+$i,"esp")); + &mov ("ecx","esi"); + &and ("ecx",&DWP($in1_x+$i,"esp")); + &or ("eax","ebx"); + &or ("eax","ecx"); + &mov (&DWP($i,"edi"),"eax"); + } + for($i=0;$i<64;$i+=4) { + &mov ("eax","edx"); + &and ("eax",&DWP($res_x+$i,"esp")); + &mov ("ebx","ebp"); + &and ("ebx",&DWP($in2_x+$i,"esp")); + &mov ("ecx","esi"); + &and ("ecx",&DWP($in1_x+$i,"esp")); + &or ("eax","ebx"); + &or ("eax","ecx"); + &mov (&DWP($i,"edi"),"eax"); + } + &set_label("add_done"); + &stack_pop(8*18+5); +} &function_end("ecp_nistz256_point_add"); + +######################################################################## +# void ecp_nistz256_point_add_affine(P256_POINT *out, +# const P256_POINT *in1, +# const P256_POINT_AFFINE *in2); +&function_begin("ecp_nistz256_point_add_affine"); +{ + my ($res_x,$res_y,$res_z, + $in1_x,$in1_y,$in1_z, + $in2_x,$in2_y, + $U2,$S2,$H,$R,$Hsqr,$Hcub,$Rsqr)=map(32*$_,(0..14)); + my $Z1sqr = $S2; + my @ONE_mont=(1,0,0,-1,-1,-1,-2,0); + + &mov ("esi",&wparam(1)); + + # above map() describes stack layout with 15 temporary + # 256-bit vectors on top, then we take extra words for + # !in1infty, !in2infty, and OPENSS_ia32cap_P copy. + &stack_push(8*15+3); + if ($sse2) { + &call ("_picup_eax"); + &set_label("pic"); + &picmeup("edx","OPENSSL_ia32cap_P","eax",&label("pic")); + &mov ("ebp",&DWP(0,"edx")); } + + &lea ("edi",&DWP($in1_x,"esp")); + for($i=0;$i<96;$i+=16) { + &mov ("eax",&DWP($i+0,"esi")); # copy in1 + &mov ("ebx",&DWP($i+4,"esi")); + &mov ("ecx",&DWP($i+8,"esi")); + &mov ("edx",&DWP($i+12,"esi")); + &mov (&DWP($i+0,"edi"),"eax"); + &mov (&DWP(32*15+8,"esp"),"ebp") if ($i==0); + &mov ("ebp","eax") if ($i==0); + &or ("ebp","eax") if ($i!=0 && $i<64); + &mov (&DWP($i+4,"edi"),"ebx"); + &or ("ebp","ebx") if ($i<64); + &mov (&DWP($i+8,"edi"),"ecx"); + &or ("ebp","ecx") if ($i<64); + &mov (&DWP($i+12,"edi"),"edx"); + &or ("ebp","edx") if ($i<64); + } + &xor ("eax","eax"); + &mov ("esi",&wparam(2)); + &sub ("eax","ebp"); + &or ("ebp","eax"); + &sar ("ebp",31); + &mov (&DWP(32*15+0,"esp"),"ebp"); # !in1infty + + &lea ("edi",&DWP($in2_x,"esp")); + for($i=0;$i<64;$i+=16) { + &mov ("eax",&DWP($i+0,"esi")); # copy in2 + &mov ("ebx",&DWP($i+4,"esi")); + &mov ("ecx",&DWP($i+8,"esi")); + &mov ("edx",&DWP($i+12,"esi")); + &mov (&DWP($i+0,"edi"),"eax"); + &mov ("ebp","eax") if ($i==0); + &or ("ebp","eax") if ($i!=0); + &mov (&DWP($i+4,"edi"),"ebx"); + &or ("ebp","ebx"); + &mov (&DWP($i+8,"edi"),"ecx"); + &or ("ebp","ecx"); + &mov (&DWP($i+12,"edi"),"edx"); + &or ("ebp","edx"); + } + &xor ("ebx","ebx"); + &mov ("eax",&DWP(32*15+8,"esp")); # OPENSSL_ia32cap_P copy + &sub ("ebx","ebp"); + &lea ("esi",&DWP($in1_z,"esp")); + &or ("ebx","ebp"); + &lea ("ebp",&DWP($in1_z,"esp")); + &sar ("ebx",31); + &lea ("edi",&DWP($Z1sqr,"esp")); + &mov (&DWP(32*15+4,"esp"),"ebx"); # !in2infty + + &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(Z1sqr, in1_z); + + &mov ("eax",&DWP(32*15+8,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($in2_x,"esp")); + &mov ("ebp","edi"); # %esi is stull &Z1sqr + &lea ("edi",&DWP($U2,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(U2, Z1sqr, in2_x); + + &mov ("eax",&DWP(32*15+8,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($in1_z,"esp")); + &lea ("ebp",&DWP($Z1sqr,"esp")); + &lea ("edi",&DWP($S2,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(S2, Z1sqr, in1_z); + + &lea ("esi",&DWP($U2,"esp")); + &lea ("ebp",&DWP($in1_x,"esp")); + &lea ("edi",&DWP($H,"esp")); + &call ("_ecp_nistz256_sub"); # p256_sub(H, U2, in1_x); + + &mov ("eax",&DWP(32*15+8,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($in2_y,"esp")); + &lea ("ebp",&DWP($S2,"esp")); + &lea ("edi",&DWP($S2,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(S2, S2, in2_y); + + &mov ("eax",&DWP(32*15+8,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($in1_z,"esp")); + &lea ("ebp",&DWP($H,"esp")); + &lea ("edi",&DWP($res_z,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(res_z, H, in1_z); + + &lea ("esi",&DWP($S2,"esp")); + &lea ("ebp",&DWP($in1_y,"esp")); + &lea ("edi",&DWP($R,"esp")); + &call ("_ecp_nistz256_sub"); # p256_sub(R, S2, in1_y); + + &mov ("eax",&DWP(32*15+8,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($H,"esp")); + &lea ("ebp",&DWP($H,"esp")); + &lea ("edi",&DWP($Hsqr,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(Hsqr, H); + + &mov ("eax",&DWP(32*15+8,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($R,"esp")); + &lea ("ebp",&DWP($R,"esp")); + &lea ("edi",&DWP($Rsqr,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(Rsqr, R); + + &mov ("eax",&DWP(32*15+8,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($in1_x,"esp")); + &lea ("ebp",&DWP($Hsqr,"esp")); + &lea ("edi",&DWP($U2,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(U2, in1_x, Hsqr); + + &mov ("eax",&DWP(32*15+8,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($H,"esp")); + &lea ("ebp",&DWP($Hsqr,"esp")); + &lea ("edi",&DWP($Hcub,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(Hcub, Hsqr, H); + + &lea ("esi",&DWP($U2,"esp")); + &lea ("ebp",&DWP($U2,"esp")); + &lea ("edi",&DWP($Hsqr,"esp")); + &call ("_ecp_nistz256_add"); # p256_mul_by_2(Hsqr, U2); + + &lea ("esi",&DWP($Rsqr,"esp")); + &lea ("ebp",&DWP($Hsqr,"esp")); + &lea ("edi",&DWP($res_x,"esp")); + &call ("_ecp_nistz256_sub"); # p256_sub(res_x, Rsqr, Hsqr); + + &lea ("esi",&DWP($res_x,"esp")); + &lea ("ebp",&DWP($Hcub,"esp")); + &lea ("edi",&DWP($res_x,"esp")); + &call ("_ecp_nistz256_sub"); # p256_sub(res_x, res_x, Hcub); + + &lea ("esi",&DWP($U2,"esp")); + &lea ("ebp",&DWP($res_x,"esp")); + &lea ("edi",&DWP($res_y,"esp")); + &call ("_ecp_nistz256_sub"); # p256_sub(res_y, U2, res_x); + + &mov ("eax",&DWP(32*15+8,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($Hcub,"esp")); + &lea ("ebp",&DWP($in1_y,"esp")); + &lea ("edi",&DWP($S2,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(S2, Hcub, in1_y); + + &mov ("eax",&DWP(32*15+8,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($R,"esp")); + &lea ("ebp",&DWP($res_y,"esp")); + &lea ("edi",&DWP($res_y,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(res_y, res_y, R); + + &lea ("esi",&DWP($res_y,"esp")); + &lea ("ebp",&DWP($S2,"esp")); + &lea ("edi",&DWP($res_y,"esp")); + &call ("_ecp_nistz256_sub"); # p256_sub(res_y, res_y, S2); + + &mov ("ebp",&DWP(32*15+0,"esp")); # !in1infty + &mov ("esi",&DWP(32*15+4,"esp")); # !in2infty + &mov ("edi",&wparam(0)); + &mov ("edx","ebp"); + ¬ ("ebp"); + &and ("edx","esi"); + &and ("ebp","esi"); + ¬ ("esi"); + + ######################################## + # conditional moves + for($i=64;$i<96;$i+=4) { + my $one=@ONE_mont[($i-64)/4]; + + &mov ("eax","edx"); + &and ("eax",&DWP($res_x+$i,"esp")); + &mov ("ebx","ebp") if ($one && $one!=-1); + &and ("ebx",$one) if ($one && $one!=-1); + &mov ("ecx","esi"); + &and ("ecx",&DWP($in1_x+$i,"esp")); + &or ("eax",$one==-1?"ebp":"ebx") if ($one); + &or ("eax","ecx"); + &mov (&DWP($i,"edi"),"eax"); + } + for($i=0;$i<64;$i+=4) { + &mov ("eax","edx"); + &and ("eax",&DWP($res_x+$i,"esp")); + &mov ("ebx","ebp"); + &and ("ebx",&DWP($in2_x+$i,"esp")); + &mov ("ecx","esi"); + &and ("ecx",&DWP($in1_x+$i,"esp")); + &or ("eax","ebx"); + &or ("eax","ecx"); + &mov (&DWP($i,"edi"),"eax"); + } + &stack_pop(8*15+3); +} &function_end("ecp_nistz256_point_add_affine"); + +&asm_finish(); From appro at openssl.org Tue Feb 10 07:56:09 2015 From: appro at openssl.org (Andy Polyakov) Date: Tue, 10 Feb 2015 08:56:09 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150210075609.A284E1DF1AB@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via bcfaa4eeee5bbb2ddf9545e41b62cbfc10ad60b0 (commit) from cb43fd046716466e1c6cb0655563ebd74aaa1dac (commit) - Log ----------------------------------------------------------------- commit bcfaa4eeee5bbb2ddf9545e41b62cbfc10ad60b0 Author: Andy Polyakov Date: Tue Feb 10 08:55:30 2015 +0100 objects/obj_xref.h: revert reformat. obj_xref.h was erroneously restored to pre-reformat state. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/objects/obj_xref.h | 185 +++++++++++++++++++++++---------------------- 1 file changed, 95 insertions(+), 90 deletions(-) diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h index 433c96b..e453e99 100644 --- a/crypto/objects/obj_xref.h +++ b/crypto/objects/obj_xref.h @@ -1,94 +1,99 @@ /* AUTOGENERATED BY objxref.pl, DO NOT EDIT */ -typedef struct - { - int sign_id; - int hash_id; - int pkey_id; - } nid_triple; +typedef struct { + int sign_id; + int hash_id; + int pkey_id; +} nid_triple; -static const nid_triple sigoid_srt[] = - { - {NID_md2WithRSAEncryption, NID_md2, NID_rsaEncryption}, - {NID_md5WithRSAEncryption, NID_md5, NID_rsaEncryption}, - {NID_shaWithRSAEncryption, NID_sha, NID_rsaEncryption}, - {NID_sha1WithRSAEncryption, NID_sha1, NID_rsaEncryption}, - {NID_dsaWithSHA, NID_sha, NID_dsa}, - {NID_dsaWithSHA1_2, NID_sha1, NID_dsa_2}, - {NID_mdc2WithRSA, NID_mdc2, NID_rsaEncryption}, - {NID_md5WithRSA, NID_md5, NID_rsa}, - {NID_dsaWithSHA1, NID_sha1, NID_dsa}, - {NID_sha1WithRSA, NID_sha1, NID_rsa}, - {NID_ripemd160WithRSA, NID_ripemd160, NID_rsaEncryption}, - {NID_md4WithRSAEncryption, NID_md4, NID_rsaEncryption}, - {NID_ecdsa_with_SHA1, NID_sha1, NID_X9_62_id_ecPublicKey}, - {NID_sha256WithRSAEncryption, NID_sha256, NID_rsaEncryption}, - {NID_sha384WithRSAEncryption, NID_sha384, NID_rsaEncryption}, - {NID_sha512WithRSAEncryption, NID_sha512, NID_rsaEncryption}, - {NID_sha224WithRSAEncryption, NID_sha224, NID_rsaEncryption}, - {NID_ecdsa_with_Recommended, NID_undef, NID_X9_62_id_ecPublicKey}, - {NID_ecdsa_with_Specified, NID_undef, NID_X9_62_id_ecPublicKey}, - {NID_ecdsa_with_SHA224, NID_sha224, NID_X9_62_id_ecPublicKey}, - {NID_ecdsa_with_SHA256, NID_sha256, NID_X9_62_id_ecPublicKey}, - {NID_ecdsa_with_SHA384, NID_sha384, NID_X9_62_id_ecPublicKey}, - {NID_ecdsa_with_SHA512, NID_sha512, NID_X9_62_id_ecPublicKey}, - {NID_dsa_with_SHA224, NID_sha224, NID_dsa}, - {NID_dsa_with_SHA256, NID_sha256, NID_dsa}, - {NID_id_GostR3411_94_with_GostR3410_2001, NID_id_GostR3411_94, NID_id_GostR3410_2001}, - {NID_id_GostR3411_94_with_GostR3410_94, NID_id_GostR3411_94, NID_id_GostR3410_94}, - {NID_id_GostR3411_94_with_GostR3410_94_cc, NID_id_GostR3411_94, NID_id_GostR3410_94_cc}, - {NID_id_GostR3411_94_with_GostR3410_2001_cc, NID_id_GostR3411_94, NID_id_GostR3410_2001_cc}, - {NID_rsassaPss, NID_undef, NID_rsaEncryption}, - {NID_dhSinglePass_stdDH_sha1kdf_scheme, NID_sha1, NID_dh_std_kdf}, - {NID_dhSinglePass_stdDH_sha224kdf_scheme, NID_sha224, NID_dh_std_kdf}, - {NID_dhSinglePass_stdDH_sha256kdf_scheme, NID_sha256, NID_dh_std_kdf}, - {NID_dhSinglePass_stdDH_sha384kdf_scheme, NID_sha384, NID_dh_std_kdf}, - {NID_dhSinglePass_stdDH_sha512kdf_scheme, NID_sha512, NID_dh_std_kdf}, - {NID_dhSinglePass_cofactorDH_sha1kdf_scheme, NID_sha1, NID_dh_cofactor_kdf}, - {NID_dhSinglePass_cofactorDH_sha224kdf_scheme, NID_sha224, NID_dh_cofactor_kdf}, - {NID_dhSinglePass_cofactorDH_sha256kdf_scheme, NID_sha256, NID_dh_cofactor_kdf}, - {NID_dhSinglePass_cofactorDH_sha384kdf_scheme, NID_sha384, NID_dh_cofactor_kdf}, - {NID_dhSinglePass_cofactorDH_sha512kdf_scheme, NID_sha512, NID_dh_cofactor_kdf}, - }; - -static const nid_triple * const sigoid_srt_xref[] = - { - &sigoid_srt[0], - &sigoid_srt[1], - &sigoid_srt[7], - &sigoid_srt[2], - &sigoid_srt[4], - &sigoid_srt[3], - &sigoid_srt[9], - &sigoid_srt[5], - &sigoid_srt[8], - &sigoid_srt[12], - &sigoid_srt[30], - &sigoid_srt[35], - &sigoid_srt[6], - &sigoid_srt[10], - &sigoid_srt[11], - &sigoid_srt[13], - &sigoid_srt[24], - &sigoid_srt[20], - &sigoid_srt[32], - &sigoid_srt[37], - &sigoid_srt[14], - &sigoid_srt[21], - &sigoid_srt[33], - &sigoid_srt[38], - &sigoid_srt[15], - &sigoid_srt[22], - &sigoid_srt[34], - &sigoid_srt[39], - &sigoid_srt[16], - &sigoid_srt[23], - &sigoid_srt[19], - &sigoid_srt[31], - &sigoid_srt[36], - &sigoid_srt[25], - &sigoid_srt[26], - &sigoid_srt[27], - &sigoid_srt[28], - }; +static const nid_triple sigoid_srt[] = { + {NID_md2WithRSAEncryption, NID_md2, NID_rsaEncryption}, + {NID_md5WithRSAEncryption, NID_md5, NID_rsaEncryption}, + {NID_shaWithRSAEncryption, NID_sha, NID_rsaEncryption}, + {NID_sha1WithRSAEncryption, NID_sha1, NID_rsaEncryption}, + {NID_dsaWithSHA, NID_sha, NID_dsa}, + {NID_dsaWithSHA1_2, NID_sha1, NID_dsa_2}, + {NID_mdc2WithRSA, NID_mdc2, NID_rsaEncryption}, + {NID_md5WithRSA, NID_md5, NID_rsa}, + {NID_dsaWithSHA1, NID_sha1, NID_dsa}, + {NID_sha1WithRSA, NID_sha1, NID_rsa}, + {NID_ripemd160WithRSA, NID_ripemd160, NID_rsaEncryption}, + {NID_md4WithRSAEncryption, NID_md4, NID_rsaEncryption}, + {NID_ecdsa_with_SHA1, NID_sha1, NID_X9_62_id_ecPublicKey}, + {NID_sha256WithRSAEncryption, NID_sha256, NID_rsaEncryption}, + {NID_sha384WithRSAEncryption, NID_sha384, NID_rsaEncryption}, + {NID_sha512WithRSAEncryption, NID_sha512, NID_rsaEncryption}, + {NID_sha224WithRSAEncryption, NID_sha224, NID_rsaEncryption}, + {NID_ecdsa_with_Recommended, NID_undef, NID_X9_62_id_ecPublicKey}, + {NID_ecdsa_with_Specified, NID_undef, NID_X9_62_id_ecPublicKey}, + {NID_ecdsa_with_SHA224, NID_sha224, NID_X9_62_id_ecPublicKey}, + {NID_ecdsa_with_SHA256, NID_sha256, NID_X9_62_id_ecPublicKey}, + {NID_ecdsa_with_SHA384, NID_sha384, NID_X9_62_id_ecPublicKey}, + {NID_ecdsa_with_SHA512, NID_sha512, NID_X9_62_id_ecPublicKey}, + {NID_dsa_with_SHA224, NID_sha224, NID_dsa}, + {NID_dsa_with_SHA256, NID_sha256, NID_dsa}, + {NID_id_GostR3411_94_with_GostR3410_2001, NID_id_GostR3411_94, + NID_id_GostR3410_2001}, + {NID_id_GostR3411_94_with_GostR3410_94, NID_id_GostR3411_94, + NID_id_GostR3410_94}, + {NID_id_GostR3411_94_with_GostR3410_94_cc, NID_id_GostR3411_94, + NID_id_GostR3410_94_cc}, + {NID_id_GostR3411_94_with_GostR3410_2001_cc, NID_id_GostR3411_94, + NID_id_GostR3410_2001_cc}, + {NID_rsassaPss, NID_undef, NID_rsaEncryption}, + {NID_dhSinglePass_stdDH_sha1kdf_scheme, NID_sha1, NID_dh_std_kdf}, + {NID_dhSinglePass_stdDH_sha224kdf_scheme, NID_sha224, NID_dh_std_kdf}, + {NID_dhSinglePass_stdDH_sha256kdf_scheme, NID_sha256, NID_dh_std_kdf}, + {NID_dhSinglePass_stdDH_sha384kdf_scheme, NID_sha384, NID_dh_std_kdf}, + {NID_dhSinglePass_stdDH_sha512kdf_scheme, NID_sha512, NID_dh_std_kdf}, + {NID_dhSinglePass_cofactorDH_sha1kdf_scheme, NID_sha1, + NID_dh_cofactor_kdf}, + {NID_dhSinglePass_cofactorDH_sha224kdf_scheme, NID_sha224, + NID_dh_cofactor_kdf}, + {NID_dhSinglePass_cofactorDH_sha256kdf_scheme, NID_sha256, + NID_dh_cofactor_kdf}, + {NID_dhSinglePass_cofactorDH_sha384kdf_scheme, NID_sha384, + NID_dh_cofactor_kdf}, + {NID_dhSinglePass_cofactorDH_sha512kdf_scheme, NID_sha512, + NID_dh_cofactor_kdf}, +}; +static const nid_triple *const sigoid_srt_xref[] = { + &sigoid_srt[0], + &sigoid_srt[1], + &sigoid_srt[7], + &sigoid_srt[2], + &sigoid_srt[4], + &sigoid_srt[3], + &sigoid_srt[9], + &sigoid_srt[5], + &sigoid_srt[8], + &sigoid_srt[12], + &sigoid_srt[30], + &sigoid_srt[35], + &sigoid_srt[6], + &sigoid_srt[10], + &sigoid_srt[11], + &sigoid_srt[13], + &sigoid_srt[24], + &sigoid_srt[20], + &sigoid_srt[32], + &sigoid_srt[37], + &sigoid_srt[14], + &sigoid_srt[21], + &sigoid_srt[33], + &sigoid_srt[38], + &sigoid_srt[15], + &sigoid_srt[22], + &sigoid_srt[34], + &sigoid_srt[39], + &sigoid_srt[16], + &sigoid_srt[23], + &sigoid_srt[19], + &sigoid_srt[31], + &sigoid_srt[36], + &sigoid_srt[25], + &sigoid_srt[26], + &sigoid_srt[27], + &sigoid_srt[28], +}; From matt at openssl.org Tue Feb 10 14:33:24 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 10 Feb 2015 15:33:24 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150210143324.A657C1DF1AB@butler.localdomain> The branch master has been updated via efb4597345a0ae31ac81f9dfb783f3eef420122b (commit) via 00a5a74bbc854972c4484a0b204bc9437d2757d9 (commit) via a8b4e057b3c8b9563802105cfcc6210f70ce1fc8 (commit) from 79ee5afa26da1f2e3d16376d20b273cc759b0c1b (commit) - Log ----------------------------------------------------------------- commit efb4597345a0ae31ac81f9dfb783f3eef420122b Author: Matt Caswell Date: Tue Feb 10 10:12:19 2015 +0000 Remove some functions that are no longer used and break the build with: ./config --strict-warnings enable-deprecated Reviewed-by: Tim Hudson commit 00a5a74bbc854972c4484a0b204bc9437d2757d9 Author: Matt Caswell Date: Tue Feb 10 09:45:18 2015 +0000 HMAC_cleanup, and HMAC_Init are stated as deprecated in the docs and source. Mark them as such with OPENSSL_USE_DEPRECATED Reviewed-by: Tim Hudson commit a8b4e057b3c8b9563802105cfcc6210f70ce1fc8 Author: Matt Caswell Date: Tue Feb 10 10:07:07 2015 +0000 Remove -DOPENSSL_NO_DEPRECATED from --strict-warnings flags. In master OPENSSL_NO_DEPRECATED is the default anyway. By including it in --strict-warnings as well this means you cannot combine enable-deprecated with --strict-warnings. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: Configure | 2 +- crypto/bn/bn_ctx.c | 50 -------------------------------------------------- crypto/hmac/hmac.c | 4 +++- crypto/hmac/hmac.h | 7 +++++-- 4 files changed, 9 insertions(+), 54 deletions(-) diff --git a/Configure b/Configure index f6dd38e..9f2539b 100755 --- a/Configure +++ b/Configure @@ -105,7 +105,7 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [experimenta # Minimum warning options... any contributions to OpenSSL should at least get # past these. -my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED"; +my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK"; my $clang_disabled_warnings = "-Wno-language-extension-token -Wno-extended-offsetof -Wno-padded -Wno-shorten-64-to-32 -Wno-format-nonliteral -Wno-missing-noreturn -Wno-unused-parameter -Wno-sign-conversion -Wno-unreachable-code -Wno-conversion -Wno-documentation -Wno-missing-variable-declarations -Wno-cast-align -Wno-incompatible-pointer-types-discards-qualifiers -Wno-missing-variable-declarations -Wno-missing-field-initializers -Wno-unused-macros -Wno-disabled-macro-expansion -Wno-conditional-uninitialized -Wno-switch-enum"; diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c index 4bc0445..d2dd1e6 100644 --- a/crypto/bn/bn_ctx.c +++ b/crypto/bn/bn_ctx.c @@ -103,9 +103,6 @@ typedef struct bignum_pool { } BN_POOL; static void BN_POOL_init(BN_POOL *); static void BN_POOL_finish(BN_POOL *); -#ifndef OPENSSL_NO_DEPRECATED -static void BN_POOL_reset(BN_POOL *); -#endif static BIGNUM *BN_POOL_get(BN_POOL *); static void BN_POOL_release(BN_POOL *, unsigned int); @@ -122,9 +119,6 @@ typedef struct bignum_ctx_stack { } BN_STACK; static void BN_STACK_init(BN_STACK *); static void BN_STACK_finish(BN_STACK *); -#ifndef OPENSSL_NO_DEPRECATED -static void BN_STACK_reset(BN_STACK *); -#endif static int BN_STACK_push(BN_STACK *, unsigned int); static unsigned int BN_STACK_pop(BN_STACK *); @@ -189,26 +183,6 @@ static void ctxdbg(BN_CTX *ctx) # define CTXDBG_RET(ctx,ret) #endif -/* - * This function is an evil legacy and should not be used. This - * implementation is WYSIWYG, though I've done my best. - */ -#ifndef OPENSSL_NO_DEPRECATED -void BN_CTX_init(BN_CTX *ctx) -{ - /* - * Assume the caller obtained the context via BN_CTX_new() and so is - * trying to reset it for use. Nothing else makes sense, least of all - * binary compatibility from a time when they could declare a static - * variable. - */ - BN_POOL_reset(&ctx->pool); - BN_STACK_reset(&ctx->stack); - ctx->used = 0; - ctx->err_stack = 0; - ctx->too_many = 0; -} -#endif BN_CTX *BN_CTX_new(void) { @@ -319,12 +293,6 @@ static void BN_STACK_finish(BN_STACK *st) OPENSSL_free(st->indexes); } -#ifndef OPENSSL_NO_DEPRECATED -static void BN_STACK_reset(BN_STACK *st) -{ - st->depth = 0; -} -#endif static int BN_STACK_push(BN_STACK *st, unsigned int idx) { @@ -379,24 +347,6 @@ static void BN_POOL_finish(BN_POOL *p) } } -#ifndef OPENSSL_NO_DEPRECATED -static void BN_POOL_reset(BN_POOL *p) -{ - BN_POOL_ITEM *item = p->head; - while (item) { - unsigned int loop = 0; - BIGNUM *bn = item->vals; - while (loop++ < BN_CTX_POOL_SIZE) { - if (bn->d) - BN_clear(bn); - bn++; - } - item = item->next; - } - p->current = p->head; - p->used = 0; -} -#endif static BIGNUM *BN_POOL_get(BN_POOL *p) { diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c index 1d871f0..3a4dfa4 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c @@ -118,12 +118,14 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, return 0; } +#ifndef OPENSSL_NO_DEPRECATED int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md) { if (key && md) HMAC_CTX_init(ctx); return HMAC_Init_ex(ctx, key, len, md, NULL); } +#endif int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len) { @@ -190,7 +192,7 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, if (md == NULL) md = m; HMAC_CTX_init(&c); - if (!HMAC_Init(&c, key, key_len, evp_md)) + if (!HMAC_Init_ex(&c, key, key_len, evp_md, NULL)) goto err; if (!HMAC_Update(&c, d, n)) goto err; diff --git a/crypto/hmac/hmac.h b/crypto/hmac/hmac.h index 2404e53..81aa49d 100644 --- a/crypto/hmac/hmac.h +++ b/crypto/hmac/hmac.h @@ -82,12 +82,15 @@ typedef struct hmac_ctx_st { void HMAC_CTX_init(HMAC_CTX *ctx); void HMAC_CTX_cleanup(HMAC_CTX *ctx); +#ifdef OPENSSL_USE_DEPRECATED /* deprecated */ # define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx) /* deprecated */ -__owur int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, - const EVP_MD *md); +DECLARE_DEPRECATED(__owur int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, + const EVP_MD *md)); + +#endif /*__owur*/ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md, ENGINE *impl); /*__owur*/ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, From emilia at openssl.org Tue Feb 10 14:36:25 2015 From: emilia at openssl.org (Emilia Kasper) Date: Tue, 10 Feb 2015 15:36:25 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150210143625.97E0C1DF1AB@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via 95929797a01eb4ad42694f1f848bdbb9decbcefe (commit) from bcfaa4eeee5bbb2ddf9545e41b62cbfc10ad60b0 (commit) - Log ----------------------------------------------------------------- commit 95929797a01eb4ad42694f1f848bdbb9decbcefe Author: Emilia Kasper Date: Thu Feb 5 16:38:54 2015 +0100 Fix hostname validation in the command-line tool to honour negative return values. Specifically, an ASN.1 NumericString in the certificate CN will fail UTF-8 conversion and result in a negative return value, which the "x509 -checkhost" command-line option incorrectly interpreted as success. Also update X509_check_host docs to reflect reality. Thanks to Sean Burford (Google) for reporting this issue. Reviewed-by: Richard Levitte (cherry picked from commit 0923e7df9eafec6db9c75405d7085ec8581f01bd) ----------------------------------------------------------------------- Summary of changes: apps/apps.c | 2 +- crypto/x509v3/v3_utl.c | 7 ++++++- doc/crypto/X509_check_host.pod | 7 +++++-- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index e6bb48f..ef5d087 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -2775,7 +2775,7 @@ void print_cert_checks(BIO *bio, X509 *x, return; if (checkhost) { BIO_printf(bio, "Hostname %s does%s match certificate\n", - checkhost, X509_check_host(x, checkhost, 0, 0, NULL) + checkhost, X509_check_host(x, checkhost, 0, 0, NULL) == 1 ? "" : " NOT"); } diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index f65323b..ed6099e 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -901,8 +901,13 @@ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal, int astrlen; unsigned char *astr; astrlen = ASN1_STRING_to_UTF8(&astr, a); - if (astrlen < 0) + if (astrlen < 0) { + /* + * -1 could be an internal malloc failure or a decoding error from + * malformed input; we can't distinguish. + */ return -1; + } rv = equal(astr, astrlen, (unsigned char *)b, blen, flags); if (rv > 0 && peername) *peername = BUF_strndup((char *)astr, astrlen); diff --git a/doc/crypto/X509_check_host.pod b/doc/crypto/X509_check_host.pod index f8b530d..0def17a 100644 --- a/doc/crypto/X509_check_host.pod +++ b/doc/crypto/X509_check_host.pod @@ -109,9 +109,12 @@ but would not match a peer certificate with a DNS name of =head1 RETURN VALUES The functions return 1 for a successful match, 0 for a failed match -and -1 for an internal error: typically a memory allocation failure. +and -1 for an internal error: typically a memory allocation failure +or an ASN.1 decoding error. -X509_check_ip_asc() can also return -2 if the IP address string is malformed. +All functions can also return -2 if the input is malformed. For example, +X509_check_host() returns -2 if the provided B contains embedded +NULs. =head1 NOTES From emilia at openssl.org Tue Feb 10 14:36:25 2015 From: emilia at openssl.org (Emilia Kasper) Date: Tue, 10 Feb 2015 15:36:25 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150210143625.A1A071E0360@butler.localdomain> The branch master has been updated via 0923e7df9eafec6db9c75405d7085ec8581f01bd (commit) from efb4597345a0ae31ac81f9dfb783f3eef420122b (commit) - Log ----------------------------------------------------------------- commit 0923e7df9eafec6db9c75405d7085ec8581f01bd Author: Emilia Kasper Date: Thu Feb 5 16:38:54 2015 +0100 Fix hostname validation in the command-line tool to honour negative return values. Specifically, an ASN.1 NumericString in the certificate CN will fail UTF-8 conversion and result in a negative return value, which the "x509 -checkhost" command-line option incorrectly interpreted as success. Also update X509_check_host docs to reflect reality. Thanks to Sean Burford (Google) for reporting this issue. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: apps/apps.c | 2 +- crypto/x509v3/v3_utl.c | 7 ++++++- doc/crypto/X509_check_host.pod | 7 +++++-- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 97f0c0e..bf044d4 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -2780,7 +2780,7 @@ void print_cert_checks(BIO *bio, X509 *x, return; if (checkhost) { BIO_printf(bio, "Hostname %s does%s match certificate\n", - checkhost, X509_check_host(x, checkhost, 0, 0, NULL) + checkhost, X509_check_host(x, checkhost, 0, 0, NULL) == 1 ? "" : " NOT"); } diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index 1ad3999..cd7a980 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -889,8 +889,13 @@ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal, int astrlen; unsigned char *astr; astrlen = ASN1_STRING_to_UTF8(&astr, a); - if (astrlen < 0) + if (astrlen < 0) { + /* + * -1 could be an internal malloc failure or a decoding error from + * malformed input; we can't distinguish. + */ return -1; + } rv = equal(astr, astrlen, (unsigned char *)b, blen, flags); if (rv > 0 && peername) *peername = BUF_strndup((char *)astr, astrlen); diff --git a/doc/crypto/X509_check_host.pod b/doc/crypto/X509_check_host.pod index f8b530d..0def17a 100644 --- a/doc/crypto/X509_check_host.pod +++ b/doc/crypto/X509_check_host.pod @@ -109,9 +109,12 @@ but would not match a peer certificate with a DNS name of =head1 RETURN VALUES The functions return 1 for a successful match, 0 for a failed match -and -1 for an internal error: typically a memory allocation failure. +and -1 for an internal error: typically a memory allocation failure +or an ASN.1 decoding error. -X509_check_ip_asc() can also return -2 if the IP address string is malformed. +All functions can also return -2 if the input is malformed. For example, +X509_check_host() returns -2 if the provided B contains embedded +NULs. =head1 NOTES From steve at openssl.org Tue Feb 10 16:19:06 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 10 Feb 2015 17:19:06 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150210161906.D8CFE1DF1AB@butler.localdomain> The branch master has been updated via b033e5d5abad78269e137b7d710004dac0448a6b (commit) via 7303b472f1461a43595822c54b5f87d6dd4de40e (commit) via 307e3978b973ff4566b69f631096deba117b51ea (commit) from 0923e7df9eafec6db9c75405d7085ec8581f01bd (commit) - Log ----------------------------------------------------------------- commit b033e5d5abad78269e137b7d710004dac0448a6b Author: Dr. Stephen Henson Date: Mon Feb 9 23:24:10 2015 +0000 New evp_test updates. Print usage message. Print expected and got values if mismatch. Reviewed-by: Andy Polyakov commit 7303b472f1461a43595822c54b5f87d6dd4de40e Author: Dr. Stephen Henson Date: Mon Feb 9 17:33:02 2015 +0000 Add new test file. Reviewed-by: Andy Polyakov commit 307e3978b973ff4566b69f631096deba117b51ea Author: Dr. Stephen Henson Date: Mon Feb 9 17:29:47 2015 +0000 Initial version of new evp_test program. Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: crypto/evp/evp_test.c | 1086 ++++++++++++++------------ crypto/evp/evptests.txt | 1927 +++++++++++++++++++++++++++++++++++++++-------- 2 files changed, 2227 insertions(+), 786 deletions(-) diff --git a/crypto/evp/evp_test.c b/crypto/evp/evp_test.c index ea332ae..686ca7c 100644 --- a/crypto/evp/evp_test.c +++ b/crypto/evp/evp_test.c @@ -1,6 +1,10 @@ -/* Written by Ben Laurie, 2001 */ +/* evp_test.c */ /* - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. + * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -17,12 +21,12 @@ * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact - * openssl-core at openssl.org. + * licensing at OpenSSL.org. * * 5. Products derived from this software may not be called "OpenSSL" * nor may "OpenSSL" appear in their names without prior written @@ -31,7 +35,7 @@ * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE @@ -45,553 +49,689 @@ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== */ #include #include - -#include "../e_os.h" - -#include +#include +#include #include -#ifndef OPENSSL_NO_ENGINE -# include -#endif #include -#include +#include -static void hexdump(FILE *f, const char *title, const unsigned char *s, int l) +/* Remove spaces from beginning and end of a string */ + +static void remove_space(char **pval) { - int n = 0; + unsigned char *p = (unsigned char *)*pval; - fprintf(f, "%s", title); - for (; n < l; ++n) { - if ((n % 16) == 0) - fprintf(f, "\n%04x", n); - fprintf(f, " %02x", s[n]); - } - fprintf(f, "\n"); + while (isspace(*p)) + p++; + + *pval = (char *)p; + + p = p + strlen(*pval) - 1; + + /* Remove trailing space */ + while (isspace(*p)) + *p-- = 0; } -static int convert(unsigned char *s) +/* + * Given a line of the form: + * name = value # comment + * extract name and value. NB: modifies passed buffer. + */ + +static int parse_line(char **pkw, char **pval, char *linebuf) { - unsigned char *d; + char *p; - for (d = s; *s; s += 2, ++d) { - unsigned int n; + p = linebuf + strlen(linebuf) - 1; - if (!s[1]) { - fprintf(stderr, "Odd number of hex digits!"); - EXIT(4); - } - sscanf((char *)s, "%2x", &n); - *d = (unsigned char)n; + if (*p != '\n') { + fprintf(stderr, "FATAL: missing EOL\n"); + exit(1); } - return s - d; -} -static char *sstrsep(char **string, const char *delim) -{ - char isdelim[256]; - char *token = *string; + /* Look for # */ - if (**string == 0) - return NULL; + p = strchr(linebuf, '#'); - memset(isdelim, 0, 256); - isdelim[0] = 1; + if (p) + *p = '\0'; - while (*delim) { - isdelim[(unsigned char)(*delim)] = 1; - delim++; - } + /* Look for = sign */ + p = strchr(linebuf, '='); - while (!isdelim[(unsigned char)(**string)]) { - (*string)++; - } + /* If no '=' exit */ + if (!p) + return 0; - if (**string) { - **string = 0; - (*string)++; - } + *p++ = '\0'; + + *pkw = linebuf; + *pval = p; - return token; + /* Remove spaces from keyword and value */ + remove_space(pkw); + remove_space(pval); + + return 1; } -static unsigned char *ustrsep(char **p, const char *sep) +/* For a hex string "value" convert to a binary allocated buffer */ +static int test_bin(const char *value, unsigned char **buf, size_t *buflen) { - return (unsigned char *)sstrsep(p, sep); + long len; + if (!*value) { + /* Don't return NULL for zero length buffer */ + *buf = OPENSSL_malloc(1); + if (!*buf) + return 0; + **buf = 0; + *buflen = 0; + return 1; + } + *buf = string_to_hex(value, &len); + if (!*buf) { + fprintf(stderr, "Value=%s\n", value); + ERR_print_errors_fp(stderr); + return -1; + } + /* Size of input buffer means we'll never overflow */ + *buflen = len; + return 1; } -static int test1_exit(int ec) +/* Structure holding test information */ +struct evp_test { + /* method for this test */ + const struct evp_test_method *meth; + /* current line being processed */ + unsigned int line; + /* start line of current test */ + unsigned int start_line; + /* Error string for test */ + const char *err; + /* Expected error value of test */ + char *expected_err; + /* Number of tests */ + int ntests; + /* Error count */ + int errors; + /* If output mismatch expected and got value */ + unsigned char *out_got; + unsigned char *out_expected; + size_t out_len; + /* test specific data */ + void *data; +}; +/* Test method structure */ +struct evp_test_method { + /* Name of test as it appears in file */ + const char *name; + /* Initialise test for "alg" */ + int (*init) (struct evp_test * t, const char *alg); + /* Clean up method */ + void (*cleanup) (struct evp_test * t); + /* Test specific name value pair processing */ + int (*parse) (struct evp_test * t, const char *name, const char *value); + /* Run the test itself */ + int (*run_test) (struct evp_test * t); +}; + +static const struct evp_test_method digest_test_method, cipher_test_method; +static const struct evp_test_method aead_test_method; + +static const struct evp_test_method *evp_test_list[] = { + &digest_test_method, + &cipher_test_method, + NULL, +}; + +static const struct evp_test_method *evp_find_test(const char *name) { - EXIT(ec); + const struct evp_test_method **tt; + for (tt = evp_test_list; *tt; tt++) { + if (!strcmp(name, (*tt)->name)) + return *tt; + } + return NULL; } -/* Test copying of contexts */ -static void test_ctx_replace(EVP_CIPHER_CTX **pctx) +static void hex_print(const char *name, const unsigned char *buf, size_t len) { - /* Make copy of context and replace original */ - EVP_CIPHER_CTX *ctx_copy; - ctx_copy = EVP_CIPHER_CTX_new(); - EVP_CIPHER_CTX_copy(ctx_copy, *pctx); - EVP_CIPHER_CTX_free(*pctx); - *pctx = ctx_copy; + size_t i; + fprintf(stderr, "%s ", name); + for (i = 0; i < len; i++) + fprintf(stderr, "%02X", buf[i]); + fputs("\n", stderr); } -static void test1(const EVP_CIPHER *c, const unsigned char *key, int kn, - const unsigned char *iv, int in, - const unsigned char *plaintext, int pn, - const unsigned char *ciphertext, int cn, - const unsigned char *aad, int an, - const unsigned char *tag, int tn, int encdec) +static void print_expected(struct evp_test *t) { - EVP_CIPHER_CTX *ctx = NULL; - unsigned char out[4096]; - int outl, outl2, mode; - - printf("Testing cipher %s%s\n", EVP_CIPHER_name(c), - (encdec == - 1 ? "(encrypt)" : (encdec == - 0 ? "(decrypt)" : "(encrypt/decrypt)"))); - hexdump(stdout, "Key", key, kn); - if (in) - hexdump(stdout, "IV", iv, in); - hexdump(stdout, "Plaintext", plaintext, pn); - hexdump(stdout, "Ciphertext", ciphertext, cn); - if (an) - hexdump(stdout, "AAD", aad, an); - if (tn) - hexdump(stdout, "Tag", tag, tn); - mode = EVP_CIPHER_mode(c); - if (kn != EVP_CIPHER_key_length(c)) { - fprintf(stderr, "Key length doesn't match, got %d expected %lu\n", kn, - (unsigned long)EVP_CIPHER_key_length(c)); - test1_exit(5); - } - ctx = EVP_CIPHER_CTX_new(); - EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); - if (encdec != 0) { - if ((mode == EVP_CIPH_GCM_MODE) || (mode == EVP_CIPH_OCB_MODE) - || (mode == EVP_CIPH_CCM_MODE)) { - if (!EVP_EncryptInit_ex(ctx, c, NULL, NULL, NULL)) { - fprintf(stderr, "EncryptInit failed\n"); - ERR_print_errors_fp(stderr); - test1_exit(10); - } - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, in, NULL)) { - fprintf(stderr, "IV length set failed\n"); - ERR_print_errors_fp(stderr); - test1_exit(11); - } - if ((mode != EVP_CIPH_GCM_MODE) && - !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tn, NULL)) { - fprintf(stderr, "Tag length set failed\n"); - ERR_print_errors_fp(stderr); - test1_exit(15); - } - if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) { - fprintf(stderr, "Key/IV set failed\n"); - ERR_print_errors_fp(stderr); - test1_exit(12); - } - if ((mode == EVP_CIPH_CCM_MODE) && - !EVP_EncryptUpdate(ctx, NULL, &outl, NULL, pn)) { - fprintf(stderr, "Plaintext length set failed\n"); - ERR_print_errors_fp(stderr); - test1_exit(12); - } - if (an && !EVP_EncryptUpdate(ctx, NULL, &outl, aad, an)) { - fprintf(stderr, "AAD set failed\n"); - ERR_print_errors_fp(stderr); - test1_exit(13); - } - } else if (mode == EVP_CIPH_WRAP_MODE) { - if (!EVP_EncryptInit_ex(ctx, c, NULL, key, in ? iv : NULL)) { - fprintf(stderr, "EncryptInit failed\n"); - ERR_print_errors_fp(stderr); - test1_exit(10); - } - } else if (!EVP_EncryptInit_ex(ctx, c, NULL, key, iv)) { - fprintf(stderr, "EncryptInit failed\n"); - ERR_print_errors_fp(stderr); - test1_exit(10); - } - EVP_CIPHER_CTX_set_padding(ctx, 0); - - test_ctx_replace(&ctx); + if (t->out_expected == NULL) + return; + hex_print("Expected:", t->out_expected, t->out_len); + hex_print("Got: ", t->out_got, t->out_len); + OPENSSL_free(t->out_expected); + OPENSSL_free(t->out_got); + t->out_expected = NULL; + t->out_got = NULL; +} - if (!EVP_EncryptUpdate(ctx, out, &outl, plaintext, pn)) { - fprintf(stderr, "Encrypt failed\n"); - ERR_print_errors_fp(stderr); - test1_exit(6); - } - if (!EVP_EncryptFinal_ex(ctx, out + outl, &outl2)) { - fprintf(stderr, "EncryptFinal failed\n"); - ERR_print_errors_fp(stderr); - test1_exit(7); - } +static int check_test_error(struct evp_test *t) +{ + if (!t->err && !t->expected_err) + return 1; + if (t->err && !t->expected_err) { + fprintf(stderr, "Test line %d: unexpected error %s\n", + t->start_line, t->err); + print_expected(t); + return 0; + } + if (!t->err && t->expected_err) { + fprintf(stderr, "Test line %d: succeeded expecting %s\n", + t->start_line, t->expected_err); + return 0; + } + if (!strcmp(t->err, t->expected_err)) + return 1; - if (outl + outl2 != cn) { - fprintf(stderr, "Ciphertext length mismatch got %d expected %d\n", - outl + outl2, cn); - test1_exit(8); - } + fprintf(stderr, "Test line %d: expecting %s got %s\n", + t->start_line, t->expected_err, t->err); + return 0; +} - if (memcmp(out, ciphertext, cn)) { - fprintf(stderr, "Ciphertext mismatch\n"); - hexdump(stderr, "Got", out, cn); - hexdump(stderr, "Expected", ciphertext, cn); - test1_exit(9); - } - if ((mode == EVP_CIPH_GCM_MODE) || (mode == EVP_CIPH_OCB_MODE) - || (mode == EVP_CIPH_CCM_MODE)) { - unsigned char rtag[16]; +/* Setup a new test, run any existing test */ - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, tn, rtag)) { - fprintf(stderr, "Get tag failed\n"); - ERR_print_errors_fp(stderr); - test1_exit(14); - } - if (memcmp(rtag, tag, tn)) { - fprintf(stderr, "Tag mismatch\n"); - hexdump(stderr, "Got", rtag, tn); - hexdump(stderr, "Expected", tag, tn); - test1_exit(9); - } +static int setup_test(struct evp_test *t, const struct evp_test_method *tmeth) +{ + /* If we already have a test set up run it */ + if (t->meth) { + t->ntests++; + t->err = NULL; + if (t->meth->run_test(t) != 1) { + fprintf(stderr, "%s test error line %d\n", + t->meth->name, t->start_line); + return 0; } - } - - if (encdec <= 0) { - if ((mode == EVP_CIPH_GCM_MODE) || (mode == EVP_CIPH_OCB_MODE)) { - if (!EVP_DecryptInit_ex(ctx, c, NULL, NULL, NULL)) { - fprintf(stderr, "DecryptInit failed\n"); - ERR_print_errors_fp(stderr); - test1_exit(10); - } - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, in, NULL)) { - fprintf(stderr, "IV length set failed\n"); - ERR_print_errors_fp(stderr); - test1_exit(11); - } - if ((mode == EVP_CIPH_OCB_MODE) && - !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tn, NULL)) { - fprintf(stderr, "Tag length set failed\n"); - ERR_print_errors_fp(stderr); - test1_exit(15); - } - if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv)) { - fprintf(stderr, "Key/IV set failed\n"); + if (!check_test_error(t)) { + if (t->err) ERR_print_errors_fp(stderr); - test1_exit(12); - } - if (!EVP_CIPHER_CTX_ctrl - (ctx, EVP_CTRL_AEAD_SET_TAG, tn, (void *)tag)) { - fprintf(stderr, "Set tag failed\n"); - ERR_print_errors_fp(stderr); - test1_exit(14); - } - if (an && !EVP_DecryptUpdate(ctx, NULL, &outl, aad, an)) { - fprintf(stderr, "AAD set failed\n"); - ERR_print_errors_fp(stderr); - test1_exit(13); - } - } else if (mode == EVP_CIPH_CCM_MODE) { - if (!EVP_DecryptInit_ex(ctx, c, NULL, NULL, NULL)) { - fprintf(stderr, "DecryptInit failed\n"); - ERR_print_errors_fp(stderr); - test1_exit(10); - } - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, in, NULL)) { - fprintf(stderr, "IV length set failed\n"); - ERR_print_errors_fp(stderr); - test1_exit(11); - } - if (!EVP_CIPHER_CTX_ctrl - (ctx, EVP_CTRL_AEAD_SET_TAG, tn, (void *)tag)) { - fprintf(stderr, "Tag length set failed\n"); - ERR_print_errors_fp(stderr); - test1_exit(11); - } - if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv)) { - fprintf(stderr, "Key/Nonce set failed\n"); - ERR_print_errors_fp(stderr); - test1_exit(12); - } - if (!EVP_DecryptUpdate(ctx, NULL, &outl, NULL, pn)) { - fprintf(stderr, "Plaintext length set failed\n"); - ERR_print_errors_fp(stderr); - test1_exit(12); - } - if (an && !EVP_EncryptUpdate(ctx, NULL, &outl, aad, an)) { - fprintf(stderr, "AAD set failed\n"); - ERR_print_errors_fp(stderr); - test1_exit(13); - } - } else if (mode == EVP_CIPH_WRAP_MODE) { - if (!EVP_DecryptInit_ex(ctx, c, NULL, key, in ? iv : NULL)) { - fprintf(stderr, "EncryptInit failed\n"); - ERR_print_errors_fp(stderr); - test1_exit(10); - } - } else if (!EVP_DecryptInit_ex(ctx, c, NULL, key, iv)) { - fprintf(stderr, "DecryptInit failed\n"); - ERR_print_errors_fp(stderr); - test1_exit(11); + t->errors++; } - EVP_CIPHER_CTX_set_padding(ctx, 0); - - test_ctx_replace(&ctx); - - if (!EVP_DecryptUpdate(ctx, out, &outl, ciphertext, cn)) { - fprintf(stderr, "Decrypt failed\n"); - ERR_print_errors_fp(stderr); - test1_exit(6); + ERR_clear_error(); + t->meth->cleanup(t); + /* If new test type free old data */ + if (tmeth != t->meth && t->data) { + OPENSSL_free(t->data); + t->data = NULL; } - if (mode != EVP_CIPH_CCM_MODE - && !EVP_DecryptFinal_ex(ctx, out + outl, &outl2)) { - fprintf(stderr, "DecryptFinal failed\n"); - ERR_print_errors_fp(stderr); - test1_exit(7); + if (t->expected_err) { + OPENSSL_free(t->expected_err); + t->expected_err = NULL; } + } + t->meth = tmeth; + return 1; +} - if (outl + outl2 != pn) { - fprintf(stderr, "Plaintext length mismatch got %d expected %d\n", - outl + outl2, pn); - test1_exit(8); +static int process_test(struct evp_test *t, char *buf, int verbose) +{ + char *keyword, *value; + int rv = 0; + const struct evp_test_method *tmeth; + if (verbose) + fputs(buf, stdout); + if (!parse_line(&keyword, &value, buf)) + return 1; + /* See if keyword corresponds to a test start */ + tmeth = evp_find_test(keyword); + if (tmeth) { + if (!setup_test(t, tmeth)) + return 0; + t->start_line = t->line; + if (!tmeth->init(t, value)) { + fprintf(stderr, "Unknown %s: %s\n", keyword, value); + return 0; } - - if (memcmp(out, plaintext, pn)) { - fprintf(stderr, "Plaintext mismatch\n"); - hexdump(stderr, "Got", out, pn); - hexdump(stderr, "Expected", plaintext, pn); - test1_exit(9); + return 1; + } else if (!strcmp(keyword, "Result")) { + if (t->expected_err) { + fprintf(stderr, "Line %d: multiple result lines\n", t->line); + return 0; } + t->expected_err = BUF_strdup(value); + if (!t->expected_err) + return 0; + } else { + /* Must be test specific line: try to parse it */ + if (t->meth) + rv = t->meth->parse(t, keyword, value); + + if (rv == 0) + fprintf(stderr, "line %d: unexpected keyword %s\n", + t->line, keyword); + + if (rv < 0) + fprintf(stderr, "line %d: error processing keyword %s\n", + t->line, keyword); + if (rv <= 0) + return 0; } + return 1; +} - EVP_CIPHER_CTX_free(ctx); - - printf("\n"); +static int check_output(struct evp_test *t, const unsigned char *expected, + const unsigned char *got, size_t len) +{ + if (!memcmp(expected, got, len)) + return 0; + t->out_expected = BUF_memdup(expected, len); + t->out_got = BUF_memdup(got, len); + t->out_len = len; + if (t->out_expected == NULL || t->out_got == NULL) { + fprintf(stderr, "Memory allocation error!\n"); + exit(1); + } + return 1; } -static int test_cipher(const char *cipher, const unsigned char *key, int kn, - const unsigned char *iv, int in, - const unsigned char *plaintext, int pn, - const unsigned char *ciphertext, int cn, - const unsigned char *aad, int an, - const unsigned char *tag, int tn, int encdec) +int main(int argc, char **argv) { - const EVP_CIPHER *c; + FILE *in = NULL; + char buf[10240]; + struct evp_test t; -#ifdef OPENSSL_NO_OCB - if (strstr(cipher, "ocb") != NULL) + if (argc != 2) { + fprintf(stderr, "usage: evp_test testfile.txt\n"); return 1; -#endif - c = EVP_get_cipherbyname(cipher); - if (!c) - return 0; - - test1(c, key, kn, iv, in, plaintext, pn, ciphertext, cn, aad, an, tag, tn, - encdec); + } - return 1; + ERR_load_crypto_strings(); + OpenSSL_add_all_algorithms(); + t.meth = NULL; + t.err = NULL; + t.line = 0; + t.start_line = -1; + t.errors = 0; + t.ntests = 0; + t.out_expected = NULL; + t.out_got = NULL; + t.out_len = 0; + in = fopen(argv[1], "r"); + while (fgets(buf, sizeof(buf), in)) { + t.line++; + if (!process_test(&t, buf, 0)) + exit(1); + } + /* Run any final test we have */ + if (!setup_test(&t, NULL)) + exit(1); + fprintf(stderr, "%d tests completed with %d errors\n", + t.ntests, t.errors); + fclose(in); + return 0; } -static int test_digest(const char *digest, - const unsigned char *plaintext, int pn, - const unsigned char *ciphertext, unsigned int cn) +static void test_free(void *d) { - const EVP_MD *d; - EVP_MD_CTX ctx; - unsigned char md[EVP_MAX_MD_SIZE]; - unsigned int mdn; + if (d) + OPENSSL_free(d); +} - d = EVP_get_digestbyname(digest); - if (!d) - return 0; +/* Message digest tests */ - printf("Testing digest %s\n", EVP_MD_name(d)); - hexdump(stdout, "Plaintext", plaintext, pn); - hexdump(stdout, "Digest", ciphertext, cn); +struct digest_data { + /* Digest this test is for */ + const EVP_MD *digest; + /* Input to digest */ + unsigned char *input; + size_t input_len; + /* Expected output */ + unsigned char *output; + size_t output_len; +}; - EVP_MD_CTX_init(&ctx); - if (!EVP_DigestInit_ex(&ctx, d, NULL)) { - fprintf(stderr, "DigestInit failed\n"); - ERR_print_errors_fp(stderr); - EXIT(100); - } - if (!EVP_DigestUpdate(&ctx, plaintext, pn)) { - fprintf(stderr, "DigestUpdate failed\n"); - ERR_print_errors_fp(stderr); - EXIT(101); - } - if (!EVP_DigestFinal_ex(&ctx, md, &mdn)) { - fprintf(stderr, "DigestFinal failed\n"); - ERR_print_errors_fp(stderr); - EXIT(101); - } - EVP_MD_CTX_cleanup(&ctx); +static int digest_test_init(struct evp_test *t, const char *alg) +{ + const EVP_MD *digest; + struct digest_data *mdat = t->data; + digest = EVP_get_digestbyname(alg); + if (!digest) + return 0; + mdat = OPENSSL_malloc(sizeof(struct digest_data)); + mdat->digest = digest; + mdat->input = NULL; + mdat->output = NULL; + t->data = mdat; + return 1; +} - if (mdn != cn) { - fprintf(stderr, "Digest length mismatch, got %d expected %d\n", mdn, - cn); - EXIT(102); - } +static void digest_test_cleanup(struct evp_test *t) +{ + struct digest_data *mdat = t->data; + test_free(mdat->input); + test_free(mdat->output); +} - if (memcmp(md, ciphertext, cn)) { - fprintf(stderr, "Digest mismatch\n"); - hexdump(stderr, "Got", md, cn); - hexdump(stderr, "Expected", ciphertext, cn); - EXIT(103); - } +static int digest_test_parse(struct evp_test *t, + const char *keyword, const char *value) +{ + struct digest_data *mdata = t->data; + if (!strcmp(keyword, "Input")) + return test_bin(value, &mdata->input, &mdata->input_len); + if (!strcmp(keyword, "Output")) + return test_bin(value, &mdata->output, &mdata->output_len); + return 0; +} - printf("\n"); +static int digest_test_run(struct evp_test *t) +{ + struct digest_data *mdata = t->data; + const char *err = "INTERNAL_ERROR"; + EVP_MD_CTX *mctx; + unsigned char md[EVP_MAX_MD_SIZE]; + unsigned int md_len; + mctx = EVP_MD_CTX_create(); + if (!mctx) + goto err; + err = "DIGESTINIT_ERROR"; + if (!EVP_DigestInit_ex(mctx, mdata->digest, NULL)) + goto err; + err = "DIGESTUPDATE_ERROR"; + if (!EVP_DigestUpdate(mctx, mdata->input, mdata->input_len)) + goto err; + err = "DIGESTFINAL_ERROR"; + if (!EVP_DigestFinal(mctx, md, &md_len)) + goto err; + err = "DIGEST_LENGTH_MISMATCH"; + if (md_len != mdata->output_len) + goto err; + err = "DIGEST_MISMATCH"; + if (check_output(t, mdata->output, md, md_len)) + goto err; + err = NULL; + err: + if (mctx) + EVP_MD_CTX_destroy(mctx); + t->err = err; + return 1; +} - EVP_MD_CTX_cleanup(&ctx); +static const struct evp_test_method digest_test_method = { + "Digest", + digest_test_init, + digest_test_cleanup, + digest_test_parse, + digest_test_run +}; + +/* Cipher tests */ +struct cipher_data { + const EVP_CIPHER *cipher; + int enc; + /* Set to EVP_CIPH_GCM_MODE or EVP_CIPH_CCM_MODE if AEAD */ + int aead; + unsigned char *key; + size_t key_len; + unsigned char *iv; + size_t iv_len; + unsigned char *plaintext; + size_t plaintext_len; + unsigned char *ciphertext; + size_t ciphertext_len; + /* GCM, CCM only */ + unsigned char *aad; + size_t aad_len; + unsigned char *tag; + size_t tag_len; +}; + +static int cipher_test_init(struct evp_test *t, const char *alg) +{ + const EVP_CIPHER *cipher; + struct cipher_data *cdat = t->data; + cipher = EVP_get_cipherbyname(alg); + if (!cipher) + return 0; + cdat = OPENSSL_malloc(sizeof(struct cipher_data)); + cdat->cipher = cipher; + cdat->enc = -1; + cdat->key = NULL; + cdat->iv = NULL; + cdat->ciphertext = NULL; + cdat->plaintext = NULL; + cdat->aad = NULL; + cdat->tag = NULL; + t->data = cdat; + if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE + || EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE) + cdat->aead = EVP_CIPHER_mode(cipher); + else + cdat->aead = 0; return 1; } -int main(int argc, char **argv) +static void cipher_test_cleanup(struct evp_test *t) { - const char *szTestFile; - FILE *f; + struct cipher_data *cdat = t->data; + test_free(cdat->key); + test_free(cdat->iv); + test_free(cdat->ciphertext); + test_free(cdat->plaintext); + test_free(cdat->aad); + test_free(cdat->tag); +} - if (argc != 2) { - fprintf(stderr, "%s \n", argv[0]); - EXIT(1); +static int cipher_test_parse(struct evp_test *t, const char *keyword, + const char *value) +{ + struct cipher_data *cdat = t->data; + if (!strcmp(keyword, "Key")) + return test_bin(value, &cdat->key, &cdat->key_len); + if (!strcmp(keyword, "IV")) + return test_bin(value, &cdat->iv, &cdat->iv_len); + if (!strcmp(keyword, "Plaintext")) + return test_bin(value, &cdat->plaintext, &cdat->plaintext_len); + if (!strcmp(keyword, "Ciphertext")) + return test_bin(value, &cdat->ciphertext, &cdat->ciphertext_len); + if (cdat->aead) { + if (!strcmp(keyword, "AAD")) + return test_bin(value, &cdat->aad, &cdat->aad_len); + if (!strcmp(keyword, "Tag")) + return test_bin(value, &cdat->tag, &cdat->tag_len); } - CRYPTO_malloc_debug_init(); - CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - szTestFile = argv[1]; + if (!strcmp(keyword, "Operation")) { + if (!strcmp(value, "ENCRYPT")) + cdat->enc = 1; + else if (!strcmp(value, "DECRYPT")) + cdat->enc = 0; + else + return 0; + return 1; + } + return 0; +} - f = fopen(szTestFile, "r"); - if (!f) { - perror(szTestFile); - EXIT(2); +static int cipher_test_enc(struct evp_test *t, int enc) +{ + struct cipher_data *cdat = t->data; + unsigned char *in, *out, *tmp = NULL; + size_t in_len, out_len; + int tmplen, tmpflen; + EVP_CIPHER_CTX *ctx = NULL; + const char *err; + err = "INTERNAL_ERROR"; + ctx = EVP_CIPHER_CTX_new(); + if (!ctx) + goto err; + EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); + if (enc) { + in = cdat->plaintext; + in_len = cdat->plaintext_len; + out = cdat->ciphertext; + out_len = cdat->ciphertext_len; + } else { + in = cdat->ciphertext; + in_len = cdat->ciphertext_len; + out = cdat->plaintext; + out_len = cdat->plaintext_len; } - ERR_load_crypto_strings(); - /* Load up the software EVP_CIPHER and EVP_MD definitions */ - OpenSSL_add_all_ciphers(); - OpenSSL_add_all_digests(); -#ifndef OPENSSL_NO_ENGINE - /* Load all compiled-in ENGINEs */ - ENGINE_load_builtin_engines(); -#endif -#ifndef OPENSSL_NO_ENGINE - /* - * Register all available ENGINE implementations of ciphers and digests. - * This could perhaps be changed to "ENGINE_register_all_complete()"? - */ - ENGINE_register_all_ciphers(); - ENGINE_register_all_digests(); - /* - * If we add command-line options, this statement should be switchable. - * It'll prevent ENGINEs being ENGINE_init()ialised for cipher/digest use - * if they weren't already initialised. - */ - /* ENGINE_set_cipher_flags(ENGINE_CIPHER_FLAG_NOINIT); */ -#endif - - for (;;) { - char line[4096]; - char *p; - char *cipher; - unsigned char *iv, *key, *plaintext, *ciphertext, *aad, *tag; - int encdec; - int kn, in, pn, cn; - int an = 0; - int tn = 0; - - if (!fgets((char *)line, sizeof line, f)) - break; - if (line[0] == '#' || line[0] == '\n') - continue; - p = line; - cipher = sstrsep(&p, ":"); - key = ustrsep(&p, ":"); - iv = ustrsep(&p, ":"); - plaintext = ustrsep(&p, ":"); - ciphertext = ustrsep(&p, ":"); - if (p[-1] == '\n') { - encdec = -1; - p[-1] = '\0'; - tag = aad = NULL; - an = tn = 0; + tmp = OPENSSL_malloc(in_len + 2 * EVP_MAX_BLOCK_LENGTH); + if (!tmp) + goto err; + err = "CIPHERINIT_ERROR"; + if (!EVP_CipherInit_ex(ctx, cdat->cipher, NULL, NULL, NULL, enc)) + goto err; + err = "INVALID_IV_LENGTH"; + if (cdat->iv) { + if (cdat->aead == EVP_CIPH_GCM_MODE) { + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, + cdat->iv_len, 0)) + goto err; + } else if (cdat->aead == EVP_CIPH_CCM_MODE) { + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, + cdat->iv_len, 0)) + goto err; + } else if (cdat->iv_len != (size_t)EVP_CIPHER_CTX_iv_length(ctx)) + goto err; + } + if (cdat->aead) { + unsigned char *tag; + /* + * If encrypting just set tag length. If decrypting set + * tag length and value. + */ + if (enc) { + err = "TAG_LENGTH_SET_ERROR"; + tag = NULL; } else { - aad = ustrsep(&p, ":"); - tag = ustrsep(&p, ":"); - if (tag == NULL) { - p = (char *)aad; - tag = aad = NULL; - an = tn = 0; - } - if (p[-1] == '\n') { - encdec = -1; - p[-1] = '\0'; - } else - encdec = atoi(sstrsep(&p, "\n")); + err = "TAG_SET_ERROR"; + tag = cdat->tag; } - - kn = convert(key); - in = convert(iv); - pn = convert(plaintext); - cn = convert(ciphertext); - if (aad) { - an = convert(aad); - tn = convert(tag); + if (cdat->aead == EVP_CIPH_GCM_MODE && tag) { + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, + cdat->tag_len, tag)) + goto err; + } else if (cdat->aead == EVP_CIPH_CCM_MODE) { + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, + cdat->tag_len, tag)) + goto err; } + } - if (!test_cipher - (cipher, key, kn, iv, in, plaintext, pn, ciphertext, cn, aad, an, - tag, tn, encdec) - && !test_digest(cipher, plaintext, pn, ciphertext, cn)) { -#ifdef OPENSSL_NO_AES - if (strstr(cipher, "AES") == cipher) { - fprintf(stdout, "Cipher disabled, skipping %s\n", cipher); - continue; - } -#endif -#ifdef OPENSSL_NO_DES - if (strstr(cipher, "DES") == cipher) { - fprintf(stdout, "Cipher disabled, skipping %s\n", cipher); - continue; - } -#endif -#ifdef OPENSSL_NO_RC4 - if (strstr(cipher, "RC4") == cipher) { - fprintf(stdout, "Cipher disabled, skipping %s\n", cipher); - continue; - } -#endif -#ifdef OPENSSL_NO_CAMELLIA - if (strstr(cipher, "CAMELLIA") == cipher) { - fprintf(stdout, "Cipher disabled, skipping %s\n", cipher); - continue; - } -#endif -#ifdef OPENSSL_NO_SEED - if (strstr(cipher, "SEED") == cipher) { - fprintf(stdout, "Cipher disabled, skipping %s\n", cipher); - continue; - } -#endif - fprintf(stderr, "Can't find %s\n", cipher); - EXIT(3); + err = "INVALID_KEY_LENGTH"; + if (!EVP_CIPHER_CTX_set_key_length(ctx, cdat->key_len)) + goto err; + err = "KEY_SET_ERROR"; + if (!EVP_CipherInit_ex(ctx, NULL, NULL, cdat->key, cdat->iv, -1)) + goto err; + + if (cdat->aead == EVP_CIPH_CCM_MODE) { + if (!EVP_CipherUpdate(ctx, NULL, &tmplen, NULL, out_len)) { + err = "CCM_PLAINTEXT_LENGTH_SET_ERROR"; + goto err; } } - fclose(f); - -#ifndef OPENSSL_NO_ENGINE - ENGINE_cleanup(); -#endif - EVP_cleanup(); - CRYPTO_cleanup_all_ex_data(); - ERR_remove_thread_state(NULL); - ERR_free_strings(); - CRYPTO_mem_leaks_fp(stderr); + if (cdat->aad) { + if (!EVP_CipherUpdate(ctx, NULL, &tmplen, cdat->aad, cdat->aad_len)) { + err = "AAD_SET_ERROR"; + goto err; + } + } + EVP_CIPHER_CTX_set_padding(ctx, 0); + err = "CIPHERUPDATE_ERROR"; + if (!EVP_CipherUpdate(ctx, tmp, &tmplen, in, in_len)) + goto err; + if (cdat->aead == EVP_CIPH_CCM_MODE) + tmpflen = 0; + else { + err = "CIPHERFINAL_ERROR"; + if (!EVP_CipherFinal_ex(ctx, tmp + tmplen, &tmpflen)) + goto err; + } + err = "LENGTH_MISMATCH"; + if (out_len != (size_t)(tmplen + tmpflen)) + goto err; + err = "VALUE_MISMATCH"; + if (check_output(t, out, tmp, out_len)) + goto err; + if (enc && cdat->aead) { + unsigned char rtag[16]; + if (cdat->tag_len > sizeof(rtag)) { + err = "TAG_LENGTH_INTERNAL_ERROR"; + goto err; + } + /* EVP_CTRL_CCM_GET_TAG and EVP_CTRL_GCM_GET_TAG are equal. */ + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, + cdat->tag_len, rtag)) { + err = "TAG_RETRIEVE_ERROR"; + goto err; + } + if (check_output(t, cdat->tag, rtag, cdat->tag_len)) { + err = "TAG_VALUE_MISMATCH"; + goto err; + } + } + err = NULL; + err: + if (tmp) + OPENSSL_free(tmp); + EVP_CIPHER_CTX_free(ctx); + t->err = err; + return err ? 0 : 1; +} - return 0; +static int cipher_test_run(struct evp_test *t) +{ + struct cipher_data *cdat = t->data; + int rv; + if (!cdat->key) { + t->err = "NO_KEY"; + return 0; + } + if (!cdat->iv && EVP_CIPHER_iv_length(cdat->cipher)) { + /* IV is optional and usually omitted in wrap mode */ + if (EVP_CIPHER_mode(cdat->cipher) != EVP_CIPH_WRAP_MODE) { + t->err = "NO_IV"; + return 0; + } + } + if (cdat->aead && !cdat->tag) { + t->err = "NO_TAG"; + return 0; + } + if (cdat->enc) { + rv = cipher_test_enc(t, 1); + /* Not fatal errors: return */ + if (rv != 1) { + if (rv < 0) + return 0; + return 1; + } + } + if (cdat->enc != 1) { + rv = cipher_test_enc(t, 0); + /* Not fatal errors: return */ + if (rv != 1) { + if (rv < 0) + return 0; + return 1; + } + } + return 1; } + +static const struct evp_test_method cipher_test_method = { + "Cipher", + cipher_test_init, + cipher_test_cleanup, + cipher_test_parse, + cipher_test_run +}; diff --git a/crypto/evp/evptests.txt b/crypto/evp/evptests.txt index cc985b4..8ffbfab 100644 --- a/crypto/evp/evptests.txt +++ b/crypto/evp/evptests.txt @@ -3,28 +3,66 @@ #digest:::input:output # SHA(1) tests (from shatest.c) -SHA1:::616263:a9993e364706816aba3e25717850c26c9cd0d89d +Digest = SHA1 +Input = 616263 +Output = a9993e364706816aba3e25717850c26c9cd0d89d + # MD5 tests (from md5test.c) -MD5::::d41d8cd98f00b204e9800998ecf8427e -MD5:::61:0cc175b9c0f1b6a831c399e269772661 -MD5:::616263:900150983cd24fb0d6963f7d28e17f72 -MD5:::6d65737361676520646967657374:f96b697d7cb7938d525a2f31aaf161d0 -MD5:::6162636465666768696a6b6c6d6e6f707172737475767778797a:c3fcd3d76192e4007dfb496cca67e13b -MD5:::4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839:d174ab98d277d9f5a5611c2c9f419d9f -MD5:::3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930:57edf4a22be3c955ac49da2e2107b67a +Digest = MD5 +Input = +Output = d41d8cd98f00b204e9800998ecf8427e + +Digest = MD5 +Input = 61 +Output = 0cc175b9c0f1b6a831c399e269772661 + +Digest = MD5 +Input = 616263 +Output = 900150983cd24fb0d6963f7d28e17f72 + +Digest = MD5 +Input = 6d65737361676520646967657374 +Output = f96b697d7cb7938d525a2f31aaf161d0 + +Digest = MD5 +Input = 6162636465666768696a6b6c6d6e6f707172737475767778797a +Output = c3fcd3d76192e4007dfb496cca67e13b + +Digest = MD5 +Input = 4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839 +Output = d174ab98d277d9f5a5611c2c9f419d9f + +Digest = MD5 +Input = 3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930 +Output = 57edf4a22be3c955ac49da2e2107b67a + # AES 128 ECB tests (from FIPS-197 test vectors, encrypt) -AES-128-ECB:000102030405060708090A0B0C0D0E0F::00112233445566778899AABBCCDDEEFF:69C4E0D86A7B0430D8CDB78070B4C55A:1 +Cipher = AES-128-ECB +Key = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 00112233445566778899AABBCCDDEEFF +Ciphertext = 69C4E0D86A7B0430D8CDB78070B4C55A # AES 192 ECB tests (from FIPS-197 test vectors, encrypt) -AES-192-ECB:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF:DDA97CA4864CDFE06EAF70A0EC0D7191:1 +Cipher = AES-192-ECB +Key = 000102030405060708090A0B0C0D0E0F1011121314151617 +Operation = ENCRYPT +Plaintext = 00112233445566778899AABBCCDDEEFF +Ciphertext = DDA97CA4864CDFE06EAF70A0EC0D7191 + # AES 256 ECB tests (from FIPS-197 test vectors, encrypt) -AES-256-ECB:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF:8EA2B7CA516745BFEAFC49904B496089:1 +Cipher = AES-256-ECB +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Operation = ENCRYPT +Plaintext = 00112233445566778899AABBCCDDEEFF +Ciphertext = 8EA2B7CA516745BFEAFC49904B496089 + # AES 128 ECB tests (from NIST test vectors, encrypt) @@ -62,367 +100,1630 @@ AES-256-ECB:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00 # For all ECB encrypts and decrypts, the transformed sequence is # AES-bits-ECB:key::plaintext:ciphertext:encdec # ECB-AES128.Encrypt and ECB-AES128.Decrypt -AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::6BC1BEE22E409F96E93D7E117393172A:3AD77BB40D7A3660A89ECAF32466EF97 -AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::AE2D8A571E03AC9C9EB76FAC45AF8E51:F5D3D58503B9699DE785895A96FDBAAF -AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::30C81C46A35CE411E5FBC1191A0A52EF:43B1CD7F598ECE23881B00E3ED030688 -AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::F69F2445DF4F9B17AD2B417BE66C3710:7B0C785E27E8AD3F8223207104725DD4 -# ECB-AES192.Encrypt and ECB-AES192.Decrypt -AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::6BC1BEE22E409F96E93D7E117393172A:BD334F1D6E45F25FF712A214571FA5CC -AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::AE2D8A571E03AC9C9EB76FAC45AF8E51:974104846D0AD3AD7734ECB3ECEE4EEF -AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::30C81C46A35CE411E5FBC1191A0A52EF:EF7AFD2270E2E60ADCE0BA2FACE6444E -AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::F69F2445DF4F9B17AD2B417BE66C3710:9A4B41BA738D6C72FB16691603C18E0E -# ECB-AES256.Encrypt and ECB-AES256.Decrypt -AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::6BC1BEE22E409F96E93D7E117393172A:F3EED1BDB5D2A03C064B5A7E3DB181F8 -AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::AE2D8A571E03AC9C9EB76FAC45AF8E51:591CCB10D410ED26DC5BA74A31362870 -AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::30C81C46A35CE411E5FBC1191A0A52EF:B6ED21B99CA6F4F9F153E7B1BEAFED1D -AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::F69F2445DF4F9B17AD2B417BE66C3710:23304B7A39F9F3FF067D8D8F9E24ECC7 +Cipher = AES-128-ECB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 3AD77BB40D7A3660A89ECAF32466EF97 + +Cipher = AES-128-ECB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = F5D3D58503B9699DE785895A96FDBAAF + +Cipher = AES-128-ECB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 43B1CD7F598ECE23881B00E3ED030688 + +Cipher = AES-128-ECB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 7B0C785E27E8AD3F8223207104725DD4 + +# ECB-AES192.Encrypt and ECB-AES192.Decrypt +Cipher = AES-192-ECB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = BD334F1D6E45F25FF712A214571FA5CC + +Cipher = AES-192-ECB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 974104846D0AD3AD7734ECB3ECEE4EEF + +Cipher = AES-192-ECB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = EF7AFD2270E2E60ADCE0BA2FACE6444E + +Cipher = AES-192-ECB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 9A4B41BA738D6C72FB16691603C18E0E + +# ECB-AES256.Encrypt and ECB-AES256.Decrypt +Cipher = AES-256-ECB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = F3EED1BDB5D2A03C064B5A7E3DB181F8 + +Cipher = AES-256-ECB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 591CCB10D410ED26DC5BA74A31362870 + +Cipher = AES-256-ECB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = B6ED21B99CA6F4F9F153E7B1BEAFED1D + +Cipher = AES-256-ECB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 23304B7A39F9F3FF067D8D8F9E24ECC7 + # For all CBC encrypts and decrypts, the transformed sequence is # AES-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec -# CBC-AES128.Encrypt and CBC-AES128.Decrypt -AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:7649ABAC8119B246CEE98E9B12E9197D -AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:7649ABAC8119B246CEE98E9B12E9197D:AE2D8A571E03AC9C9EB76FAC45AF8E51:5086CB9B507219EE95DB113A917678B2 -AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:5086CB9B507219EE95DB113A917678B2:30C81C46A35CE411E5FBC1191A0A52EF:73BED6B8E3C1743B7116E69E22229516 -AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:73BED6B8E3C1743B7116E69E22229516:F69F2445DF4F9B17AD2B417BE66C3710:3FF1CAA1681FAC09120ECA307586E1A7 -# CBC-AES192.Encrypt and CBC-AES192.Decrypt -AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:4F021DB243BC633D7178183A9FA071E8 -AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:4F021DB243BC633D7178183A9FA071E8:AE2D8A571E03AC9C9EB76FAC45AF8E51:B4D9ADA9AD7DEDF4E5E738763F69145A -AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:B4D9ADA9AD7DEDF4E5E738763F69145A:30C81C46A35CE411E5FBC1191A0A52EF:571B242012FB7AE07FA9BAAC3DF102E0 -AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:571B242012FB7AE07FA9BAAC3DF102E0:F69F2445DF4F9B17AD2B417BE66C3710:08B0E27988598881D920A9E64F5615CD -# CBC-AES256.Encrypt and CBC-AES256.Decrypt -AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:F58C4C04D6E5F1BA779EABFB5F7BFBD6 -AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:F58C4C04D6E5F1BA779EABFB5F7BFBD6:AE2D8A571E03AC9C9EB76FAC45AF8E51:9CFC4E967EDB808D679F777BC6702C7D -AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:9CFC4E967EDB808D679F777BC6702C7D:30C81C46A35CE411E5FBC1191A0A52EF:39F23369A9D9BACFA530E26304231461 -AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39F23369A9D9BACFA530E26304231461:F69F2445DF4F9B17AD2B417BE66C3710:B2EB05E2C39BE9FCDA6C19078C6A9D1B +# CBC-AES128.Encrypt and CBC-AES128.Decrypt +Cipher = AES-128-CBC +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 7649ABAC8119B246CEE98E9B12E9197D + +Cipher = AES-128-CBC +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 7649ABAC8119B246CEE98E9B12E9197D +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 5086CB9B507219EE95DB113A917678B2 + +Cipher = AES-128-CBC +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 5086CB9B507219EE95DB113A917678B2 +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 73BED6B8E3C1743B7116E69E22229516 + +Cipher = AES-128-CBC +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 73BED6B8E3C1743B7116E69E22229516 +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 3FF1CAA1681FAC09120ECA307586E1A7 + +# CBC-AES192.Encrypt and CBC-AES192.Decrypt +Cipher = AES-192-CBC +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 4F021DB243BC633D7178183A9FA071E8 + +Cipher = AES-192-CBC +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 4F021DB243BC633D7178183A9FA071E8 +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = B4D9ADA9AD7DEDF4E5E738763F69145A + +Cipher = AES-192-CBC +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = B4D9ADA9AD7DEDF4E5E738763F69145A +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 571B242012FB7AE07FA9BAAC3DF102E0 + +Cipher = AES-192-CBC +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 571B242012FB7AE07FA9BAAC3DF102E0 +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 08B0E27988598881D920A9E64F5615CD + +# CBC-AES256.Encrypt and CBC-AES256.Decrypt +Cipher = AES-256-CBC +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = F58C4C04D6E5F1BA779EABFB5F7BFBD6 + +Cipher = AES-256-CBC +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = F58C4C04D6E5F1BA779EABFB5F7BFBD6 +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 9CFC4E967EDB808D679F777BC6702C7D + +Cipher = AES-256-CBC +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 9CFC4E967EDB808D679F777BC6702C7D +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 39F23369A9D9BACFA530E26304231461 + +Cipher = AES-256-CBC +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 39F23369A9D9BACFA530E26304231461 +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = B2EB05E2C39BE9FCDA6C19078C6A9D1B + # We don't support CFB{1,8}-AESxxx.{En,De}crypt # For all CFB128 encrypts and decrypts, the transformed sequence is # AES-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec -# CFB128-AES128.Encrypt -AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:1 -AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:3B3FD92EB72DAD20333449F8E83CFB4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:C8A64537A0B3A93FCDE3CDAD9F1CE58B:1 -AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:C8A64537A0B3A93FCDE3CDAD9F1CE58B:30C81C46A35CE411E5FBC1191A0A52EF:26751F67A3CBB140B1808CF187A4F4DF:1 -AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:26751F67A3CBB140B1808CF187A4F4DF:F69F2445DF4F9B17AD2B417BE66C3710:C04B05357C5D1C0EEAC4C66F9FF7F2E6:1 -# CFB128-AES128.Decrypt -AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:0 -AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:3B3FD92EB72DAD20333449F8E83CFB4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:C8A64537A0B3A93FCDE3CDAD9F1CE58B:0 -AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:C8A64537A0B3A93FCDE3CDAD9F1CE58B:30C81C46A35CE411E5FBC1191A0A52EF:26751F67A3CBB140B1808CF187A4F4DF:0 -AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:26751F67A3CBB140B1808CF187A4F4DF:F69F2445DF4F9B17AD2B417BE66C3710:C04B05357C5D1C0EEAC4C66F9FF7F2E6:0 +# CFB128-AES128.Encrypt +Cipher = AES-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 3B3FD92EB72DAD20333449F8E83CFB4A + +Cipher = AES-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 3B3FD92EB72DAD20333449F8E83CFB4A +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = C8A64537A0B3A93FCDE3CDAD9F1CE58B + +Cipher = AES-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = C8A64537A0B3A93FCDE3CDAD9F1CE58B +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 26751F67A3CBB140B1808CF187A4F4DF + +Cipher = AES-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 26751F67A3CBB140B1808CF187A4F4DF +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = C04B05357C5D1C0EEAC4C66F9FF7F2E6 + +# CFB128-AES128.Decrypt +Cipher = AES-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 3B3FD92EB72DAD20333449F8E83CFB4A + +Cipher = AES-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 3B3FD92EB72DAD20333449F8E83CFB4A +Operation = DECRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = C8A64537A0B3A93FCDE3CDAD9F1CE58B + +Cipher = AES-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = C8A64537A0B3A93FCDE3CDAD9F1CE58B +Operation = DECRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 26751F67A3CBB140B1808CF187A4F4DF + +Cipher = AES-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 26751F67A3CBB140B1808CF187A4F4DF +Operation = DECRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = C04B05357C5D1C0EEAC4C66F9FF7F2E6 + # CFB128-AES192.Encrypt -AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:1 -AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:CDC80D6FDDF18CAB34C25909C99A4174:AE2D8A571E03AC9C9EB76FAC45AF8E51:67CE7F7F81173621961A2B70171D3D7A:1 -AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:67CE7F7F81173621961A2B70171D3D7A:30C81C46A35CE411E5FBC1191A0A52EF:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:1 -AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:F69F2445DF4F9B17AD2B417BE66C3710:C05F9F9CA9834FA042AE8FBA584B09FF:1 +Cipher = AES-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = CDC80D6FDDF18CAB34C25909C99A4174 + +Cipher = AES-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = CDC80D6FDDF18CAB34C25909C99A4174 +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 67CE7F7F81173621961A2B70171D3D7A + +Cipher = AES-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 67CE7F7F81173621961A2B70171D3D7A +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 2E1E8A1DD59B88B1C8E60FED1EFAC4C9 + +Cipher = AES-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 2E1E8A1DD59B88B1C8E60FED1EFAC4C9 +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = C05F9F9CA9834FA042AE8FBA584B09FF + # CFB128-AES192.Decrypt -AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:0 -AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:CDC80D6FDDF18CAB34C25909C99A4174:AE2D8A571E03AC9C9EB76FAC45AF8E51:67CE7F7F81173621961A2B70171D3D7A:0 -AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:67CE7F7F81173621961A2B70171D3D7A:30C81C46A35CE411E5FBC1191A0A52EF:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:0 -AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:F69F2445DF4F9B17AD2B417BE66C3710:C05F9F9CA9834FA042AE8FBA584B09FF:0 -# CFB128-AES256.Encrypt -AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:1 -AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DC7E84BFDA79164B7ECD8486985D3860:AE2D8A571E03AC9C9EB76FAC45AF8E51:39FFED143B28B1C832113C6331E5407B:1 -AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39FFED143B28B1C832113C6331E5407B:30C81C46A35CE411E5FBC1191A0A52EF:DF10132415E54B92A13ED0A8267AE2F9:1 -AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DF10132415E54B92A13ED0A8267AE2F9:F69F2445DF4F9B17AD2B417BE66C3710:75A385741AB9CEF82031623D55B1E471:1 -# CFB128-AES256.Decrypt -AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:0 -AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DC7E84BFDA79164B7ECD8486985D3860:AE2D8A571E03AC9C9EB76FAC45AF8E51:39FFED143B28B1C832113C6331E5407B:0 -AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39FFED143B28B1C832113C6331E5407B:30C81C46A35CE411E5FBC1191A0A52EF:DF10132415E54B92A13ED0A8267AE2F9:0 -AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DF10132415E54B92A13ED0A8267AE2F9:F69F2445DF4F9B17AD2B417BE66C3710:75A385741AB9CEF82031623D55B1E471:0 +Cipher = AES-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = CDC80D6FDDF18CAB34C25909C99A4174 + +Cipher = AES-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = CDC80D6FDDF18CAB34C25909C99A4174 +Operation = DECRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 67CE7F7F81173621961A2B70171D3D7A + +Cipher = AES-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 67CE7F7F81173621961A2B70171D3D7A +Operation = DECRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 2E1E8A1DD59B88B1C8E60FED1EFAC4C9 + +Cipher = AES-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 2E1E8A1DD59B88B1C8E60FED1EFAC4C9 +Operation = DECRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = C05F9F9CA9834FA042AE8FBA584B09FF + +# CFB128-AES256.Encrypt +Cipher = AES-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = DC7E84BFDA79164B7ECD8486985D3860 + +Cipher = AES-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = DC7E84BFDA79164B7ECD8486985D3860 +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 39FFED143B28B1C832113C6331E5407B + +Cipher = AES-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 39FFED143B28B1C832113C6331E5407B +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = DF10132415E54B92A13ED0A8267AE2F9 + +Cipher = AES-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = DF10132415E54B92A13ED0A8267AE2F9 +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 75A385741AB9CEF82031623D55B1E471 + +# CFB128-AES256.Decrypt +Cipher = AES-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = DC7E84BFDA79164B7ECD8486985D3860 + +Cipher = AES-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = DC7E84BFDA79164B7ECD8486985D3860 +Operation = DECRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 39FFED143B28B1C832113C6331E5407B + +Cipher = AES-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 39FFED143B28B1C832113C6331E5407B +Operation = DECRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = DF10132415E54B92A13ED0A8267AE2F9 + +Cipher = AES-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = DF10132415E54B92A13ED0A8267AE2F9 +Operation = DECRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 75A385741AB9CEF82031623D55B1E471 + # For all OFB encrypts and decrypts, the transformed sequence is # AES-bits-CFB:key:IV/output':plaintext:ciphertext:encdec -# OFB-AES128.Encrypt -AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:1 -AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:7789508D16918F03F53C52DAC54ED825:1 -AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:9740051E9C5FECF64344F7A82260EDCC:1 -AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:304C6528F659C77866A510D9C1D6AE5E:1 -# OFB-AES128.Decrypt -AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:0 -AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:7789508D16918F03F53C52DAC54ED825:0 -AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:9740051E9C5FECF64344F7A82260EDCC:0 -AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:304C6528F659C77866A510D9C1D6AE5E:0 -# OFB-AES192.Encrypt -AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:1 -AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:FCC28B8D4C63837C09E81700C1100401:1 -AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:8D9A9AEAC0F6596F559C6D4DAF59A5F2:1 -AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:6D9F200857CA6C3E9CAC524BD9ACC92A:1 -# OFB-AES192.Decrypt -AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:0 -AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:FCC28B8D4C63837C09E81700C1100401:0 -AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:8D9A9AEAC0F6596F559C6D4DAF59A5F2:0 -AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:6D9F200857CA6C3E9CAC524BD9ACC92A:0 -# OFB-AES256.Encrypt -AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:1 -AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:4FEBDC6740D20B3AC88F6AD82A4FB08D:1 -AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:1 -AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:1 -# OFB-AES256.Decrypt -AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:0 -AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:4FEBDC6740D20B3AC88F6AD82A4FB08D:0 -AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:0 -AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:0 +# OFB-AES128.Encrypt +Cipher = AES-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 3B3FD92EB72DAD20333449F8E83CFB4A + +Cipher = AES-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 50FE67CC996D32B6DA0937E99BAFEC60 +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 7789508D16918F03F53C52DAC54ED825 + +Cipher = AES-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = D9A4DADA0892239F6B8B3D7680E15674 +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 9740051E9C5FECF64344F7A82260EDCC + +Cipher = AES-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = A78819583F0308E7A6BF36B1386ABF23 +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 304C6528F659C77866A510D9C1D6AE5E + +# OFB-AES128.Decrypt +Cipher = AES-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 3B3FD92EB72DAD20333449F8E83CFB4A + +Cipher = AES-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 50FE67CC996D32B6DA0937E99BAFEC60 +Operation = DECRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 7789508D16918F03F53C52DAC54ED825 + +Cipher = AES-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = D9A4DADA0892239F6B8B3D7680E15674 +Operation = DECRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 9740051E9C5FECF64344F7A82260EDCC + +Cipher = AES-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = A78819583F0308E7A6BF36B1386ABF23 +Operation = DECRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 304C6528F659C77866A510D9C1D6AE5E + +# OFB-AES192.Encrypt +Cipher = AES-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = CDC80D6FDDF18CAB34C25909C99A4174 + +Cipher = AES-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = A609B38DF3B1133DDDFF2718BA09565E +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = FCC28B8D4C63837C09E81700C1100401 + +Cipher = AES-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 52EF01DA52602FE0975F78AC84BF8A50 +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 8D9A9AEAC0F6596F559C6D4DAF59A5F2 + +Cipher = AES-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = BD5286AC63AABD7EB067AC54B553F71D +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 6D9F200857CA6C3E9CAC524BD9ACC92A + +# OFB-AES192.Decrypt +Cipher = AES-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = CDC80D6FDDF18CAB34C25909C99A4174 + +Cipher = AES-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = A609B38DF3B1133DDDFF2718BA09565E +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = FCC28B8D4C63837C09E81700C1100401 + +Cipher = AES-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 52EF01DA52602FE0975F78AC84BF8A50 +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 8D9A9AEAC0F6596F559C6D4DAF59A5F2 + +Cipher = AES-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = BD5286AC63AABD7EB067AC54B553F71D +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 6D9F200857CA6C3E9CAC524BD9ACC92A + +# OFB-AES256.Encrypt +Cipher = AES-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = DC7E84BFDA79164B7ECD8486985D3860 + +Cipher = AES-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = B7BF3A5DF43989DD97F0FA97EBCE2F4A +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 4FEBDC6740D20B3AC88F6AD82A4FB08D + +Cipher = AES-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = E1C656305ED1A7A6563805746FE03EDC +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 71AB47A086E86EEDF39D1C5BBA97C408 + +Cipher = AES-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 41635BE625B48AFC1666DD42A09D96E7 +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 0126141D67F37BE8538F5A8BE740E484 + +# OFB-AES256.Decrypt +Cipher = AES-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = DC7E84BFDA79164B7ECD8486985D3860 + +Cipher = AES-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = B7BF3A5DF43989DD97F0FA97EBCE2F4A +Operation = DECRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 4FEBDC6740D20B3AC88F6AD82A4FB08D + +Cipher = AES-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = E1C656305ED1A7A6563805746FE03EDC +Operation = DECRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 71AB47A086E86EEDF39D1C5BBA97C408 + +Cipher = AES-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 41635BE625B48AFC1666DD42A09D96E7 +Operation = DECRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 0126141D67F37BE8538F5A8BE740E484 + # AES Counter test vectors from RFC3686 -aes-128-ctr:AE6852F8121067CC4BF7A5765577F39E:00000030000000000000000000000001:53696E676C6520626C6F636B206D7367:E4095D4FB7A7B3792D6175A3261311B8:1 -aes-128-ctr:7E24067817FAE0D743D6CE1F32539163:006CB6DBC0543B59DA48D90B00000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:5104A106168A72D9790D41EE8EDAD388EB2E1EFC46DA57C8FCE630DF9141BE28:1 -aes-128-ctr:7691BE035E5020A8AC6E618529F9A0DC:00E0017B27777F3F4A1786F000000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223:C1CF48A89F2FFDD9CF4652E9EFDB72D74540A42BDE6D7836D59A5CEAAEF3105325B2072F:1 +Cipher = aes-128-ctr +Key = AE6852F8121067CC4BF7A5765577F39E +IV = 00000030000000000000000000000001 +Operation = ENCRYPT +Plaintext = 53696E676C6520626C6F636B206D7367 +Ciphertext = E4095D4FB7A7B3792D6175A3261311B8 -aes-192-ctr:16AF5B145FC9F579C175F93E3BFB0EED863D06CCFDB78515:0000004836733C147D6D93CB00000001:53696E676C6520626C6F636B206D7367:4B55384FE259C9C84E7935A003CBE928:1 -aes-192-ctr:7C5CB2401B3DC33C19E7340819E0F69C678C3DB8E6F6A91A:0096B03B020C6EADC2CB500D00000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:453243FC609B23327EDFAAFA7131CD9F8490701C5AD4A79CFC1FE0FF42F4FB00:1 -aes-192-ctr:02BF391EE8ECB159B959617B0965279BF59B60A786D3E0FE:0007BDFD5CBD60278DCC091200000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223:96893FC55E5C722F540B7DD1DDF7E758D288BC95C69165884536C811662F2188ABEE0935:1 +Cipher = aes-128-ctr +Key = 7E24067817FAE0D743D6CE1F32539163 +IV = 006CB6DBC0543B59DA48D90B00000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Ciphertext = 5104A106168A72D9790D41EE8EDAD388EB2E1EFC46DA57C8FCE630DF9141BE28 + +Cipher = aes-128-ctr +Key = 7691BE035E5020A8AC6E618529F9A0DC +IV = 00E0017B27777F3F4A1786F000000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223 +Ciphertext = C1CF48A89F2FFDD9CF4652E9EFDB72D74540A42BDE6D7836D59A5CEAAEF3105325B2072F + + +Cipher = aes-192-ctr +Key = 16AF5B145FC9F579C175F93E3BFB0EED863D06CCFDB78515 +IV = 0000004836733C147D6D93CB00000001 +Operation = ENCRYPT +Plaintext = 53696E676C6520626C6F636B206D7367 +Ciphertext = 4B55384FE259C9C84E7935A003CBE928 + +Cipher = aes-192-ctr +Key = 7C5CB2401B3DC33C19E7340819E0F69C678C3DB8E6F6A91A +IV = 0096B03B020C6EADC2CB500D00000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Ciphertext = 453243FC609B23327EDFAAFA7131CD9F8490701C5AD4A79CFC1FE0FF42F4FB00 + +Cipher = aes-192-ctr +Key = 02BF391EE8ECB159B959617B0965279BF59B60A786D3E0FE +IV = 0007BDFD5CBD60278DCC091200000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223 +Ciphertext = 96893FC55E5C722F540B7DD1DDF7E758D288BC95C69165884536C811662F2188ABEE0935 + + +Cipher = aes-256-ctr +Key = 776BEFF2851DB06F4C8A0542C8696F6C6A81AF1EEC96B4D37FC1D689E6C1C104 +IV = 00000060DB5672C97AA8F0B200000001 +Operation = ENCRYPT +Plaintext = 53696E676C6520626C6F636B206D7367 +Ciphertext = 145AD01DBF824EC7560863DC71E3E0C0 + +Cipher = aes-256-ctr +Key = F6D66D6BD52D59BB0796365879EFF886C66DD51A5B6A99744B50590C87A23884 +IV = 00FAAC24C1585EF15A43D87500000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Ciphertext = F05E231B3894612C49EE000B804EB2A9B8306B508F839D6A5530831D9344AF1C + +Cipher = aes-256-ctr +Key = FF7A617CE69148E4F1726E2F43581DE2AA62D9F805532EDFF1EED687FB54153D +IV = 001CC5B751A51D70A1C1114800000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223 +Ciphertext = EB6C52821D0BBBF7CE7594462ACA4FAAB407DF866569FD07F48CC0B583D6071F1EC0E6B8 -aes-256-ctr:776BEFF2851DB06F4C8A0542C8696F6C6A81AF1EEC96B4D37FC1D689E6C1C104:00000060DB5672C97AA8F0B200000001:53696E676C6520626C6F636B206D7367:145AD01DBF824EC7560863DC71E3E0C0:1 -aes-256-ctr:F6D66D6BD52D59BB0796365879EFF886C66DD51A5B6A99744B50590C87A23884:00FAAC24C1585EF15A43D87500000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:F05E231B3894612C49EE000B804EB2A9B8306B508F839D6A5530831D9344AF1C:1 -aes-256-ctr:FF7A617CE69148E4F1726E2F43581DE2AA62D9F805532EDFF1EED687FB54153D:001CC5B751A51D70A1C1114800000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223:EB6C52821D0BBBF7CE7594462ACA4FAAB407DF866569FD07F48CC0B583D6071F1EC0E6B8:1 # DES ECB tests (from destest) -DES-ECB:0000000000000000::0000000000000000:8CA64DE9C1B123A7 -DES-ECB:FFFFFFFFFFFFFFFF::FFFFFFFFFFFFFFFF:7359B2163E4EDC58 -DES-ECB:3000000000000000::1000000000000001:958E6E627A05557B -DES-ECB:1111111111111111::1111111111111111:F40379AB9E0EC533 -DES-ECB:0123456789ABCDEF::1111111111111111:17668DFC7292532D -DES-ECB:1111111111111111::0123456789ABCDEF:8A5AE1F81AB8F2DD -DES-ECB:FEDCBA9876543210::0123456789ABCDEF:ED39D950FA74BCC4 +Cipher = DES-ECB +Key = 0000000000000000 +Plaintext = 0000000000000000 +Ciphertext = 8CA64DE9C1B123A7 + +Cipher = DES-ECB +Key = FFFFFFFFFFFFFFFF +Plaintext = FFFFFFFFFFFFFFFF +Ciphertext = 7359B2163E4EDC58 + +Cipher = DES-ECB +Key = 3000000000000000 +Plaintext = 1000000000000001 +Ciphertext = 958E6E627A05557B + +Cipher = DES-ECB +Key = 1111111111111111 +Plaintext = 1111111111111111 +Ciphertext = F40379AB9E0EC533 + +Cipher = DES-ECB +Key = 0123456789ABCDEF +Plaintext = 1111111111111111 +Ciphertext = 17668DFC7292532D + +Cipher = DES-ECB +Key = 1111111111111111 +Plaintext = 0123456789ABCDEF +Ciphertext = 8A5AE1F81AB8F2DD + +Cipher = DES-ECB +Key = FEDCBA9876543210 +Plaintext = 0123456789ABCDEF +Ciphertext = ED39D950FA74BCC4 + # DESX-CBC tests (from destest) -DESX-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:846B2914851E9A2954732F8AA0A611C115CDC2D7951B1053A63C5E03B21AA3C4 +Cipher = DESX-CBC +Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210 +IV = fedcba9876543210 +Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000 +Ciphertext = 846B2914851E9A2954732F8AA0A611C115CDC2D7951B1053A63C5E03B21AA3C4 + # DES EDE3 CBC tests (from destest) -DES-EDE3-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675 +Cipher = DES-EDE3-CBC +Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210 +IV = fedcba9876543210 +Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000 +Ciphertext = 3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675 + # RC4 tests (from rc4test) -RC4:0123456789abcdef0123456789abcdef::0123456789abcdef:75b7878099e0c596 -RC4:0123456789abcdef0123456789abcdef::0000000000000000:7494c2e7104b0879 -RC4:00000000000000000000000000000000::0000000000000000:de188941a3375d3a -RC4:ef012345ef012345ef012345ef012345::0000000000000000000000000000000000000000:d6a141a7ec3c38dfbd615a1162e1c7ba36b67858 -RC4:0123456789abcdef0123456789abcdef::123456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345678:66a0949f8af7d6891f7f832ba833c00c892ebe30143ce28740011ecf -RC4:ef012345ef012345ef012345ef012345::00000000000000000000:d6a141a7ec3c38dfbd61 +Cipher = RC4 +Key = 0123456789abcdef0123456789abcdef +Plaintext = 0123456789abcdef +Ciphertext = 75b7878099e0c596 + +Cipher = RC4 +Key = 0123456789abcdef0123456789abcdef +Plaintext = 0000000000000000 +Ciphertext = 7494c2e7104b0879 + +Cipher = RC4 +Key = 00000000000000000000000000000000 +Plaintext = 0000000000000000 +Ciphertext = de188941a3375d3a + +Cipher = RC4 +Key = ef012345ef012345ef012345ef012345 +Plaintext = 0000000000000000000000000000000000000000 +Ciphertext = d6a141a7ec3c38dfbd615a1162e1c7ba36b67858 + +Cipher = RC4 +Key = 0123456789abcdef0123456789abcdef +Plaintext = 123456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345678 +Ciphertext = 66a0949f8af7d6891f7f832ba833c00c892ebe30143ce28740011ecf + +Cipher = RC4 +Key = ef012345ef012345ef012345ef012345 +Plaintext = 00000000000000000000 +Ciphertext = d6a141a7ec3c38dfbd61 + # Camellia tests from RFC3713 # For all ECB encrypts and decrypts, the transformed sequence is # CAMELLIA-bits-ECB:key::plaintext:ciphertext:encdec -CAMELLIA-128-ECB:0123456789abcdeffedcba9876543210::0123456789abcdeffedcba9876543210:67673138549669730857065648eabe43 -CAMELLIA-192-ECB:0123456789abcdeffedcba98765432100011223344556677::0123456789abcdeffedcba9876543210:b4993401b3e996f84ee5cee7d79b09b9 -CAMELLIA-256-ECB:0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff::0123456789abcdeffedcba9876543210:9acc237dff16d76c20ef7c919e3a7509 +Cipher = CAMELLIA-128-ECB +Key = 0123456789abcdeffedcba9876543210 +Plaintext = 0123456789abcdeffedcba9876543210 +Ciphertext = 67673138549669730857065648eabe43 + +Cipher = CAMELLIA-192-ECB +Key = 0123456789abcdeffedcba98765432100011223344556677 +Plaintext = 0123456789abcdeffedcba9876543210 +Ciphertext = b4993401b3e996f84ee5cee7d79b09b9 + +Cipher = CAMELLIA-256-ECB +Key = 0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff +Plaintext = 0123456789abcdeffedcba9876543210 +Ciphertext = 9acc237dff16d76c20ef7c919e3a7509 + # ECB-CAMELLIA128.Encrypt -CAMELLIA-128-ECB:000102030405060708090A0B0C0D0E0F::00112233445566778899AABBCCDDEEFF:77CF412067AF8270613529149919546F:1 -CAMELLIA-192-ECB:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF:B22F3C36B72D31329EEE8ADDC2906C68:1 -CAMELLIA-256-ECB:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF:2EDF1F3418D53B88841FC8985FB1ECF2:1 - -# ECB-CAMELLIA128.Encrypt and ECB-CAMELLIA128.Decrypt -CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::6BC1BEE22E409F96E93D7E117393172A:432FC5DCD628115B7C388D770B270C96 -CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::AE2D8A571E03AC9C9EB76FAC45AF8E51:0BE1F14023782A22E8384C5ABB7FAB2B -CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::30C81C46A35CE411E5FBC1191A0A52EF:A0A1ABCD1893AB6FE0FE5B65DF5F8636 -CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::F69F2445DF4F9B17AD2B417BE66C3710:E61925E0D5DFAA9BB29F815B3076E51A - -# ECB-CAMELLIA192.Encrypt and ECB-CAMELLIA192.Decrypt -CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::6BC1BEE22E409F96E93D7E117393172A:CCCC6C4E138B45848514D48D0D3439D3 -CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::AE2D8A571E03AC9C9EB76FAC45AF8E51:5713C62C14B2EC0F8393B6AFD6F5785A -CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::30C81C46A35CE411E5FBC1191A0A52EF:B40ED2B60EB54D09D030CF511FEEF366 -CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::F69F2445DF4F9B17AD2B417BE66C3710:909DBD95799096748CB27357E73E1D26 - -# ECB-CAMELLIA256.Encrypt and ECB-CAMELLIA256.Decrypt -CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::6BC1BEE22E409F96E93D7E117393172A:BEFD219B112FA00098919CD101C9CCFA -CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::AE2D8A571E03AC9C9EB76FAC45AF8E51:C91D3A8F1AEA08A9386CF4B66C0169EA -CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::30C81C46A35CE411E5FBC1191A0A52EF:A623D711DC5F25A51BB8A80D56397D28 -CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::F69F2445DF4F9B17AD2B417BE66C3710:7960109FB6DC42947FCFE59EA3C5EB6B +Cipher = CAMELLIA-128-ECB +Key = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 00112233445566778899AABBCCDDEEFF +Ciphertext = 77CF412067AF8270613529149919546F + +Cipher = CAMELLIA-192-ECB +Key = 000102030405060708090A0B0C0D0E0F1011121314151617 +Operation = ENCRYPT +Plaintext = 00112233445566778899AABBCCDDEEFF +Ciphertext = B22F3C36B72D31329EEE8ADDC2906C68 + +Cipher = CAMELLIA-256-ECB +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Operation = ENCRYPT +Plaintext = 00112233445566778899AABBCCDDEEFF +Ciphertext = 2EDF1F3418D53B88841FC8985FB1ECF2 + + +# ECB-CAMELLIA128.Encrypt and ECB-CAMELLIA128.Decrypt +Cipher = CAMELLIA-128-ECB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 432FC5DCD628115B7C388D770B270C96 + +Cipher = CAMELLIA-128-ECB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 0BE1F14023782A22E8384C5ABB7FAB2B + +Cipher = CAMELLIA-128-ECB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = A0A1ABCD1893AB6FE0FE5B65DF5F8636 + +Cipher = CAMELLIA-128-ECB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = E61925E0D5DFAA9BB29F815B3076E51A + + +# ECB-CAMELLIA192.Encrypt and ECB-CAMELLIA192.Decrypt +Cipher = CAMELLIA-192-ECB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = CCCC6C4E138B45848514D48D0D3439D3 + +Cipher = CAMELLIA-192-ECB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 5713C62C14B2EC0F8393B6AFD6F5785A + +Cipher = CAMELLIA-192-ECB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = B40ED2B60EB54D09D030CF511FEEF366 + +Cipher = CAMELLIA-192-ECB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 909DBD95799096748CB27357E73E1D26 + + +# ECB-CAMELLIA256.Encrypt and ECB-CAMELLIA256.Decrypt +Cipher = CAMELLIA-256-ECB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = BEFD219B112FA00098919CD101C9CCFA + +Cipher = CAMELLIA-256-ECB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = C91D3A8F1AEA08A9386CF4B66C0169EA + +Cipher = CAMELLIA-256-ECB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = A623D711DC5F25A51BB8A80D56397D28 + +Cipher = CAMELLIA-256-ECB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 7960109FB6DC42947FCFE59EA3C5EB6B + # For all CBC encrypts and decrypts, the transformed sequence is # CAMELLIA-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec -# CBC-CAMELLIA128.Encrypt and CBC-CAMELLIA128.Decrypt -CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:1607CF494B36BBF00DAEB0B503C831AB -CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:1607CF494B36BBF00DAEB0B503C831AB:AE2D8A571E03AC9C9EB76FAC45AF8E51:A2F2CF671629EF7840C5A5DFB5074887 -CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:A2F2CF671629EF7840C5A5DFB5074887:30C81C46A35CE411E5FBC1191A0A52EF:0F06165008CF8B8B5A63586362543E54 -CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:36A84CDAFD5F9A85ADA0F0A993D6D577:F69F2445DF4F9B17AD2B417BE66C3710:74C64268CDB8B8FAF5B34E8AF3732980 - -# CBC-CAMELLIA192.Encrypt and CBC-CAMELLIA192.Decrypt -CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:2A4830AB5AC4A1A2405955FD2195CF93 -CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2A4830AB5AC4A1A2405955FD2195CF93:AE2D8A571E03AC9C9EB76FAC45AF8E51:5D5A869BD14CE54264F892A6DD2EC3D5 -CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:5D5A869BD14CE54264F892A6DD2EC3D5:30C81C46A35CE411E5FBC1191A0A52EF:37D359C3349836D884E310ADDF68C449 -CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:37D359C3349836D884E310ADDF68C449:F69F2445DF4F9B17AD2B417BE66C3710:01FAAA930B4AB9916E9668E1428C6B08 - -# CBC-CAMELLIA256.Encrypt and CBC-CAMELLIA256.Decrypt -CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:E6CFA35FC02B134A4D2C0B6737AC3EDA -CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E6CFA35FC02B134A4D2C0B6737AC3EDA:AE2D8A571E03AC9C9EB76FAC45AF8E51:36CBEB73BD504B4070B1B7DE2B21EB50 -CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:36CBEB73BD504B4070B1B7DE2B21EB50:30C81C46A35CE411E5FBC1191A0A52EF:E31A6055297D96CA3330CDF1B1860A83 -CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E31A6055297D96CA3330CDF1B1860A83:F69F2445DF4F9B17AD2B417BE66C3710:5D563F6D1CCCF236051C0C5C1C58F28F +# CBC-CAMELLIA128.Encrypt and CBC-CAMELLIA128.Decrypt +Cipher = CAMELLIA-128-CBC +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 1607CF494B36BBF00DAEB0B503C831AB + +Cipher = CAMELLIA-128-CBC +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 1607CF494B36BBF00DAEB0B503C831AB +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = A2F2CF671629EF7840C5A5DFB5074887 + +Cipher = CAMELLIA-128-CBC +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = A2F2CF671629EF7840C5A5DFB5074887 +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 0F06165008CF8B8B5A63586362543E54 + +Cipher = CAMELLIA-128-CBC +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 36A84CDAFD5F9A85ADA0F0A993D6D577 +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 74C64268CDB8B8FAF5B34E8AF3732980 + + +# CBC-CAMELLIA192.Encrypt and CBC-CAMELLIA192.Decrypt +Cipher = CAMELLIA-192-CBC +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 2A4830AB5AC4A1A2405955FD2195CF93 + +Cipher = CAMELLIA-192-CBC +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 2A4830AB5AC4A1A2405955FD2195CF93 +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 5D5A869BD14CE54264F892A6DD2EC3D5 + +Cipher = CAMELLIA-192-CBC +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 5D5A869BD14CE54264F892A6DD2EC3D5 +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 37D359C3349836D884E310ADDF68C449 + +Cipher = CAMELLIA-192-CBC +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 37D359C3349836D884E310ADDF68C449 +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 01FAAA930B4AB9916E9668E1428C6B08 + + +# CBC-CAMELLIA256.Encrypt and CBC-CAMELLIA256.Decrypt +Cipher = CAMELLIA-256-CBC +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = E6CFA35FC02B134A4D2C0B6737AC3EDA + +Cipher = CAMELLIA-256-CBC +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = E6CFA35FC02B134A4D2C0B6737AC3EDA +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 36CBEB73BD504B4070B1B7DE2B21EB50 + +Cipher = CAMELLIA-256-CBC +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 36CBEB73BD504B4070B1B7DE2B21EB50 +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = E31A6055297D96CA3330CDF1B1860A83 + +Cipher = CAMELLIA-256-CBC +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = E31A6055297D96CA3330CDF1B1860A83 +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 5D563F6D1CCCF236051C0C5C1C58F28F + # We don't support CFB{1,8}-CAMELLIAxxx.{En,De}crypt # For all CFB128 encrypts and decrypts, the transformed sequence is # CAMELLIA-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec -# CFB128-CAMELLIA128.Encrypt -CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:1 -CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:14F7646187817EB586599146B82BD719:AE2D8A571E03AC9C9EB76FAC45AF8E51:A53D28BB82DF741103EA4F921A44880B:1 -CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:A53D28BB82DF741103EA4F921A44880B:30C81C46A35CE411E5FBC1191A0A52EF:9C2157A664626D1DEF9EA420FDE69B96:1 -CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:9C2157A664626D1DEF9EA420FDE69B96:F69F2445DF4F9B17AD2B417BE66C3710:742A25F0542340C7BAEF24CA8482BB09:1 - -# CFB128-CAMELLIA128.Decrypt -CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:0 -CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:14F7646187817EB586599146B82BD719:AE2D8A571E03AC9C9EB76FAC45AF8E51:A53D28BB82DF741103EA4F921A44880B:0 -CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:A53D28BB82DF741103EA4F921A44880B:30C81C46A35CE411E5FBC1191A0A52EF:9C2157A664626D1DEF9EA420FDE69B96:0 -CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:9C2157A664626D1DEF9EA420FDE69B96:F69F2445DF4F9B17AD2B417BE66C3710:742A25F0542340C7BAEF24CA8482BB09:0 +# CFB128-CAMELLIA128.Encrypt +Cipher = CAMELLIA-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 14F7646187817EB586599146B82BD719 + +Cipher = CAMELLIA-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 14F7646187817EB586599146B82BD719 +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = A53D28BB82DF741103EA4F921A44880B + +Cipher = CAMELLIA-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = A53D28BB82DF741103EA4F921A44880B +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 9C2157A664626D1DEF9EA420FDE69B96 + +Cipher = CAMELLIA-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 9C2157A664626D1DEF9EA420FDE69B96 +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 742A25F0542340C7BAEF24CA8482BB09 + + +# CFB128-CAMELLIA128.Decrypt +Cipher = CAMELLIA-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 14F7646187817EB586599146B82BD719 + +Cipher = CAMELLIA-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 14F7646187817EB586599146B82BD719 +Operation = DECRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = A53D28BB82DF741103EA4F921A44880B + +Cipher = CAMELLIA-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = A53D28BB82DF741103EA4F921A44880B +Operation = DECRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 9C2157A664626D1DEF9EA420FDE69B96 + +Cipher = CAMELLIA-128-CFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 9C2157A664626D1DEF9EA420FDE69B96 +Operation = DECRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 742A25F0542340C7BAEF24CA8482BB09 + # CFB128-CAMELLIA192.Encrypt -CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:1 -CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:C832BB9780677DAA82D9B6860DCD565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:86F8491627906D780C7A6D46EA331F98:1 -CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:86F8491627906D780C7A6D46EA331F98:30C81C46A35CE411E5FBC1191A0A52EF:69511CCE594CF710CB98BB63D7221F01:1 -CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:69511CCE594CF710CB98BB63D7221F01:F69F2445DF4F9B17AD2B417BE66C3710:D5B5378A3ABED55803F25565D8907B84:1 +Cipher = CAMELLIA-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = C832BB9780677DAA82D9B6860DCD565E + +Cipher = CAMELLIA-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = C832BB9780677DAA82D9B6860DCD565E +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 86F8491627906D780C7A6D46EA331F98 + +Cipher = CAMELLIA-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 86F8491627906D780C7A6D46EA331F98 +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 69511CCE594CF710CB98BB63D7221F01 + +Cipher = CAMELLIA-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 69511CCE594CF710CB98BB63D7221F01 +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = D5B5378A3ABED55803F25565D8907B84 + # CFB128-CAMELLIA192.Decrypt -CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:0 -CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:C832BB9780677DAA82D9B6860DCD565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:86F8491627906D780C7A6D46EA331F98:0 -CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:86F8491627906D780C7A6D46EA331F98:30C81C46A35CE411E5FBC1191A0A52EF:69511CCE594CF710CB98BB63D7221F01:0 -CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:69511CCE594CF710CB98BB63D7221F01:F69F2445DF4F9B17AD2B417BE66C3710:D5B5378A3ABED55803F25565D8907B84:0 - -# CFB128-CAMELLIA256.Encrypt -CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:1 -CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:CF6107BB0CEA7D7FB1BD31F5E7B06C93:AE2D8A571E03AC9C9EB76FAC45AF8E51:89BEDB4CCDD864EA11BA4CBE849B5E2B:1 -CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:89BEDB4CCDD864EA11BA4CBE849B5E2B:30C81C46A35CE411E5FBC1191A0A52EF:555FC3F34BDD2D54C62D9E3BF338C1C4:1 -CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:555FC3F34BDD2D54C62D9E3BF338C1C4:F69F2445DF4F9B17AD2B417BE66C3710:5953ADCE14DB8C7F39F1BD39F359BFFA:1 - -# CFB128-CAMELLIA256.Decrypt -CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:0 -CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:CF6107BB0CEA7D7FB1BD31F5E7B06C93:AE2D8A571E03AC9C9EB76FAC45AF8E51:89BEDB4CCDD864EA11BA4CBE849B5E2B:0 -CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:89BEDB4CCDD864EA11BA4CBE849B5E2B:30C81C46A35CE411E5FBC1191A0A52EF:555FC3F34BDD2D54C62D9E3BF338C1C4:0 -CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:555FC3F34BDD2D54C62D9E3BF338C1C4:F69F2445DF4F9B17AD2B417BE66C3710:5953ADCE14DB8C7F39F1BD39F359BFFA:0 +Cipher = CAMELLIA-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = C832BB9780677DAA82D9B6860DCD565E + +Cipher = CAMELLIA-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = C832BB9780677DAA82D9B6860DCD565E +Operation = DECRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 86F8491627906D780C7A6D46EA331F98 + +Cipher = CAMELLIA-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 86F8491627906D780C7A6D46EA331F98 +Operation = DECRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 69511CCE594CF710CB98BB63D7221F01 + +Cipher = CAMELLIA-192-CFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 69511CCE594CF710CB98BB63D7221F01 +Operation = DECRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = D5B5378A3ABED55803F25565D8907B84 + + +# CFB128-CAMELLIA256.Encrypt +Cipher = CAMELLIA-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = CF6107BB0CEA7D7FB1BD31F5E7B06C93 + +Cipher = CAMELLIA-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = CF6107BB0CEA7D7FB1BD31F5E7B06C93 +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 89BEDB4CCDD864EA11BA4CBE849B5E2B + +Cipher = CAMELLIA-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 89BEDB4CCDD864EA11BA4CBE849B5E2B +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 555FC3F34BDD2D54C62D9E3BF338C1C4 + +Cipher = CAMELLIA-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 555FC3F34BDD2D54C62D9E3BF338C1C4 +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 5953ADCE14DB8C7F39F1BD39F359BFFA + + +# CFB128-CAMELLIA256.Decrypt +Cipher = CAMELLIA-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = CF6107BB0CEA7D7FB1BD31F5E7B06C93 + +Cipher = CAMELLIA-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = CF6107BB0CEA7D7FB1BD31F5E7B06C93 +Operation = DECRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 89BEDB4CCDD864EA11BA4CBE849B5E2B + +Cipher = CAMELLIA-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 89BEDB4CCDD864EA11BA4CBE849B5E2B +Operation = DECRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 555FC3F34BDD2D54C62D9E3BF338C1C4 + +Cipher = CAMELLIA-256-CFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 555FC3F34BDD2D54C62D9E3BF338C1C4 +Operation = DECRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 5953ADCE14DB8C7F39F1BD39F359BFFA + # For all OFB encrypts and decrypts, the transformed sequence is # CAMELLIA-bits-OFB:key:IV/output':plaintext:ciphertext:encdec -# OFB-CAMELLIA128.Encrypt -CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:1 -CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:25623DB569CA51E01482649977E28D84:1 -CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:C776634A60729DC657D12B9FCA801E98:1 -CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:D776379BE0E50825E681DA1A4C980E8E:1 - -# OFB-CAMELLIA128.Decrypt -CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:0 -CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:25623DB569CA51E01482649977E28D84:0 -CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:C776634A60729DC657D12B9FCA801E98:0 -CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:D776379BE0E50825E681DA1A4C980E8E:0 - -# OFB-CAMELLIA192.Encrypt -CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:1 -CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:8ECEB7D0350D72C7F78562AEBDF99339:1 -CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:BDD62DBBB9700846C53B507F544696F0:1 -CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:E28014E046B802F385C4C2E13EAD4A72:1 - -# OFB-CAMELLIA192.Decrypt -CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:0 -CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:8ECEB7D0350D72C7F78562AEBDF99339:0 -CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:BDD62DBBB9700846C53B507F544696F0:0 -CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:E28014E046B802F385C4C2E13EAD4A72:0 - -# OFB-CAMELLIA256.Encrypt -CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:1 -CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:127AD97E8E3994E4820027D7BA109368:1 -CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:6BFF6265A6A6B7A535BC65A80B17214E:1 -CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0A4A0404E26AA78A27CB271E8BF3CF20:1 - -# OFB-CAMELLIA256.Decrypt -CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:0 -CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:127AD97E8E3994E4820027D7BA109368:0 -CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:6BFF6265A6A6B7A535BC65A80B17214E:0 -CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0A4A0404E26AA78A27CB271E8BF3CF20:0 +# OFB-CAMELLIA128.Encrypt +Cipher = CAMELLIA-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 14F7646187817EB586599146B82BD719 + +Cipher = CAMELLIA-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 50FE67CC996D32B6DA0937E99BAFEC60 +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 25623DB569CA51E01482649977E28D84 + +Cipher = CAMELLIA-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = D9A4DADA0892239F6B8B3D7680E15674 +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = C776634A60729DC657D12B9FCA801E98 + +Cipher = CAMELLIA-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = A78819583F0308E7A6BF36B1386ABF23 +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = D776379BE0E50825E681DA1A4C980E8E + + +# OFB-CAMELLIA128.Decrypt +Cipher = CAMELLIA-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 14F7646187817EB586599146B82BD719 + +Cipher = CAMELLIA-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 50FE67CC996D32B6DA0937E99BAFEC60 +Operation = DECRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 25623DB569CA51E01482649977E28D84 + +Cipher = CAMELLIA-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = D9A4DADA0892239F6B8B3D7680E15674 +Operation = DECRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = C776634A60729DC657D12B9FCA801E98 + +Cipher = CAMELLIA-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = A78819583F0308E7A6BF36B1386ABF23 +Operation = DECRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = D776379BE0E50825E681DA1A4C980E8E + + +# OFB-CAMELLIA192.Encrypt +Cipher = CAMELLIA-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = C832BB9780677DAA82D9B6860DCD565E + +Cipher = CAMELLIA-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = A609B38DF3B1133DDDFF2718BA09565E +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 8ECEB7D0350D72C7F78562AEBDF99339 + +Cipher = CAMELLIA-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 52EF01DA52602FE0975F78AC84BF8A50 +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = BDD62DBBB9700846C53B507F544696F0 + +Cipher = CAMELLIA-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = BD5286AC63AABD7EB067AC54B553F71D +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = E28014E046B802F385C4C2E13EAD4A72 + + +# OFB-CAMELLIA192.Decrypt +Cipher = CAMELLIA-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = C832BB9780677DAA82D9B6860DCD565E + +Cipher = CAMELLIA-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = A609B38DF3B1133DDDFF2718BA09565E +Operation = DECRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 8ECEB7D0350D72C7F78562AEBDF99339 + +Cipher = CAMELLIA-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 52EF01DA52602FE0975F78AC84BF8A50 +Operation = DECRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = BDD62DBBB9700846C53B507F544696F0 + +Cipher = CAMELLIA-192-OFB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = BD5286AC63AABD7EB067AC54B553F71D +Operation = DECRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = E28014E046B802F385C4C2E13EAD4A72 + + +# OFB-CAMELLIA256.Encrypt +Cipher = CAMELLIA-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = CF6107BB0CEA7D7FB1BD31F5E7B06C93 + +Cipher = CAMELLIA-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = B7BF3A5DF43989DD97F0FA97EBCE2F4A +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 127AD97E8E3994E4820027D7BA109368 + +Cipher = CAMELLIA-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = E1C656305ED1A7A6563805746FE03EDC +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 6BFF6265A6A6B7A535BC65A80B17214E + +Cipher = CAMELLIA-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 41635BE625B48AFC1666DD42A09D96E7 +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 0A4A0404E26AA78A27CB271E8BF3CF20 + + +# OFB-CAMELLIA256.Decrypt +Cipher = CAMELLIA-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = CF6107BB0CEA7D7FB1BD31F5E7B06C93 + +Cipher = CAMELLIA-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = B7BF3A5DF43989DD97F0FA97EBCE2F4A +Operation = DECRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 127AD97E8E3994E4820027D7BA109368 + +Cipher = CAMELLIA-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = E1C656305ED1A7A6563805746FE03EDC +Operation = DECRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 6BFF6265A6A6B7A535BC65A80B17214E + +Cipher = CAMELLIA-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 41635BE625B48AFC1666DD42A09D96E7 +Operation = DECRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 0A4A0404E26AA78A27CB271E8BF3CF20 + # SEED test vectors from RFC4269 -SEED-ECB:00000000000000000000000000000000::000102030405060708090A0B0C0D0E0F:5EBAC6E0054E166819AFF1CC6D346CDB:0 -SEED-ECB:000102030405060708090A0B0C0D0E0F::00000000000000000000000000000000:C11F22F20140505084483597E4370F43:0 -SEED-ECB:4706480851E61BE85D74BFB3FD956185::83A2F8A288641FB9A4E9A5CC2F131C7D:EE54D13EBCAE706D226BC3142CD40D4A:0 -SEED-ECB:28DBC3BC49FFD87DCFA509B11D422BE7::B41E6BE2EBA84A148E2EED84593C5EC7:9B9B7BFCD1813CB95D0B3618F40F5122:0 -SEED-ECB:00000000000000000000000000000000::000102030405060708090A0B0C0D0E0F:5EBAC6E0054E166819AFF1CC6D346CDB:1 -SEED-ECB:000102030405060708090A0B0C0D0E0F::00000000000000000000000000000000:C11F22F20140505084483597E4370F43:1 -SEED-ECB:4706480851E61BE85D74BFB3FD956185::83A2F8A288641FB9A4E9A5CC2F131C7D:EE54D13EBCAE706D226BC3142CD40D4A:1 -SEED-ECB:28DBC3BC49FFD87DCFA509B11D422BE7::B41E6BE2EBA84A148E2EED84593C5EC7:9B9B7BFCD1813CB95D0B3618F40F5122:1 +Cipher = SEED-ECB +Key = 00000000000000000000000000000000 +Operation = DECRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F +Ciphertext = 5EBAC6E0054E166819AFF1CC6D346CDB + +Cipher = SEED-ECB +Key = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 00000000000000000000000000000000 +Ciphertext = C11F22F20140505084483597E4370F43 + +Cipher = SEED-ECB +Key = 4706480851E61BE85D74BFB3FD956185 +Operation = DECRYPT +Plaintext = 83A2F8A288641FB9A4E9A5CC2F131C7D +Ciphertext = EE54D13EBCAE706D226BC3142CD40D4A + +Cipher = SEED-ECB +Key = 28DBC3BC49FFD87DCFA509B11D422BE7 +Operation = DECRYPT +Plaintext = B41E6BE2EBA84A148E2EED84593C5EC7 +Ciphertext = 9B9B7BFCD1813CB95D0B3618F40F5122 + +Cipher = SEED-ECB +Key = 00000000000000000000000000000000 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F +Ciphertext = 5EBAC6E0054E166819AFF1CC6D346CDB + +Cipher = SEED-ECB +Key = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 00000000000000000000000000000000 +Ciphertext = C11F22F20140505084483597E4370F43 + +Cipher = SEED-ECB +Key = 4706480851E61BE85D74BFB3FD956185 +Operation = ENCRYPT +Plaintext = 83A2F8A288641FB9A4E9A5CC2F131C7D +Ciphertext = EE54D13EBCAE706D226BC3142CD40D4A + +Cipher = SEED-ECB +Key = 28DBC3BC49FFD87DCFA509B11D422BE7 +Operation = ENCRYPT +Plaintext = B41E6BE2EBA84A148E2EED84593C5EC7 +Ciphertext = 9B9B7BFCD1813CB95D0B3618F40F5122 + # AES CCM 256 bit key -aes-256-ccm:1bde3251d41a8b5ea013c195ae128b218b3e0306376357077ef1c1c78548b92e:5b8e40746f6b98e00f1d13ff41:53bd72a97089e312422bf72e242377b3c6ee3e2075389b999c4ef7f28bd2b80a:9a5fcccdb4cf04e7293d2775cc76a488f042382d949b43b7d6bb2b9864786726:c17a32514eb6103f3249e076d4c871dc97e04b286699e54491dc18f6d734d4c0:2024931d73bca480c24a24ece6b6c2bf +Cipher = aes-256-ccm +Key = 1bde3251d41a8b5ea013c195ae128b218b3e0306376357077ef1c1c78548b92e +IV = 5b8e40746f6b98e00f1d13ff41 +AAD = c17a32514eb6103f3249e076d4c871dc97e04b286699e54491dc18f6d734d4c0 +Tag = 2024931d73bca480c24a24ece6b6c2bf +Plaintext = 53bd72a97089e312422bf72e242377b3c6ee3e2075389b999c4ef7f28bd2b80a +Ciphertext = 9a5fcccdb4cf04e7293d2775cc76a488f042382d949b43b7d6bb2b9864786726 + # AES GCM test vectors from http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf -aes-128-gcm:00000000000000000000000000000000:000000000000000000000000::::58e2fccefa7e3061367f1d57a4e7455a -aes-128-gcm:00000000000000000000000000000000:000000000000000000000000:00000000000000000000000000000000:0388dace60b6a392f328c2b971b2fe78::ab6e47d42cec13bdf53a67b21257bddf -aes-128-gcm:feffe9928665731c6d6a8f9467308308:cafebabefacedbaddecaf888:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255:42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985::4d5c2af327cd64a62cf35abd2ba6fab4 -aes-128-gcm:feffe9928665731c6d6a8f9467308308:cafebabefacedbaddecaf888:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39:42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091:feedfacedeadbeeffeedfacedeadbeefabaddad2:5bc94fbc3221a5db94fae95ae7121a47 -aes-128-gcm:feffe9928665731c6d6a8f9467308308:cafebabefacedbad:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39:61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598:feedfacedeadbeeffeedfacedeadbeefabaddad2:3612d2e79e3b0785561be14aaca2fccb -aes-128-gcm:feffe9928665731c6d6a8f9467308308:9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39:8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5:feedfacedeadbeeffeedfacedeadbeefabaddad2:619cc5aefffe0bfa462af43c1699d050 -aes-192-gcm:000000000000000000000000000000000000000000000000:000000000000000000000000::::cd33b28ac773f74ba00ed1f312572435 -aes-192-gcm:000000000000000000000000000000000000000000000000:000000000000000000000000:00000000000000000000000000000000:98e7247c07f0fe411c267e4384b0f600::2ff58d80033927ab8ef4d4587514f0fb -aes-192-gcm:feffe9928665731c6d6a8f9467308308feffe9928665731c:cafebabefacedbaddecaf888:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255:3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256::9924a7c8587336bfb118024db8674a14 -aes-192-gcm:feffe9928665731c6d6a8f9467308308feffe9928665731c:cafebabefacedbaddecaf888:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39:3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710:feedfacedeadbeeffeedfacedeadbeefabaddad2:2519498e80f1478f37ba55bd6d27618c -aes-192-gcm:feffe9928665731c6d6a8f9467308308feffe9928665731c:cafebabefacedbad:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39:0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7:feedfacedeadbeeffeedfacedeadbeefabaddad2:65dcc57fcf623a24094fcca40d3533f8 -aes-192-gcm:feffe9928665731c6d6a8f9467308308feffe9928665731c:9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39:d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b:feedfacedeadbeeffeedfacedeadbeefabaddad2:dcf566ff291c25bbb8568fc3d376a6d9 -aes-256-gcm:0000000000000000000000000000000000000000000000000000000000000000:000000000000000000000000::::530f8afbc74536b9a963b4f1c4cb738b -aes-256-gcm:0000000000000000000000000000000000000000000000000000000000000000:000000000000000000000000:00000000000000000000000000000000:cea7403d4d606b6e074ec5d3baf39d18::d0d1c8a799996bf0265b98b5d48ab919 -aes-256-gcm:feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308:cafebabefacedbaddecaf888:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255:522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad::b094dac5d93471bdec1a502270e3cc6c -aes-256-gcm:feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308:cafebabefacedbaddecaf888:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39:522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662:feedfacedeadbeeffeedfacedeadbeefabaddad2:76fc6ece0f4e1768cddf8853bb2d551b -aes-256-gcm:feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308:cafebabefacedbad:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39:c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f:feedfacedeadbeeffeedfacedeadbeefabaddad2:3a337dbf46a792c45e454913fe2ea8f2 -aes-256-gcm:feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308:9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39:5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f:feedfacedeadbeeffeedfacedeadbeefabaddad2:a44a8266ee1c8eb0c8b5d4cf5ae9f19a +Cipher = aes-128-gcm +Key = 00000000000000000000000000000000 +IV = 000000000000000000000000 +AAD = +Tag = 58e2fccefa7e3061367f1d57a4e7455a +Plaintext = +Ciphertext = + +Cipher = aes-128-gcm +Key = 00000000000000000000000000000000 +IV = 000000000000000000000000 +AAD = +Tag = ab6e47d42cec13bdf53a67b21257bddf +Plaintext = 00000000000000000000000000000000 +Ciphertext = 0388dace60b6a392f328c2b971b2fe78 + +Cipher = aes-128-gcm +Key = feffe9928665731c6d6a8f9467308308 +IV = cafebabefacedbaddecaf888 +AAD = +Tag = 4d5c2af327cd64a62cf35abd2ba6fab4 +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255 +Ciphertext = 42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985 + +Cipher = aes-128-gcm +Key = feffe9928665731c6d6a8f9467308308 +IV = cafebabefacedbaddecaf888 +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = 5bc94fbc3221a5db94fae95ae7121a47 +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = 42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091 + +Cipher = aes-128-gcm +Key = feffe9928665731c6d6a8f9467308308 +IV = cafebabefacedbad +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = 3612d2e79e3b0785561be14aaca2fccb +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = 61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598 + +Cipher = aes-128-gcm +Key = feffe9928665731c6d6a8f9467308308 +IV = 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = 619cc5aefffe0bfa462af43c1699d050 +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = 8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5 + +Cipher = aes-192-gcm +Key = 000000000000000000000000000000000000000000000000 +IV = 000000000000000000000000 +AAD = +Tag = cd33b28ac773f74ba00ed1f312572435 +Plaintext = +Ciphertext = + +Cipher = aes-192-gcm +Key = 000000000000000000000000000000000000000000000000 +IV = 000000000000000000000000 +AAD = +Tag = 2ff58d80033927ab8ef4d4587514f0fb +Plaintext = 00000000000000000000000000000000 +Ciphertext = 98e7247c07f0fe411c267e4384b0f600 + +Cipher = aes-192-gcm +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c +IV = cafebabefacedbaddecaf888 +AAD = +Tag = 9924a7c8587336bfb118024db8674a14 +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255 +Ciphertext = 3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256 + +Cipher = aes-192-gcm +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c +IV = cafebabefacedbaddecaf888 +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = 2519498e80f1478f37ba55bd6d27618c +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = 3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710 + +Cipher = aes-192-gcm +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c +IV = cafebabefacedbad +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = 65dcc57fcf623a24094fcca40d3533f8 +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = 0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7 + +Cipher = aes-192-gcm +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c +IV = 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = dcf566ff291c25bbb8568fc3d376a6d9 +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b + +Cipher = aes-256-gcm +Key = 0000000000000000000000000000000000000000000000000000000000000000 +IV = 000000000000000000000000 +AAD = +Tag = 530f8afbc74536b9a963b4f1c4cb738b +Plaintext = +Ciphertext = + +Cipher = aes-256-gcm +Key = 0000000000000000000000000000000000000000000000000000000000000000 +IV = 000000000000000000000000 +AAD = +Tag = d0d1c8a799996bf0265b98b5d48ab919 +Plaintext = 00000000000000000000000000000000 +Ciphertext = cea7403d4d606b6e074ec5d3baf39d18 + +Cipher = aes-256-gcm +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 +IV = cafebabefacedbaddecaf888 +AAD = +Tag = b094dac5d93471bdec1a502270e3cc6c +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255 +Ciphertext = 522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad + +Cipher = aes-256-gcm +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 +IV = cafebabefacedbaddecaf888 +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = 76fc6ece0f4e1768cddf8853bb2d551b +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = 522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662 + +Cipher = aes-256-gcm +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 +IV = cafebabefacedbad +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = 3a337dbf46a792c45e454913fe2ea8f2 +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f + +Cipher = aes-256-gcm +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 +IV = 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = a44a8266ee1c8eb0c8b5d4cf5ae9f19a +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = 5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f + # local add-ons, primarily streaming ghash tests # 128 bytes aad -aes-128-gcm:00000000000000000000000000000000:000000000000000000000000:::d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad:5fea793a2d6f974d37e68e0cb8ff9492 +Cipher = aes-128-gcm +Key = 00000000000000000000000000000000 +IV = 000000000000000000000000 +AAD = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad +Tag = 5fea793a2d6f974d37e68e0cb8ff9492 +Plaintext = +Ciphertext = + # 48 bytes plaintext -aes-128-gcm:00000000000000000000000000000000:000000000000000000000000:000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:0388dace60b6a392f328c2b971b2fe78f795aaab494b5923f7fd89ff948bc1e0200211214e7394da2089b6acd093abe0::9dd0a376b08e40eb00c35f29f9ea61a4 +Cipher = aes-128-gcm +Key = 00000000000000000000000000000000 +IV = 000000000000000000000000 +AAD = +Tag = 9dd0a376b08e40eb00c35f29f9ea61a4 +Plaintext = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Ciphertext = 0388dace60b6a392f328c2b971b2fe78f795aaab494b5923f7fd89ff948bc1e0200211214e7394da2089b6acd093abe0 + # 80 bytes plaintext -aes-128-gcm:00000000000000000000000000000000:000000000000000000000000:0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:0388dace60b6a392f328c2b971b2fe78f795aaab494b5923f7fd89ff948bc1e0200211214e7394da2089b6acd093abe0c94da219118e297d7b7ebcbcc9c388f28ade7d85a8ee35616f7124a9d5270291::98885a3a22bd4742fe7b72172193b163 +Cipher = aes-128-gcm +Key = 00000000000000000000000000000000 +IV = 000000000000000000000000 +AAD = +Tag = 98885a3a22bd4742fe7b72172193b163 +Plaintext = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Ciphertext = 0388dace60b6a392f328c2b971b2fe78f795aaab494b5923f7fd89ff948bc1e0200211214e7394da2089b6acd093abe0c94da219118e297d7b7ebcbcc9c388f28ade7d85a8ee35616f7124a9d5270291 + # 128 bytes plaintext -aes-128-gcm:00000000000000000000000000000000:000000000000000000000000:0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:0388dace60b6a392f328c2b971b2fe78f795aaab494b5923f7fd89ff948bc1e0200211214e7394da2089b6acd093abe0c94da219118e297d7b7ebcbcc9c388f28ade7d85a8ee35616f7124a9d527029195b84d1b96c690ff2f2de30bf2ec89e00253786e126504f0dab90c48a30321de3345e6b0461e7c9e6c6b7afedde83f40::cac45f60e31efd3b5a43b98a22ce1aa1 +Cipher = aes-128-gcm +Key = 00000000000000000000000000000000 +IV = 000000000000000000000000 +AAD = +Tag = cac45f60e31efd3b5a43b98a22ce1aa1 +Plaintext = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Ciphertext = 0388dace60b6a392f328c2b971b2fe78f795aaab494b5923f7fd89ff948bc1e0200211214e7394da2089b6acd093abe0c94da219118e297d7b7ebcbcc9c388f28ade7d85a8ee35616f7124a9d527029195b84d1b96c690ff2f2de30bf2ec89e00253786e126504f0dab90c48a30321de3345e6b0461e7c9e6c6b7afedde83f40 + # 192 bytes plaintext, iv is chosen so that initial counter LSB is 0xFF -aes-128-gcm:00000000000000000000000000000000:ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:56b3373ca9ef6e4a2b64fe1e9a17b61425f10d47a75a5fce13efc6bc784af24f4141bdd48cf7c770887afd573cca5418a9aeffcd7c5ceddfc6a78397b9a85b499da558257267caab2ad0b23ca476a53cb17fb41c4b8b475cb4f3f7165094c229c9e8c4dc0a2a5ff1903e501511221376a1cdb8364c5061a20cae74bc4acd76ceb0abc9fd3217ef9f8c90be402ddf6d8697f4f880dff15bfb7a6b28241ec8fe183c2d59e3f9dfff653c7126f0acb9e64211f42bae12af462b1070bef1ab5e3606::566f8ef683078bfdeeffa869d751a017 +Cipher = aes-128-gcm +Key = 00000000000000000000000000000000 +IV = ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +AAD = +Tag = 566f8ef683078bfdeeffa869d751a017 +Plaintext = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Ciphertext = 56b3373ca9ef6e4a2b64fe1e9a17b61425f10d47a75a5fce13efc6bc784af24f4141bdd48cf7c770887afd573cca5418a9aeffcd7c5ceddfc6a78397b9a85b499da558257267caab2ad0b23ca476a53cb17fb41c4b8b475cb4f3f7165094c229c9e8c4dc0a2a5ff1903e501511221376a1cdb8364c5061a20cae74bc4acd76ceb0abc9fd3217ef9f8c90be402ddf6d8697f4f880dff15bfb7a6b28241ec8fe183c2d59e3f9dfff653c7126f0acb9e64211f42bae12af462b1070bef1ab5e3606 + # 288 bytes plaintext, iv is chosen so that initial counter LSB is 0xFF -aes-128-gcm:00000000000000000000000000000000:ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:56b3373ca9ef6e4a2b64fe1e9a17b61425f10d47a75a5fce13efc6bc784af24f4141bdd48cf7c770887afd573cca5418a9aeffcd7c5ceddfc6a78397b9a85b499da558257267caab2ad0b23ca476a53cb17fb41c4b8b475cb4f3f7165094c229c9e8c4dc0a2a5ff1903e501511221376a1cdb8364c5061a20cae74 bc4acd76ceb0abc9fd3217ef9f8c90be402ddf6d8697f4f880dff15bfb7a6b28241ec8fe183c2d59e3f9dfff653c7126f0acb9e64211f42bae12af462b1070bef1ab5e3606872ca10dee15b3249b1a1b958f23134c4bccb7d03200bce420a2f8eb66dcf3644d1423c1b5699003c13ecef4bf38a3b60eedc34033bac1902783dc6d89e2e774188a439c7ebcc0672dbda4ddcfb2794613b0be41315ef778708a70ee7d75165c::8b307f6b33286d0ab026a9ed3fe1e85f +Cipher = aes-128-gcm +Key = 00000000000000000000000000000000 +IV = ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +AAD = +Tag = 8b307f6b33286d0ab026a9ed3fe1e85f +Plaintext = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Ciphertext = 56b3373ca9ef6e4a2b64fe1e9a17b61425f10d47a75a5fce13efc6bc784af24f4141bdd48cf7c770887afd573cca5418a9aeffcd7c5ceddfc6a78397b9a85b499da558257267caab2ad0b23ca476a53cb17fb41c4b8b475cb4f3f7165094c229c9e8c4dc0a2a5ff1903e501511221376a1cdb8364c5061a20cae74bc4acd76ceb0abc9fd3217ef9f8c90be402ddf6d8697f4f880dff15bfb7a6b28241ec8fe183c2d59e3f9dfff653c7126f0acb9e64211f42bae12af462b1070bef1ab5e3606872ca10dee15b3249b1a1b958f23134c4bccb7d03200bce420a2f8eb66dcf3644d1423c1b5699003c13ecef4bf38a3b60eedc34033bac1902783dc6d89e2e774188a439c7ebcc0672dbda4ddcfb2794613b0be41315ef778708a70ee7d75165c + # 80 bytes plaintext, submitted by Intel -aes-128-gcm:843ffcf5d2b72694d19ed01d01249412:dbcca32ebf9b804617c3aa9e:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f:6268c6fa2a80b2d137467f092f657ac04d89be2beaa623d61b5a868c8f03ff95d3dcee23ad2f1ab3a6c80eaf4b140eb05de3457f0fbc111a6b43d0763aa422a3013cf1dc37fe417d1fbfc449b75d4cc5:00000000000000000000000000000000101112131415161718191a1b1c1d1e1f:3b629ccfbc1119b7319e1dce2cd6fd6d - -#AES OCB Test vectors -aes-128-ocb:000102030405060708090A0B0C0D0E0F:000102030405060708090A0B::::197B9C3C441D3C83EAFB2BEF633B9182 -aes-128-ocb:000102030405060708090A0B0C0D0E0F:000102030405060708090A0B:0001020304050607:92B657130A74B85A:0001020304050607:16DC76A46D47E1EAD537209E8A96D14E -aes-128-ocb:000102030405060708090A0B0C0D0E0F:000102030405060708090A0B:::0001020304050607:98B91552C8C009185044E30A6EB2FE21 -aes-128-ocb:000102030405060708090A0B0C0D0E0F:000102030405060708090A0B:0001020304050607:92B657130A74B85A::971EFFCAE19AD4716F88E87B871FBEED -aes-128-ocb:000102030405060708090A0B0C0D0E0F:000102030405060708090A0B:000102030405060708090A0B0C0D0E0F:BEA5E8798DBE7110031C144DA0B26122:000102030405060708090A0B0C0D0E0F:776C9924D6723A1FC4524532AC3E5BEB -aes-128-ocb:000102030405060708090A0B0C0D0E0F:000102030405060708090A0B:::000102030405060708090A0B0C0D0E0F:7DDB8E6CEA6814866212509619B19CC6 -aes-128-ocb:000102030405060708090A0B0C0D0E0F:000102030405060708090A0B:000102030405060708090A0B0C0D0E0F:BEA5E8798DBE7110031C144DA0B26122::13CC8B747807121A4CBB3E4BD6B456AF -aes-128-ocb:000102030405060708090A0B0C0D0E0F:000102030405060708090A0B:000102030405060708090A0B0C0D0E0F1011121314151617:BEA5E8798DBE7110031C144DA0B26122FCFCEE7A2A8D4D48:000102030405060708090A0B0C0D0E0F1011121314151617:5FA94FC3F38820F1DC3F3D1FD4E55E1C -aes-128-ocb:000102030405060708090A0B0C0D0E0F:000102030405060708090A0B:::000102030405060708090A0B0C0D0E0F1011121314151617:282026DA3068BC9FA118681D559F10F6 -aes-128-ocb:000102030405060708090A0B0C0D0E0F:000102030405060708090A0B:000102030405060708090A0B0C0D0E0F1011121314151617:BEA5E8798DBE7110031C144DA0B26122FCFCEE7A2A8D4D48::6EF2F52587FDA0ED97DC7EEDE241DF68 -aes-128-ocb:000102030405060708090A0B0C0D0E0F:000102030405060708090A0B:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:B2A040DD3BD5164372D76D7BB6824240 -aes-128-ocb:000102030405060708090A0B0C0D0E0F:000102030405060708090A0B:::000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:E1E072633BADE51A60E85951D9C42A1B -aes-128-ocb:000102030405060708090A0B0C0D0E0F:000102030405060708090A0B:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB::4A3BAE824465CFDAF8C41FC50C7DF9D9 -aes-128-ocb:000102030405060708090A0B0C0D0E0F:000102030405060708090A0B:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627:BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB68C65778B058A635:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627:659C623211DEEA0DE30D2C381879F4C8 -aes-128-ocb:000102030405060708090A0B0C0D0E0F:000102030405060708090A0B:::000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627:7AEB7A69A1687DD082CA27B0D9A37096 -aes-128-ocb:000102030405060708090A0B0C0D0E0F:000102030405060708090A0B:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627:BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB68C65778B058A635::060C8467F4ABAB5E8B3C2067A2E115DC -#AES OCB Non standard test vectors - generated from reference implementation -aes-128-ocb:000102030405060708090A0B0C0D0E0F:000102030405060708090A0B:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627:09a4fd29de949d9a9aa9924248422097ad4883b4713e6c214ff6567ada08a96766fc4e2ee3e3a5a1:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627:1b6c44f34e3abb3cbf8976e7 -aes-128-ocb:000102030405060708090A0B0C0D0E0F:000102030405060708090A0B0C0D0E:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627:5e2fa7367ffbdb3938845cfd415fcc71ec79634eb31451609d27505f5e2978f43c44213d8fa441ee:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627:1ad62009901f40cba7cd7156f94a7324 +Cipher = aes-128-gcm +Key = 843ffcf5d2b72694d19ed01d01249412 +IV = dbcca32ebf9b804617c3aa9e +AAD = 00000000000000000000000000000000101112131415161718191a1b1c1d1e1f +Tag = 3b629ccfbc1119b7319e1dce2cd6fd6d +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f +Ciphertext = 6268c6fa2a80b2d137467f092f657ac04d89be2beaa623d61b5a868c8f03ff95d3dcee23ad2f1ab3a6c80eaf4b140eb05de3457f0fbc111a6b43d0763aa422a3013cf1dc37fe417d1fbfc449b75d4cc5 + # AES XTS test vectors from IEEE Std 1619-2007 -aes-128-xts:0000000000000000000000000000000000000000000000000000000000000000:00000000000000000000000000000000:0000000000000000000000000000000000000000000000000000000000000000:917cf69ebd68b2ec9b9fe9a3eadda692cd43d2f59598ed858c02c2652fbf922e -aes-128-xts:1111111111111111111111111111111122222222222222222222222222222222:33333333330000000000000000000000:4444444444444444444444444444444444444444444444444444444444444444:c454185e6a16936e39334038acef838bfb186fff7480adc4289382ecd6d394f0 -aes-128-xts:fffefdfcfbfaf9f8f7f6f5f4f3f2f1f022222222222222222222222222222222:33333333330000000000000000000000:4444444444444444444444444444444444444444444444444444444444444444:af85336b597afc1a900b2eb21ec949d292df4c047e0b21532186a5971a227a89 -aes-128-xts:2718281828459045235360287471352631415926535897932384626433832795:00000000000000000000000000000000:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9bab bbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff:27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad02655ea92dc4c4e41a8952c651d33174be51a10c421110e6d81588ede82103a252d8a750e8768defffed9122810aaeb99f9172af82b604dc4b8e51bcb08235a6f4341332e4ca60482a4ba1a03b3e65008fc5da76b70bf1690db4eae29c5f1badd03c5ccf2a55d705ddcd86d449511ceb7ec30bf12b1fa35b913f9f747a8afd1b130e94bff94effd01a91735ca1726acd0b197c4e5b03393697e126826fb6bbde8ecc1e08298516e2c9ed03ff3c1b7860f6de76d4cecd94c8119855ef5297ca67e9f3e7ff72b1e99785ca0a7e7720c5b36dc6d72cac9574c8cbbc2f801e23e56fd344b07f22154beba0f08ce8891e643ed995c94d9a69c9f1b5f499027a78572aeebd74d20cc39881c213ee770b1010e4bea718846977ae119f7a023ab58cca0ad752afe656bb3c17256a9f6e9bf19fd d5a38fc82bbe872c5539edb609ef4f79c203ebb140f2e583cb2ad15b4aa5b655016a8449277dbd477ef2c8d6c017db738b18deb4a427d1923ce3ff262735779a418f20a282df920147beabe421ee5319d0568 -aes-128-xts:2718281828459045235360287471352631415926535897932384626433832795:01000000000000000000000000000000:27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad02655ea92dc4c4e41a8952c651d33174be51a10c421110e6d81588ede82103a252d8a750e8768defffed9122810aaeb99f9172af82b604dc4b8e51bcb08235a6f4341332e4ca60482a4ba1a03b3e65008fc5da76b70bf1690db4eae29c5f1badd03c5ccf2a55d705ddcd86d449511ceb7ec30bf12b1fa35b913f9f747a8afd1b130e94bff94effd01a91735ca1726acd0b197c4e5b03393697e126826fb6bbde8ecc1e08298516e2c9ed03ff3c1b7860f6de76d4cecd94c8119855ef5297ca67e9f3e7ff72b1e99785ca0a7e7720c5b36dc6d72cac9574c8cbbc2f801e23e56fd344b07f22154beba0f08ce8891e643ed995c94d9a69c9f1b5f499027a78572aeebd74d20cc39881c213ee770b1010e4bea718846977ae119f7a023ab58cca0ad752afe656bb3c17256a9f6e9bf19fdd5a38fc82bbe872c5539edb609ef 4f79c203ebb140f2e583cb2ad15b4aa5b655016a8449277dbd477ef2c8d6c017db738b18deb4a427d1923ce3ff262735779a418f20a282df920147beabe421ee5319d0568:264d3ca8512194fec312c8c9891f279fefdd608d0c027b60483a3fa811d65ee59d52d9e40ec5672d81532b38b6b089ce951f0f9c35590b8b978d175213f329bb1c2fd30f2f7f30492a61a532a79f51d36f5e31a7c9a12c286082ff7d2394d18f783e1a8e72c722caaaa52d8f065657d2631fd25bfd8e5baad6e527d763517501c68c5edc3cdd55435c532d7125c8614deed9adaa3acade5888b87bef641c4c994c8091b5bcd387f3963fb5bc37aa922fbfe3df4e5b915e6eb514717bdd2a74079a5073f5c4bfd46adf7d282e7a393a52579d11a028da4d9cd9c77124f9648ee383b1ac763930e7162a8d37f350b2f74b8472cf09902063c6b32e8c2d9290cefbd7346d1c779a0df50edcde4531da07b099c638e83a755944df2aef1aa31752fd323dcb710fb4bfbb9d22b925bc3577e1b8949e729a90bbafeacf7f7879e7b1147e28ba0bae940db795a61b15ecf4df8db07b824bb062802cc98a9545bb2aaeed77cb3fc6db15dcd7d80d7d5bc406c4970a3478ada8899b329198eb61c193fb6275aa8ca340344a75a862aebe92eee1ce032fd950b47d7704a3876923b4ad62844bf4a09c4dbe8b4397184b74713 60c9564880aedddb9baa4af2e75394b08cd32ff479c57a07d3eab5d54de5f9738b8d27f27a9f0ab11799d7b7ffefb2704c95c6ad12c39f1e867a4b7b1d7818a4b753dfd2a89ccb45e001a03a867b187f225dd -aes-128-xts:2718281828459045235360287471352631415926535897932384626433832795:02000000000000000000000000000000:264d3ca8512194fec312c8c9891f279fefdd608d0c027b60483a3fa811d65ee59d52d9e40ec5672d81532b38b6b089ce951f0f9c35590b8b978d175213f329bb1c2fd30f2f7f30492a61a532a79f51d36f5e31a7c9a12c286082ff7d2394d18f783e1a8e72c722caaaa52d8f065657d2631fd25bfd8e5baad6e527d763517501c68c5edc3cdd55435c532d7125c8614deed9adaa3acade5888b87bef641c4c994c8091b5bcd387f3963fb5bc37aa922fbfe3df4e5b915e6eb514717bdd2a74079a5073f5c4bfd46adf7d282e7a393a52579d11a028da4d9cd9c77124f9648ee383b1ac763930e7162a8d37f350b2f74b8472cf09902063c6b32e8c2d9290cefbd7346d1c779a0df50edcde4531da07b099c638e83a755944df2aef1aa31752fd323dcb710fb4bfbb9d22b925bc3577e1b8949e729a90bbafeacf7f7879e7b1147e28ba0bae940db795a61b15ecf4df8db07b824bb062802cc98a9545bb2aaeed77cb3fc6db15dcd7d80d7d5bc406c4970a3478ada8899b329198eb61c193fb6275aa8ca340344a75a862aebe92eee1ce032fd950b47d7704a3876923b4ad62844bf4a09c4dbe8b4397184b7471360c9564880aedddb9baa4af2e753 94b08cd32ff479c57a07d3eab5d54de5f9738b8d27f27a9f0ab11799d7b7ffefb2704c95c6ad12c39f1e867a4b7b1d7818a4b753dfd2a89ccb45e001a03a867b187f225dd:fa762a3680b76007928ed4a4f49a9456031b704782e65e16cecb54ed7d017b5e18abd67b338e81078f21edb7868d901ebe9c731a7c18b5e6dec1d6a72e078ac9a4262f860beefa14f4e821018272e411a951502b6e79066e84252c3346f3aa62344351a291d4bedc7a07618bdea2af63145cc7a4b8d4070691ae890cd65733e7946e9021a1dffc4c59f159425ee6d50ca9b135fa6162cea18a939838dc000fb386fad086acce5ac07cb2ece7fd580b00cfa5e98589631dc25e8e2a3daf2ffdec26531659912c9d8f7a15e5865ea8fb5816d6207052bd7128cd743c12c8118791a4736811935eb982a532349e31dd401e0b660a568cb1a4711f552f55ded59f1f15bf7196b3ca12a91e488ef59d64f3a02bf45239499ac6176ae321c4a211ec545365971c5d3f4f09d4eb139bfdf2073d33180b21002b65cc9865e76cb24cd92c874c24c18350399a936ab3637079295d76c417776b94efce3a0ef7206b15110519655c956cbd8b2489405ee2b09a6b6eebe0c53790a12a8998378b33a5b71159625f4ba49d2a2fdba59fbf0897bc7aabd8d707dc140a80f0f309f835d3da54ab584e501dfa0ee977fec543f7418 6a802b9a37adb3e8291eca04d66520d229e60401e7282bef486ae059aa70696e0e305d777140a7a883ecdcb69b9ff938e8a4231864c69ca2c2043bed007ff3e605e014bcf518138dc3a25c5e236171a2d01d6 -aes-128-xts:2718281828459045235360287471352631415926535897932384626433832795:fd000000000000000000000000000000:8e41b78c390b5af9d758bb214a67e9f6bf7727b09ac6124084c37611398fa45daad94868600ed391fb1acd4857a95b466e62ef9f4b377244d1c152e7b30d731aad30c716d214b707aed99eb5b5e580b3e887cf7497465651d4b60e6042051da3693c3b78c14489543be8b6ad0ba629565bba202313ba7b0d0c94a3252b676f46cc02ce0f8a7d34c0ed229129673c1f61aed579d08a9203a25aac3a77e9db60267996db38df637356d9dcd1632e369939f2a29d89345c66e05066f1a3677aef18dea4113faeb629e46721a66d0a7e785d3e29af2594eb67dfa982affe0aac058f6e15864269b135418261fc3afb089472cf68c45dd7f231c6249ba0255e1e033833fc4d00a3fe02132d7bc3873614b8aee34273581ea0325c81f0270affa13641d052d36f0757d484014354d02d6883ca15c24d8c3956b1bd027bcf41f151fd8023c5340e5606f37e90fdb87c86fb4fa634b3718a30bace06a66eaf8f63c4aa3b637826a87fe8cfa44282e92cb1615af3a28e53bc74c7cba1a0977be9065d0c1a5dec6c54ae38d37f37aa35283e048e5530a85c4e7a29d7b92ec0c3169cdf2a805c7604bce60049b9fb7b8eaac10f51ae23794ceba68bb58112e293b 9b692ca721b37c662f8574ed4dba6f88e170881c82cddc1034a0ca7e284bf0962b6b26292d836fa9f73c1ac770eef0f2d3a1eaf61d3e03555fd424eedd67e18a18094f888:d55f684f81f4426e9fde92a5ff02df2ac896af63962888a97910c1379e20b0a3b1db613fb7fe2e07004329ea5c22bfd33e3dbe4cf58cc608c2c26c19a2e2fe22f98732c2b5cb844cc6c0702d91e1d50fc4382a7eba5635cd602432a2306ac4ce82f8d70c8d9bc15f918fe71e74c622d5cf71178bf6e0b9cc9f2b41dd8dbe441c41cd0c73a6dc47a348f6702f9d0e9b1b1431e948e299b9ec2272ab2c5f0c7be86affa5dec87a0bee81d3d50007edaa2bcfccb35605155ff36ed8edd4a40dcd4b243acd11b2b987bdbfaf91a7cac27e9c5aea525ee53de7b2d3332c8644402b823e94a7db26276d2d23aa07180f76b4fd29b9c0823099c9d62c519880aee7e9697617c1497d47bf3e571950311421b6b734d38b0db91eb85331b91ea9f61530f54512a5a52a4bad589eb69781d537f23297bb459bdad2948a29e1550bf4787e0be95bb173cf5fab17dab7a13a052a63453d97ccec1a321954886b7a1299faaeecae35c6eaaca753b041b5e5f093bf83397fd21dd6b3012066fcc058cc32c3b09d7562dee29509b5839392c9ff05f51f3166aaac4ac5f238038a3045e6f72e48ef0fe8bc675e82c318a268e439702 71bf119b81bf6a982746554f84e72b9f00280a320a08142923c23c883423ff949827f29bbacdc1ccdb04938ce6098c95ba6b32528f4ef78eed778b2e122ddfd1cbdd11d1c0a6783e011fc536d63d053260637 -aes-128-xts:2718281828459045235360287471352631415926535897932384626433832795:fe000000000000000000000000000000:d55f684f81f4426e9fde92a5ff02df2ac896af63962888a97910c1379e20b0a3b1db613fb7fe2e07004329ea5c22bfd33e3dbe4cf58cc608c2c26c19a2e2fe22f98732c2b5cb844cc6c0702d91e1d50fc4382a7eba5635cd602432a2306ac4ce82f8d70c8d9bc15f918fe71e74c622d5cf71178bf6e0b9cc9f2b41dd8dbe441c41cd0c73a6dc47a348f6702f9d0e9b1b1431e948e299b9ec2272ab2c5f0c7be86affa5dec87a0bee81d3d50007edaa2bcfccb35605155ff36ed8edd4a40dcd4b243acd11b2b987bdbfaf91a7cac27e9c5aea525ee53de7b2d3332c8644402b823e94a7db26276d2d23aa07180f76b4fd29b9c0823099c9d62c519880aee7e9697617c1497d47bf3e571950311421b6b734d38b0db91eb85331b91ea9f61530f54512a5a52a4bad589eb69781d537f23297bb459bdad2948a29e1550bf4787e0be95bb173cf5fab17dab7a13a052a63453d97ccec1a321954886b7a1299faaeecae35c6eaaca753b041b5e5f093bf83397fd21dd6b3012066fcc058cc32c3b09d7562dee29509b5839392c9ff05f51f3166aaac4ac5f238038a3045e6f72e48ef0fe8bc675e82c318a268e43970271bf119b81bf6a982746554f84e7 2b9f00280a320a08142923c23c883423ff949827f29bbacdc1ccdb04938ce6098c95ba6b32528f4ef78eed778b2e122ddfd1cbdd11d1c0a6783e011fc536d63d053260637:72efc1ebfe1ee25975a6eb3aa8589dda2b261f1c85bdab442a9e5b2dd1d7c3957a16fc08e526d4b1223f1b1232a11af274c3d70dac57f83e0983c498f1a6f1aecb021c3e70085a1e527f1ce41ee5911a82020161529cd82773762daf5459de94a0a82adae7e1703c808543c29ed6fb32d9e004327c1355180c995a07741493a09c21ba01a387882da4f62534b87bb15d60d197201c0fd3bf30c1500a3ecfecdd66d8721f90bcc4c17ee925c61b0a03727a9c0d5f5ca462fbfa0af1c2513a9d9d4b5345bd27a5f6e653f751693e6b6a2b8ead57d511e00e58c45b7b8d005af79288f5c7c22fd4f1bf7a898b03a5634c6a1ae3f9fae5de4f296a2896b23e7ed43ed14fa5a2803f4d28f0d3ffcf24757677aebdb47bb388378708948a8d4126ed1839e0da29a537a8c198b3c66ab00712dd261674bf45a73d67f76914f830ca014b65596f27e4cf62de66125a5566df9975155628b400fbfb3a29040ed50faffdbb18aece7c5c44693260aab386c0a37b11b114f1c415aebb653be468179428d43a4d8bc3ec38813eca30a13cf1bb18d524f1992d44d8b1a42ea30b22e6c95b199d8d182f8840b09d059585c31ad69 1fa0619ff038aca2c39a943421157361717c49d322028a74648113bd8c9d7ec77cf3c89c1ec8718ceff8516d96b34c3c614f10699c9abc4ed0411506223bea16af35c883accdbe1104eef0cfdb54e12fb230a -aes-128-xts:2718281828459045235360287471352631415926535897932384626433832795:ff000000000000000000000000000000:72efc1ebfe1ee25975a6eb3aa8589dda2b261f1c85bdab442a9e5b2dd1d7c3957a16fc08e526d4b1223f1b1232a11af274c3d70dac57f83e0983c498f1a6f1aecb021c3e70085a1e527f1ce41ee5911a82020161529cd82773762daf5459de94a0a82adae7e1703c808543c29ed6fb32d9e004327c1355180c995a07741493a09c21ba01a387882da4f62534b87bb15d60d197201c0fd3bf30c1500a3ecfecdd66d8721f90bcc4c17ee925c61b0a03727a9c0d5f5ca462fbfa0af1c2513a9d9d4b5345bd27a5f6e653f751693e6b6a2b8ead57d511e00e58c45b7b8d005af79288f5c7c22fd4f1bf7a898b03a5634c6a1ae3f9fae5de4f296a2896b23e7ed43ed14fa5a2803f4d28f0d3ffcf24757677aebdb47bb388378708948a8d4126ed1839e0da29a537a8c198b3c66ab00712dd261674bf45a73d67f76914f830ca014b65596f27e4cf62de66125a5566df9975155628b400fbfb3a29040ed50faffdbb18aece7c5c44693260aab386c0a37b11b114f1c415aebb653be468179428d43a4d8bc3ec38813eca30a13cf1bb18d524f1992d44d8b1a42ea30b22e6c95b199d8d182f8840b09d059585c31ad691fa0619ff038aca2c39a94342115 7361717c49d322028a74648113bd8c9d7ec77cf3c89c1ec8718ceff8516d96b34c3c614f10699c9abc4ed0411506223bea16af35c883accdbe1104eef0cfdb54e12fb230a:3260ae8dad1f4a32c5cafe3ab0eb95549d461a67ceb9e5aa2d3afb62dece0553193ba50c75be251e08d1d08f1088576c7efdfaaf3f459559571e12511753b07af073f35da06af0ce0bbf6b8f5ccc5cea500ec1b211bd51f63b606bf6528796ca12173ba39b8935ee44ccce646f90a45bf9ccc567f0ace13dc2d53ebeedc81f58b2e41179dddf0d5a5c42f5d8506c1a5d2f8f59f3ea873cbcd0eec19acbf325423bd3dcb8c2b1bf1d1eaed0eba7f0698e4314fbeb2f1566d1b9253008cbccf45a2b0d9c5c9c21474f4076e02be26050b99dee4fd68a4cf890e496e4fcae7b70f94ea5a9062da0daeba1993d2ccd1dd3c244b8428801495a58b216547e7e847c46d1d756377b6242d2e5fb83bf752b54e0df71e889f3a2bb0f4c10805bf3c590376e3c24e22ff57f7fa965577375325cea5d920db94b9c336b455f6e894c01866fe9fbb8c8d3f70a2957285f6dfb5dcd8cbf54782f8fe7766d4723819913ac773421e3a31095866bad22c86a6036b2518b2059b4229d18c8c2ccbdf906c6cc6e82464ee57bddb0bebcb1dc645325bfb3e665ef7251082c88ebb1cf203bd779fdd38675713c8daadd17e1cabee432b 09787b6ddf3304e38b731b45df5df51b78fcfb3d32466028d0ba36555e7e11ab0ee0666061d1645d962444bc47a38188930a84b4d561395c73c087021927ca638b7afc8a8679ccb84c26555440ec7f10445cd - -aes-256-xts:27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592:ff000000000000000000000000000000:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9 b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff:1c3b3a102f770386e4836c99e370cf9bea00803f5e482357a4ae12d414a3e63b5d31e276f8fe4a8d66b317f9ac683f44680a86ac35adfc3345befecb4bb188fd5776926c49a3095eb108fd1098baec70aaa66999a72a82f27d848b21d4a741b0c5cd4d5fff9dac89aeba122961d03a757123e9870f8acf1000020887891429ca2a3e7a7d7df7b10355165c8b9a6d0a7de8b062c4500dc4cd120c0f7418dae3d0b5781c34803fa75421c790dfe1de1834f280d7667b327f6c8cd7557e12ac3a0f93ec05c52e0493ef31a12d3d9260f79a289d6a379bc70c50841473d1a8cc81ec583e9645e07b8d9670655ba5bbcfecc6dc3966380ad8fecb17b6ba02469a020a84e18e8f84252070c13e9f1f289be54fbc481457778f616015e1327a02b140f1505eb309326d68378f8374595c849d84f4c333ec4423885143cb47bd71c5edae9be69a2ffeceb1bec9de244fbe15992b11b77c040f12bd8f6a975a44a0f90c29a9abc3d4d893927284c58754cce294529f8614dcd2aba991925fedc4ae74ffac6e333b93eb4aff0479da9a410e4 450e0dd7ae4c6e2910900575da401fc07059f645e8b7e9bfdef33943054ff84011493c27b3429eaedb4ed5376441a77ed43851ad77f16f541dfd269d50d6a5f14fb0aab1cbb4c1550be97f7ab4066193c4caa773dad38014bd2092fa755c824bb5e54c4f36ffda9fcea70b9c6e693e148c151 -aes-256-xts:27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592:ffff0000000000000000000000000000:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9 b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff:77a31251618a15e6b92d1d66dffe7b50b50bad552305ba0217a610688eff7e11e1d0225438e093242d6db274fde801d4cae06f2092c728b2478559df58e837c2469ee4a4fa794e4bbc7f39bc026e3cb72c33b0888f25b4acf56a2a9804f1ce6d3d6e1dc6ca181d4b546179d55544aa7760c40d06741539c7e3cd9d2f6650b2013fd0eeb8c2b8e3d8d240ccae2d4c98320a7442e1c8d75a42d6e6cfa4c2eca1798d158c7aecdf82490f24bb9b38e108bcda12c3faf9a21141c3613b58367f922aaa26cd22f23d708dae699ad7cb40a8ad0b6e2784973dcb605684c08b8d6998c69aac049921871ebb65301a4619ca80ecb485a31d744223ce8ddc2394828d6a80470c092f5ba413c3378fa6054255c6f9df4495862bbb3287681f931b687c888abf844dfc8fc28331e579928cd12bd2390ae123cf03818d14dedde5c0c24c8ab018bfca75ca096f2d531f3d1619e785f1ada437cab92e980558b3dce1474afb75bfedbf8ff54cb2618e0244c9ac0d3c66fb51598cd2db11f9be39791abe447c63094f7c453b7ff87cb5bb36b7c79 efb0872d17058b83b15ab0866ad8a58656c5a7e20dbdf308b2461d97c0ec0024a2715055249cf3b478ddd4740de654f75ca686e0d7345c69ed50cdc2a8b332b1f8824108ac937eb050585608ee734097fc09054fbff89eeaeea791f4a7ab1f9868294a4f9e27b42af8100cb9d59cef9645803 -aes-256-xts:27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592:ffffff00000000000000000000000000:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9 b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff:e387aaa58ba483afa7e8eb469778317ecf4cf573aa9d4eac23f2cdf914e4e200a8b490e42ee646802dc6ee2b471b278195d60918ececb44bf79966f83faba0499298ebc699c0c8634715a320bb4f075d622e74c8c932004f25b41e361025b5a87815391f6108fc4afa6a05d9303c6ba68a128a55705d415985832fdeaae6c8e19110e84d1b1f199a2692119edc96132658f09da7c623efcec712537a3d94c0bf5d7e352ec94ae5797fdb377dc1551150721adf15bd26a8efc2fcaad56881fa9e62462c28f30ae1ceaca93c345cf243b73f542e2074a705bd2643bb9f7cc79bb6e7091ea6e232df0f9ad0d6cf502327876d82207abf2115cdacf6d5a48f6c1879a65b115f0f8b3cb3c59d15dd8c769bc014795a1837f3901b5845eb491adfefe097b1fa30a12fc1f65ba22905031539971a10f2f36c321bb51331cdefb39e3964c7ef079994f5b69b2edd83a71ef549971ee93f44eac3938fcdd61d01fa71799da3a8091c4c48aa9ed263ff0749df95d44fef6a0bb578ec69456aa5408ae32c7af08ad7ba8921287e3bbee31b767 be06a0e705c864a769137df28292283ea81a2480241b44d9921cdbec1bc28dc1fda114bd8e5217ac9d8ebafa720e9da4f9ace231cc949e5b96fe76ffc21063fddc83a6b8679c00d35e09576a875305bed5f36ed242c8900dd1fa965bc950dfce09b132263a1eef52dd6888c309f5a7d712826 -aes-256-xts:27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592:ffffffff000000000000000000000000:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9 b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff:bf53d2dade78e822a4d949a9bc6766b01b06a8ef70d26748c6a7fc36d80ae4c5520f7c4ab0ac8544424fa405162fef5a6b7f229498063618d39f0003cb5fb8d1c86b643497da1ff945c8d3bedeca4f479702a7a735f043ddb1d6aaade3c4a0ac7ca7f3fa5279bef56f82cd7a2f38672e824814e10700300a055e1630b8f1cb0e919f5e942010a416e2bf48cb46993d3cb6a51c19bacf864785a00bc2ecff15d350875b246ed53e68be6f55bd7e05cfc2b2ed6432198a6444b6d8c247fab941f569768b5c429366f1d3f00f0345b96123d56204c01c63b22ce78baf116e525ed90fdea39fa469494d3866c31e05f295ff21fea8d4e6e13d67e47ce722e9698a1c1048d68ebcde76b86fcf976eab8aa9790268b7068e017a8b9b749409514f1053027fd16c3786ea1bac5f15cb79711ee2abe82f5cf8b13ae73030ef5b9e4457e75d1304f988d62dd6fc4b94ed38ba831da4b7634971b6cd8ec325d9c61c00f1df73627ed3745a5e8489f3a95c69639c32cd6e1d537a85f75cc844726e8a72fc0077ad22000f1d5078f6b866318c6 68f1ad03d5a5fced5219f2eabbd0aa5c0f460d183f04404a0d6f469558e81fab24a167905ab4c7878502ad3e38fdbe62a41556cec37325759533ce8f25f367c87bb5578d667ae93f9e2fd99bcbc5f2fbba88cf6516139420fcff3b7361d86322c4bd84c82f335abb152c4a93411373aaa8220 -aes-256-xts:27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592:ffffffffff0000000000000000000000:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9 b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff:64497e5a831e4a932c09be3e5393376daa599548b816031d224bbf50a818ed2350eae7e96087c8a0db51ad290bd00c1ac1620857635bf246c176ab463be30b808da548081ac847b158e1264be25bb0910bbc92647108089415d45fab1b3d2604e8a8eff1ae4020cfa39936b66827b23f371b92200be90251e6d73c5f86de5fd4a950781933d79a28272b782a2ec313efdfcc0628f43d744c2dc2ff3dcb66999b50c7ca895b0c64791eeaa5f29499fb1c026f84ce5b5c72ba1083cddb5ce45434631665c333b60b11593fb253c5179a2c8db813782a004856a1653011e93fb6d876c18366dd8683f53412c0c180f9c848592d593f8609ca736317d356e13e2bff3a9f59cd9aeb19cd482593d8c46128bb32423b37a9adfb482b99453fbe25a41bf6feb4aa0bef5ed24bf73c762978025482c13115e4015aac992e5613a3b5c2f685b84795cb6e9b2656d8c88157e52c42f978d8634c43d06fea928f2822e465aa6576e9bf419384506cc3ce3c54ac1a6f67dc66f3b30191e698380bc999b05abce19dc0c6dcc2dd001ec535ba18d eb2df1a101023108318c75dc98611a09dc48a0acdec676fabdf222f07e026f059b672b56e5cbc8e1d21bbd867dd927212054681d70ea737134cdfce93b6f82ae22423274e58a0821cc5502e2d0ab4585e94de6975be5e0b4efce51cd3e70c25a1fbbbd609d273ad5b0d59631c531f6a0a57b9 - -aes-128-xts:fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0:9a785634120000000000000000000000:000102030405060708090a0b0c0d0e0f10:6c1625db4671522d3d7599601de7ca09ed -aes-128-xts:fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0:9a785634120000000000000000000000:000102030405060708090a0b0c0d0e0f1011:d069444b7a7e0cab09e24447d24deb1fedbf -aes-128-xts:fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0:9a785634120000000000000000000000:000102030405060708090a0b0c0d0e0f101112:e5df1351c0544ba1350b3363cd8ef4beedbf9d -aes-128-xts:fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0:9a785634120000000000000000000000:000102030405060708090a0b0c0d0e0f10111213:9d84c813f719aa2c7be3f66171c7c5c2edbf9dac -aes-128-xts:e0e1e2e3e4e5e6e7e8e9eaebecedeeefc0c1c2c3c4c5c6c7c8c9cacbcccdcecf:21436587a90000000000000000000000:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9bab bbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff:38b45812ef43a05bd957e545907e223b954ab4aaf088303ad910eadf14b42be68b2461149d8c8ba85f992be970bc621f1b06573f63e867bf5875acafa04e42ccbd7bd3c2a0fb1fff791ec5ec36c66ae4ac1e806d81fbf709dbe29e471fad38549c8e66f5345d7c1eb94f405d1ec785cc6f6a68f6254dd8339f9d84057e01a17741990482999516b5611a38f41bb6478e6f173f320805dd71b1932fc333cb9ee39936beea9ad96fa10fb4112b901734ddad40bc1878995f8e11aee7d141a2f5d48b7a4e1e7f0b2c04830e69a4fd1378411c2f287edf48c6c4e5c247a19680f7fe41cefbd49b582106e3616cbbe4dfb2344b2ae9519391f3e0fb4922254b1d6d2d19c6d4d537b3a26f3bcc51588b32f3eca0829b6a5ac72578fb814fb43cf80d64a233e3f997a3f02683342f2b33d25b492536b93becb2f5e1a8b82f5b883342729e8ae09d16938841a21a97fb543eea3bbff59f13c1a18449e398701c1ad51648346cbc04c27bb2da3b93a1372ccae548fb53bee476f9e9c91773b1bb19828394d55d3e1a20ed69113a860b6829ffa847224604435070221b257e8dff783615d2cae4803a93aa4334ab482a0afac 9c0aeda70b45a481df5dec5df8cc0f423c77a5fd46cd312021d4b438862419a791be03bb4d97c0e59578542531ba466a83baf92cefc151b5cc1611a167893819b63fb8a6b18e86de60290fa72b797b0ce59f3 +Cipher = aes-128-xts +Key = 0000000000000000000000000000000000000000000000000000000000000000 +IV = 00000000000000000000000000000000 +Plaintext = 0000000000000000000000000000000000000000000000000000000000000000 +Ciphertext = 917cf69ebd68b2ec9b9fe9a3eadda692cd43d2f59598ed858c02c2652fbf922e + +Cipher = aes-128-xts +Key = 1111111111111111111111111111111122222222222222222222222222222222 +IV = 33333333330000000000000000000000 +Plaintext = 4444444444444444444444444444444444444444444444444444444444444444 +Ciphertext = c454185e6a16936e39334038acef838bfb186fff7480adc4289382ecd6d394f0 + +Cipher = aes-128-xts +Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f022222222222222222222222222222222 +IV = 33333333330000000000000000000000 +Plaintext = 4444444444444444444444444444444444444444444444444444444444444444 +Ciphertext = af85336b597afc1a900b2eb21ec949d292df4c047e0b21532186a5971a227a89 + +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = 00000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebe cedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff +Ciphertext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad02655ea92dc4c4e41a8952c651d33174be51a10c421110e6d81588ede82103a252d8a750e8768defffed9122810aaeb99f9172af82b604dc4b8e51bcb08235a6f4341332e4ca60482a4ba1a03b3e65008fc5da76b70bf1690db4eae29c5f1badd03c5ccf2a55d705ddcd86d449511ceb7ec30bf12b1fa35b913f9f747a8afd1b130e94bff94effd01a91735ca1726acd0b197c4e5b03393697e126826fb6bbde8ecc1e08298516e2c9ed03ff3c1b7860f6de76d4cecd94c8119855ef5297ca67e9f3e7ff72b1e99785ca0a7e7720c5b36dc6d72cac9574c8cbbc2f801e23e56fd344b07f22154beba0f08ce8891e643ed995c94d9a69c9f1b5f499027a78572aeebd74d20cc39881c213ee770b1010e4bea718846977ae119f7a023ab58cca0ad752afe656bb3c17256a9f6e9bf19fdd5a38fc82bbe872c5539edb609ef4f79c203ebb140f2e583cb2ad15b4aa5b655016a8449277dbd477ef2c8d6c017db738b18deb4a427d1923ce3ff2627357 79a418f20a282df920147beabe421ee5319d0568 + +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = 01000000000000000000000000000000 +Plaintext = 27a7479befa1d476489f308cd4cfa6e2a96e4bbe3208ff25287dd3819616e89cc78cf7f5e543445f8333d8fa7f56000005279fa5d8b5e4ad40e736ddb4d35412328063fd2aab53e5ea1e0a9f332500a5df9487d07a5c92cc512c8866c7e860ce93fdf166a24912b422976146ae20ce846bb7dc9ba94a767aaef20c0d61ad02655ea92dc4c4e41a8952c651d33174be51a10c421110e6d81588ede82103a252d8a750e8768defffed9122810aaeb99f9172af82b604dc4b8e51bcb08235a6f4341332e4ca60482a4ba1a03b3e65008fc5da76b70bf1690db4eae29c5f1badd03c5ccf2a55d705ddcd86d449511ceb7ec30bf12b1fa35b913f9f747a8afd1b130e94bff94effd01a91735ca1726acd0b197c4e5b03393697e126826fb6bbde8ecc1e08298516e2c9ed03ff3c1b7860f6de76d4cecd94c8119855ef5297ca67e9f3e7ff72b1e99785ca0a7e7720c5b36dc6d72cac9574c8cbbc2f801e23e56fd344b07f22154beba0f08ce8891e643ed995c94d9a69c9f1b5f499027a78572aeebd74d20cc39881c213ee770b1010e4bea718846977ae119f7a023ab58cca0ad752afe656bb3c17256a9f6e9bf19fdd5a38fc82bbe872c5539edb609ef4f79c203ebb140f2e583cb2ad15b4aa5b655016a8449277dbd477ef2c8d6c017db738b18deb4a427d1923ce3ff26273577 9a418f20a282df920147beabe421ee5319d0568 +Ciphertext = 264d3ca8512194fec312c8c9891f279fefdd608d0c027b60483a3fa811d65ee59d52d9e40ec5672d81532b38b6b089ce951f0f9c35590b8b978d175213f329bb1c2fd30f2f7f30492a61a532a79f51d36f5e31a7c9a12c286082ff7d2394d18f783e1a8e72c722caaaa52d8f065657d2631fd25bfd8e5baad6e527d763517501c68c5edc3cdd55435c532d7125c8614deed9adaa3acade5888b87bef641c4c994c8091b5bcd387f3963fb5bc37aa922fbfe3df4e5b915e6eb514717bdd2a74079a5073f5c4bfd46adf7d282e7a393a52579d11a028da4d9cd9c77124f9648ee383b1ac763930e7162a8d37f350b2f74b8472cf09902063c6b32e8c2d9290cefbd7346d1c779a0df50edcde4531da07b099c638e83a755944df2aef1aa31752fd323dcb710fb4bfbb9d22b925bc3577e1b8949e729a90bbafeacf7f7879e7b1147e28ba0bae940db795a61b15ecf4df8db07b824bb062802cc98a9545bb2aaeed77cb3fc6db15dcd7d80d7d5bc406c4970a3478ada8899b329198eb61c193fb6275aa8ca340344a75a862aebe92eee1ce032fd950b47d7704a3876923b4ad62844bf4a09c4dbe8b4397184b7471360c9564880aedddb9baa4af2e75394b08cd32ff479c57a07d3eab5d54de5f9738b8d27f27a9f0ab11799d7b7ffefb2704c95c6ad12c39f1e867a4b7b1d781 8a4b753dfd2a89ccb45e001a03a867b187f225dd + +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = 02000000000000000000000000000000 +Plaintext = 264d3ca8512194fec312c8c9891f279fefdd608d0c027b60483a3fa811d65ee59d52d9e40ec5672d81532b38b6b089ce951f0f9c35590b8b978d175213f329bb1c2fd30f2f7f30492a61a532a79f51d36f5e31a7c9a12c286082ff7d2394d18f783e1a8e72c722caaaa52d8f065657d2631fd25bfd8e5baad6e527d763517501c68c5edc3cdd55435c532d7125c8614deed9adaa3acade5888b87bef641c4c994c8091b5bcd387f3963fb5bc37aa922fbfe3df4e5b915e6eb514717bdd2a74079a5073f5c4bfd46adf7d282e7a393a52579d11a028da4d9cd9c77124f9648ee383b1ac763930e7162a8d37f350b2f74b8472cf09902063c6b32e8c2d9290cefbd7346d1c779a0df50edcde4531da07b099c638e83a755944df2aef1aa31752fd323dcb710fb4bfbb9d22b925bc3577e1b8949e729a90bbafeacf7f7879e7b1147e28ba0bae940db795a61b15ecf4df8db07b824bb062802cc98a9545bb2aaeed77cb3fc6db15dcd7d80d7d5bc406c4970a3478ada8899b329198eb61c193fb6275aa8ca340344a75a862aebe92eee1ce032fd950b47d7704a3876923b4ad62844bf4a09c4dbe8b4397184b7471360c9564880aedddb9baa4af2e75394b08cd32ff479c57a07d3eab5d54de5f9738b8d27f27a9f0ab11799d7b7ffefb2704c95c6ad12c39f1e867a4b7b1d7818 a4b753dfd2a89ccb45e001a03a867b187f225dd +Ciphertext = fa762a3680b76007928ed4a4f49a9456031b704782e65e16cecb54ed7d017b5e18abd67b338e81078f21edb7868d901ebe9c731a7c18b5e6dec1d6a72e078ac9a4262f860beefa14f4e821018272e411a951502b6e79066e84252c3346f3aa62344351a291d4bedc7a07618bdea2af63145cc7a4b8d4070691ae890cd65733e7946e9021a1dffc4c59f159425ee6d50ca9b135fa6162cea18a939838dc000fb386fad086acce5ac07cb2ece7fd580b00cfa5e98589631dc25e8e2a3daf2ffdec26531659912c9d8f7a15e5865ea8fb5816d6207052bd7128cd743c12c8118791a4736811935eb982a532349e31dd401e0b660a568cb1a4711f552f55ded59f1f15bf7196b3ca12a91e488ef59d64f3a02bf45239499ac6176ae321c4a211ec545365971c5d3f4f09d4eb139bfdf2073d33180b21002b65cc9865e76cb24cd92c874c24c18350399a936ab3637079295d76c417776b94efce3a0ef7206b15110519655c956cbd8b2489405ee2b09a6b6eebe0c53790a12a8998378b33a5b71159625f4ba49d2a2fdba59fbf0897bc7aabd8d707dc140a80f0f309f835d3da54ab584e501dfa0ee977fec543f74186a802b9a37adb3e8291eca04d66520d229e60401e7282bef486ae059aa70696e0e305d777140a7a883ecdcb69b9ff938e8a4231864c69ca2c2043bed007ff 3e605e014bcf518138dc3a25c5e236171a2d01d6 + +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = fd000000000000000000000000000000 +Plaintext = 8e41b78c390b5af9d758bb214a67e9f6bf7727b09ac6124084c37611398fa45daad94868600ed391fb1acd4857a95b466e62ef9f4b377244d1c152e7b30d731aad30c716d214b707aed99eb5b5e580b3e887cf7497465651d4b60e6042051da3693c3b78c14489543be8b6ad0ba629565bba202313ba7b0d0c94a3252b676f46cc02ce0f8a7d34c0ed229129673c1f61aed579d08a9203a25aac3a77e9db60267996db38df637356d9dcd1632e369939f2a29d89345c66e05066f1a3677aef18dea4113faeb629e46721a66d0a7e785d3e29af2594eb67dfa982affe0aac058f6e15864269b135418261fc3afb089472cf68c45dd7f231c6249ba0255e1e033833fc4d00a3fe02132d7bc3873614b8aee34273581ea0325c81f0270affa13641d052d36f0757d484014354d02d6883ca15c24d8c3956b1bd027bcf41f151fd8023c5340e5606f37e90fdb87c86fb4fa634b3718a30bace06a66eaf8f63c4aa3b637826a87fe8cfa44282e92cb1615af3a28e53bc74c7cba1a0977be9065d0c1a5dec6c54ae38d37f37aa35283e048e5530a85c4e7a29d7b92ec0c3169cdf2a805c7604bce60049b9fb7b8eaac10f51ae23794ceba68bb58112e293b9b692ca721b37c662f8574ed4dba6f88e170881c82cddc1034a0ca7e284bf0962b6b26292d836fa9f73c1ac770eef0f2d3 a1eaf61d3e03555fd424eedd67e18a18094f888 +Ciphertext = d55f684f81f4426e9fde92a5ff02df2ac896af63962888a97910c1379e20b0a3b1db613fb7fe2e07004329ea5c22bfd33e3dbe4cf58cc608c2c26c19a2e2fe22f98732c2b5cb844cc6c0702d91e1d50fc4382a7eba5635cd602432a2306ac4ce82f8d70c8d9bc15f918fe71e74c622d5cf71178bf6e0b9cc9f2b41dd8dbe441c41cd0c73a6dc47a348f6702f9d0e9b1b1431e948e299b9ec2272ab2c5f0c7be86affa5dec87a0bee81d3d50007edaa2bcfccb35605155ff36ed8edd4a40dcd4b243acd11b2b987bdbfaf91a7cac27e9c5aea525ee53de7b2d3332c8644402b823e94a7db26276d2d23aa07180f76b4fd29b9c0823099c9d62c519880aee7e9697617c1497d47bf3e571950311421b6b734d38b0db91eb85331b91ea9f61530f54512a5a52a4bad589eb69781d537f23297bb459bdad2948a29e1550bf4787e0be95bb173cf5fab17dab7a13a052a63453d97ccec1a321954886b7a1299faaeecae35c6eaaca753b041b5e5f093bf83397fd21dd6b3012066fcc058cc32c3b09d7562dee29509b5839392c9ff05f51f3166aaac4ac5f238038a3045e6f72e48ef0fe8bc675e82c318a268e43970271bf119b81bf6a982746554f84e72b9f00280a320a08142923c23c883423ff949827f29bbacdc1ccdb04938ce6098c95ba6b32528f4ef78eed778b2e122dd fd1cbdd11d1c0a6783e011fc536d63d053260637 + +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = fe000000000000000000000000000000 +Plaintext = d55f684f81f4426e9fde92a5ff02df2ac896af63962888a97910c1379e20b0a3b1db613fb7fe2e07004329ea5c22bfd33e3dbe4cf58cc608c2c26c19a2e2fe22f98732c2b5cb844cc6c0702d91e1d50fc4382a7eba5635cd602432a2306ac4ce82f8d70c8d9bc15f918fe71e74c622d5cf71178bf6e0b9cc9f2b41dd8dbe441c41cd0c73a6dc47a348f6702f9d0e9b1b1431e948e299b9ec2272ab2c5f0c7be86affa5dec87a0bee81d3d50007edaa2bcfccb35605155ff36ed8edd4a40dcd4b243acd11b2b987bdbfaf91a7cac27e9c5aea525ee53de7b2d3332c8644402b823e94a7db26276d2d23aa07180f76b4fd29b9c0823099c9d62c519880aee7e9697617c1497d47bf3e571950311421b6b734d38b0db91eb85331b91ea9f61530f54512a5a52a4bad589eb69781d537f23297bb459bdad2948a29e1550bf4787e0be95bb173cf5fab17dab7a13a052a63453d97ccec1a321954886b7a1299faaeecae35c6eaaca753b041b5e5f093bf83397fd21dd6b3012066fcc058cc32c3b09d7562dee29509b5839392c9ff05f51f3166aaac4ac5f238038a3045e6f72e48ef0fe8bc675e82c318a268e43970271bf119b81bf6a982746554f84e72b9f00280a320a08142923c23c883423ff949827f29bbacdc1ccdb04938ce6098c95ba6b32528f4ef78eed778b2e122ddf d1cbdd11d1c0a6783e011fc536d63d053260637 +Ciphertext = 72efc1ebfe1ee25975a6eb3aa8589dda2b261f1c85bdab442a9e5b2dd1d7c3957a16fc08e526d4b1223f1b1232a11af274c3d70dac57f83e0983c498f1a6f1aecb021c3e70085a1e527f1ce41ee5911a82020161529cd82773762daf5459de94a0a82adae7e1703c808543c29ed6fb32d9e004327c1355180c995a07741493a09c21ba01a387882da4f62534b87bb15d60d197201c0fd3bf30c1500a3ecfecdd66d8721f90bcc4c17ee925c61b0a03727a9c0d5f5ca462fbfa0af1c2513a9d9d4b5345bd27a5f6e653f751693e6b6a2b8ead57d511e00e58c45b7b8d005af79288f5c7c22fd4f1bf7a898b03a5634c6a1ae3f9fae5de4f296a2896b23e7ed43ed14fa5a2803f4d28f0d3ffcf24757677aebdb47bb388378708948a8d4126ed1839e0da29a537a8c198b3c66ab00712dd261674bf45a73d67f76914f830ca014b65596f27e4cf62de66125a5566df9975155628b400fbfb3a29040ed50faffdbb18aece7c5c44693260aab386c0a37b11b114f1c415aebb653be468179428d43a4d8bc3ec38813eca30a13cf1bb18d524f1992d44d8b1a42ea30b22e6c95b199d8d182f8840b09d059585c31ad691fa0619ff038aca2c39a943421157361717c49d322028a74648113bd8c9d7ec77cf3c89c1ec8718ceff8516d96b34c3c614f10699c9abc4ed0411506223be a16af35c883accdbe1104eef0cfdb54e12fb230a + +Cipher = aes-128-xts +Key = 2718281828459045235360287471352631415926535897932384626433832795 +IV = ff000000000000000000000000000000 +Plaintext = 72efc1ebfe1ee25975a6eb3aa8589dda2b261f1c85bdab442a9e5b2dd1d7c3957a16fc08e526d4b1223f1b1232a11af274c3d70dac57f83e0983c498f1a6f1aecb021c3e70085a1e527f1ce41ee5911a82020161529cd82773762daf5459de94a0a82adae7e1703c808543c29ed6fb32d9e004327c1355180c995a07741493a09c21ba01a387882da4f62534b87bb15d60d197201c0fd3bf30c1500a3ecfecdd66d8721f90bcc4c17ee925c61b0a03727a9c0d5f5ca462fbfa0af1c2513a9d9d4b5345bd27a5f6e653f751693e6b6a2b8ead57d511e00e58c45b7b8d005af79288f5c7c22fd4f1bf7a898b03a5634c6a1ae3f9fae5de4f296a2896b23e7ed43ed14fa5a2803f4d28f0d3ffcf24757677aebdb47bb388378708948a8d4126ed1839e0da29a537a8c198b3c66ab00712dd261674bf45a73d67f76914f830ca014b65596f27e4cf62de66125a5566df9975155628b400fbfb3a29040ed50faffdbb18aece7c5c44693260aab386c0a37b11b114f1c415aebb653be468179428d43a4d8bc3ec38813eca30a13cf1bb18d524f1992d44d8b1a42ea30b22e6c95b199d8d182f8840b09d059585c31ad691fa0619ff038aca2c39a943421157361717c49d322028a74648113bd8c9d7ec77cf3c89c1ec8718ceff8516d96b34c3c614f10699c9abc4ed0411506223bea 16af35c883accdbe1104eef0cfdb54e12fb230a +Ciphertext = 3260ae8dad1f4a32c5cafe3ab0eb95549d461a67ceb9e5aa2d3afb62dece0553193ba50c75be251e08d1d08f1088576c7efdfaaf3f459559571e12511753b07af073f35da06af0ce0bbf6b8f5ccc5cea500ec1b211bd51f63b606bf6528796ca12173ba39b8935ee44ccce646f90a45bf9ccc567f0ace13dc2d53ebeedc81f58b2e41179dddf0d5a5c42f5d8506c1a5d2f8f59f3ea873cbcd0eec19acbf325423bd3dcb8c2b1bf1d1eaed0eba7f0698e4314fbeb2f1566d1b9253008cbccf45a2b0d9c5c9c21474f4076e02be26050b99dee4fd68a4cf890e496e4fcae7b70f94ea5a9062da0daeba1993d2ccd1dd3c244b8428801495a58b216547e7e847c46d1d756377b6242d2e5fb83bf752b54e0df71e889f3a2bb0f4c10805bf3c590376e3c24e22ff57f7fa965577375325cea5d920db94b9c336b455f6e894c01866fe9fbb8c8d3f70a2957285f6dfb5dcd8cbf54782f8fe7766d4723819913ac773421e3a31095866bad22c86a6036b2518b2059b4229d18c8c2ccbdf906c6cc6e82464ee57bddb0bebcb1dc645325bfb3e665ef7251082c88ebb1cf203bd779fdd38675713c8daadd17e1cabee432b09787b6ddf3304e38b731b45df5df51b78fcfb3d32466028d0ba36555e7e11ab0ee0666061d1645d962444bc47a38188930a84b4d561395c73c087021927c a638b7afc8a8679ccb84c26555440ec7f10445cd + + +Cipher = aes-256-xts +Key = 27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592 +IV = ff000000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebe cedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff +Ciphertext = 1c3b3a102f770386e4836c99e370cf9bea00803f5e482357a4ae12d414a3e63b5d31e276f8fe4a8d66b317f9ac683f44680a86ac35adfc3345befecb4bb188fd5776926c49a3095eb108fd1098baec70aaa66999a72a82f27d848b21d4a741b0c5cd4d5fff9dac89aeba122961d03a757123e9870f8acf1000020887891429ca2a3e7a7d7df7b10355165c8b9a6d0a7de8b062c4500dc4cd120c0f7418dae3d0b5781c34803fa75421c790dfe1de1834f280d7667b327f6c8cd7557e12ac3a0f93ec05c52e0493ef31a12d3d9260f79a289d6a379bc70c50841473d1a8cc81ec583e9645e07b8d9670655ba5bbcfecc6dc3966380ad8fecb17b6ba02469a020a84e18e8f84252070c13e9f1f289be54fbc481457778f616015e1327a02b140f1505eb309326d68378f8374595c849d84f4c333ec4423885143cb47bd71c5edae9be69a2ffeceb1bec9de244fbe15992b11b77c040f12bd8f6a975a44a0f90c29a9abc3d4d893927284c58754cce294529f8614dcd2aba991925fedc4ae74ffac6e333b93eb4aff0479da9a410e4450e0dd7ae4c6e2910900575da401fc07059f645e8b7e9bfdef33943054ff84011493c27b3429eaedb4ed5376441a77ed43851ad77f16f541dfd269d50d6a5f14fb0aab1cbb4c1550be97f7ab4066193c4caa773dad38014bd2092fa755c8 24bb5e54c4f36ffda9fcea70b9c6e693e148c151 + +Cipher = aes-256-xts +Key = 27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592 +IV = ffff0000000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebe cedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff +Ciphertext = 77a31251618a15e6b92d1d66dffe7b50b50bad552305ba0217a610688eff7e11e1d0225438e093242d6db274fde801d4cae06f2092c728b2478559df58e837c2469ee4a4fa794e4bbc7f39bc026e3cb72c33b0888f25b4acf56a2a9804f1ce6d3d6e1dc6ca181d4b546179d55544aa7760c40d06741539c7e3cd9d2f6650b2013fd0eeb8c2b8e3d8d240ccae2d4c98320a7442e1c8d75a42d6e6cfa4c2eca1798d158c7aecdf82490f24bb9b38e108bcda12c3faf9a21141c3613b58367f922aaa26cd22f23d708dae699ad7cb40a8ad0b6e2784973dcb605684c08b8d6998c69aac049921871ebb65301a4619ca80ecb485a31d744223ce8ddc2394828d6a80470c092f5ba413c3378fa6054255c6f9df4495862bbb3287681f931b687c888abf844dfc8fc28331e579928cd12bd2390ae123cf03818d14dedde5c0c24c8ab018bfca75ca096f2d531f3d1619e785f1ada437cab92e980558b3dce1474afb75bfedbf8ff54cb2618e0244c9ac0d3c66fb51598cd2db11f9be39791abe447c63094f7c453b7ff87cb5bb36b7c79efb0872d17058b83b15ab0866ad8a58656c5a7e20dbdf308b2461d97c0ec0024a2715055249cf3b478ddd4740de654f75ca686e0d7345c69ed50cdc2a8b332b1f8824108ac937eb050585608ee734097fc09054fbff89eeaeea791f4a7ab1 f9868294a4f9e27b42af8100cb9d59cef9645803 + +Cipher = aes-256-xts +Key = 27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592 +IV = ffffff00000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebe cedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff +Ciphertext = e387aaa58ba483afa7e8eb469778317ecf4cf573aa9d4eac23f2cdf914e4e200a8b490e42ee646802dc6ee2b471b278195d60918ececb44bf79966f83faba0499298ebc699c0c8634715a320bb4f075d622e74c8c932004f25b41e361025b5a87815391f6108fc4afa6a05d9303c6ba68a128a55705d415985832fdeaae6c8e19110e84d1b1f199a2692119edc96132658f09da7c623efcec712537a3d94c0bf5d7e352ec94ae5797fdb377dc1551150721adf15bd26a8efc2fcaad56881fa9e62462c28f30ae1ceaca93c345cf243b73f542e2074a705bd2643bb9f7cc79bb6e7091ea6e232df0f9ad0d6cf502327876d82207abf2115cdacf6d5a48f6c1879a65b115f0f8b3cb3c59d15dd8c769bc014795a1837f3901b5845eb491adfefe097b1fa30a12fc1f65ba22905031539971a10f2f36c321bb51331cdefb39e3964c7ef079994f5b69b2edd83a71ef549971ee93f44eac3938fcdd61d01fa71799da3a8091c4c48aa9ed263ff0749df95d44fef6a0bb578ec69456aa5408ae32c7af08ad7ba8921287e3bbee31b767be06a0e705c864a769137df28292283ea81a2480241b44d9921cdbec1bc28dc1fda114bd8e5217ac9d8ebafa720e9da4f9ace231cc949e5b96fe76ffc21063fddc83a6b8679c00d35e09576a875305bed5f36ed242c8900dd1fa965bc950d fce09b132263a1eef52dd6888c309f5a7d712826 + +Cipher = aes-256-xts +Key = 27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592 +IV = ffffffff000000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebe cedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff +Ciphertext = bf53d2dade78e822a4d949a9bc6766b01b06a8ef70d26748c6a7fc36d80ae4c5520f7c4ab0ac8544424fa405162fef5a6b7f229498063618d39f0003cb5fb8d1c86b643497da1ff945c8d3bedeca4f479702a7a735f043ddb1d6aaade3c4a0ac7ca7f3fa5279bef56f82cd7a2f38672e824814e10700300a055e1630b8f1cb0e919f5e942010a416e2bf48cb46993d3cb6a51c19bacf864785a00bc2ecff15d350875b246ed53e68be6f55bd7e05cfc2b2ed6432198a6444b6d8c247fab941f569768b5c429366f1d3f00f0345b96123d56204c01c63b22ce78baf116e525ed90fdea39fa469494d3866c31e05f295ff21fea8d4e6e13d67e47ce722e9698a1c1048d68ebcde76b86fcf976eab8aa9790268b7068e017a8b9b749409514f1053027fd16c3786ea1bac5f15cb79711ee2abe82f5cf8b13ae73030ef5b9e4457e75d1304f988d62dd6fc4b94ed38ba831da4b7634971b6cd8ec325d9c61c00f1df73627ed3745a5e8489f3a95c69639c32cd6e1d537a85f75cc844726e8a72fc0077ad22000f1d5078f6b866318c668f1ad03d5a5fced5219f2eabbd0aa5c0f460d183f04404a0d6f469558e81fab24a167905ab4c7878502ad3e38fdbe62a41556cec37325759533ce8f25f367c87bb5578d667ae93f9e2fd99bcbc5f2fbba88cf6516139420fcff3b7361d86 322c4bd84c82f335abb152c4a93411373aaa8220 + +Cipher = aes-256-xts +Key = 27182818284590452353602874713526624977572470936999595749669676273141592653589793238462643383279502884197169399375105820974944592 +IV = ffffffffff0000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebe cedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff +Ciphertext = 64497e5a831e4a932c09be3e5393376daa599548b816031d224bbf50a818ed2350eae7e96087c8a0db51ad290bd00c1ac1620857635bf246c176ab463be30b808da548081ac847b158e1264be25bb0910bbc92647108089415d45fab1b3d2604e8a8eff1ae4020cfa39936b66827b23f371b92200be90251e6d73c5f86de5fd4a950781933d79a28272b782a2ec313efdfcc0628f43d744c2dc2ff3dcb66999b50c7ca895b0c64791eeaa5f29499fb1c026f84ce5b5c72ba1083cddb5ce45434631665c333b60b11593fb253c5179a2c8db813782a004856a1653011e93fb6d876c18366dd8683f53412c0c180f9c848592d593f8609ca736317d356e13e2bff3a9f59cd9aeb19cd482593d8c46128bb32423b37a9adfb482b99453fbe25a41bf6feb4aa0bef5ed24bf73c762978025482c13115e4015aac992e5613a3b5c2f685b84795cb6e9b2656d8c88157e52c42f978d8634c43d06fea928f2822e465aa6576e9bf419384506cc3ce3c54ac1a6f67dc66f3b30191e698380bc999b05abce19dc0c6dcc2dd001ec535ba18deb2df1a101023108318c75dc98611a09dc48a0acdec676fabdf222f07e026f059b672b56e5cbc8e1d21bbd867dd927212054681d70ea737134cdfce93b6f82ae22423274e58a0821cc5502e2d0ab4585e94de6975be5e0b4efce51cd3e70c 25a1fbbbd609d273ad5b0d59631c531f6a0a57b9 + + +Cipher = aes-128-xts +Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0 +IV = 9a785634120000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f10 +Ciphertext = 6c1625db4671522d3d7599601de7ca09ed + +Cipher = aes-128-xts +Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0 +IV = 9a785634120000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f1011 +Ciphertext = d069444b7a7e0cab09e24447d24deb1fedbf + +Cipher = aes-128-xts +Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0 +IV = 9a785634120000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112 +Ciphertext = e5df1351c0544ba1350b3363cd8ef4beedbf9d + +Cipher = aes-128-xts +Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0bfbebdbcbbbab9b8b7b6b5b4b3b2b1b0 +IV = 9a785634120000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f10111213 +Ciphertext = 9d84c813f719aa2c7be3f66171c7c5c2edbf9dac + +Cipher = aes-128-xts +Key = e0e1e2e3e4e5e6e7e8e9eaebecedeeefc0c1c2c3c4c5c6c7c8c9cacbcccdcecf +IV = 21436587a90000000000000000000000 +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebe cedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff +Ciphertext = 38b45812ef43a05bd957e545907e223b954ab4aaf088303ad910eadf14b42be68b2461149d8c8ba85f992be970bc621f1b06573f63e867bf5875acafa04e42ccbd7bd3c2a0fb1fff791ec5ec36c66ae4ac1e806d81fbf709dbe29e471fad38549c8e66f5345d7c1eb94f405d1ec785cc6f6a68f6254dd8339f9d84057e01a17741990482999516b5611a38f41bb6478e6f173f320805dd71b1932fc333cb9ee39936beea9ad96fa10fb4112b901734ddad40bc1878995f8e11aee7d141a2f5d48b7a4e1e7f0b2c04830e69a4fd1378411c2f287edf48c6c4e5c247a19680f7fe41cefbd49b582106e3616cbbe4dfb2344b2ae9519391f3e0fb4922254b1d6d2d19c6d4d537b3a26f3bcc51588b32f3eca0829b6a5ac72578fb814fb43cf80d64a233e3f997a3f02683342f2b33d25b492536b93becb2f5e1a8b82f5b883342729e8ae09d16938841a21a97fb543eea3bbff59f13c1a18449e398701c1ad51648346cbc04c27bb2da3b93a1372ccae548fb53bee476f9e9c91773b1bb19828394d55d3e1a20ed69113a860b6829ffa847224604435070221b257e8dff783615d2cae4803a93aa4334ab482a0afac9c0aeda70b45a481df5dec5df8cc0f423c77a5fd46cd312021d4b438862419a791be03bb4d97c0e59578542531ba466a83baf92cefc151b5cc1611a167893 819b63fb8a6b18e86de60290fa72b797b0ce59f3 + # AES wrap tests from RFC3394 -id-aes128-wrap:000102030405060708090A0B0C0D0E0F::00112233445566778899AABBCCDDEEFF:1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5 -id-aes192-wrap:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF:96778B25AE6CA435F92B5B97C050AED2468AB8A17AD84E5D -id-aes256-wrap:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF:64E8C3F9CE0F5BA263E9777905818A2A93C8191E7D6E8AE7 -id-aes192-wrap:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF0001020304050607:031D33264E15D33268F24EC260743EDCE1C6C7DDEE725A936BA814915C6762D2 -id-aes256-wrap:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF0001020304050607:A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1 -id-aes256-wrap:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F:28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21 +Cipher = id-aes128-wrap +Key = 000102030405060708090A0B0C0D0E0F +Plaintext = 00112233445566778899AABBCCDDEEFF +Ciphertext = 1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5 + +Cipher = id-aes192-wrap +Key = 000102030405060708090A0B0C0D0E0F1011121314151617 +Plaintext = 00112233445566778899AABBCCDDEEFF +Ciphertext = 96778B25AE6CA435F92B5B97C050AED2468AB8A17AD84E5D + +Cipher = id-aes256-wrap +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Plaintext = 00112233445566778899AABBCCDDEEFF +Ciphertext = 64E8C3F9CE0F5BA263E9777905818A2A93C8191E7D6E8AE7 + +Cipher = id-aes192-wrap +Key = 000102030405060708090A0B0C0D0E0F1011121314151617 +Plaintext = 00112233445566778899AABBCCDDEEFF0001020304050607 +Ciphertext = 031D33264E15D33268F24EC260743EDCE1C6C7DDEE725A936BA814915C6762D2 + +Cipher = id-aes256-wrap +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Plaintext = 00112233445566778899AABBCCDDEEFF0001020304050607 +Ciphertext = A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1 + +Cipher = id-aes256-wrap +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Plaintext = 00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F +Ciphertext = 28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21 + # AES wrap tests from RFC5649 -id-aes192-wrap-pad:5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8::c37b7e6492584340bed12207808941155068f738:138bdeaa9b8fa7fc61f97742e72248ee5ae6ae5360d1ae6a5f54f373fa543b6a -id-aes192-wrap-pad:5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8::466f7250617369:afbeb0f07dfbf5419200f2ccb50bb24f +Cipher = id-aes192-wrap-pad +Key = 5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8 +Plaintext = c37b7e6492584340bed12207808941155068f738 +Ciphertext = 138bdeaa9b8fa7fc61f97742e72248ee5ae6ae5360d1ae6a5f54f373fa543b6a + +Cipher = id-aes192-wrap-pad +Key = 5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8 +Plaintext = 466f7250617369 +Ciphertext = afbeb0f07dfbf5419200f2ccb50bb24f + From appro at openssl.org Tue Feb 10 21:04:53 2015 From: appro at openssl.org (Andy Polyakov) Date: Tue, 10 Feb 2015 22:04:53 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150210210453.90D521DF1AB@butler.localdomain> The branch master has been updated via 5afc296aa69d5c8d6aed9078c0ab4cc532cf2457 (commit) via ea5f8411cd059caca4c54a6d996a177bb9172475 (commit) via 5029291722ea1b1a0ad494a881054808503901a8 (commit) from b033e5d5abad78269e137b7d710004dac0448a6b (commit) - Log ----------------------------------------------------------------- commit 5afc296aa69d5c8d6aed9078c0ab4cc532cf2457 Author: Andy Polyakov Date: Tue Feb 10 22:04:28 2015 +0100 ec/ecp_nistz256.c: fix compiler warnings. Reviewed-by: Matt Caswell commit ea5f8411cd059caca4c54a6d996a177bb9172475 Author: Andy Polyakov Date: Tue Feb 10 22:02:54 2015 +0100 Configure: disable warning C4090 in Windows builds. Reviewed-by: Matt Caswell commit 5029291722ea1b1a0ad494a881054808503901a8 Author: Andy Polyakov Date: Tue Feb 10 21:52:25 2015 +0100 ec/asm/ecp_nistz256-x86.pl: fix typos (error shows in Windows build). Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: Configure | 17 ++++++++----- TABLE | 12 ++++----- crypto/ec/asm/ecp_nistz256-x86.pl | 4 +-- crypto/ec/ecp_nistz256.c | 49 ++++++++++++++++++------------------- 4 files changed, 43 insertions(+), 39 deletions(-) diff --git a/Configure b/Configure index 9f2539b..8c94195 100755 --- a/Configure +++ b/Configure @@ -519,15 +519,20 @@ my %table=( # Visual C targets # # Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64 -"VC-WIN64I","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o ia64-mont.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32", -"VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32", -"debug-VC-WIN64I","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32", -"debug-VC-WIN64A","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32", +# +# Note about -wd4090, disable warning C4090. This warning returns false +# positives in some situations. Disabling it altogether masks both +# legitimate and false cases, but as we compile on multiple platforms, +# we rely on other compilers to catch legitimate cases. +"VC-WIN64I","cl:-W3 -wd4090 -Gs0 -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o ia64-mont.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32", +"VC-WIN64A","cl:-W3 -wd4090 -Gs0 -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32", +"debug-VC-WIN64I","cl:-W3 -wd4090 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32", +"debug-VC-WIN64A","cl:-W3 -wd4090 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32", # x86 Win32 target defaults to ANSI API, if you want UNICODE, complement # 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE' -"VC-WIN32","cl:-W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", +"VC-WIN32","cl:-W3 -wd4090 -Gs0 -GF -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", +"debug-VC-WIN32","cl:-W3 -wd4090 -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", # Unified CE target -"debug-VC-WIN32","cl:-W3 -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", "VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32", # Borland C++ 4.5 diff --git a/TABLE b/TABLE index 7193a5a..691f2ec 100644 --- a/TABLE +++ b/TABLE @@ -682,7 +682,7 @@ $multilib = *** VC-WIN32 $cc = cl -$cflags = -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE +$cflags = -W3 -wd4090 -Gs0 -GF -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE $unistd = $thread_cflag = $sys_id = WIN32 @@ -716,7 +716,7 @@ $multilib = *** VC-WIN64A $cc = cl -$cflags = -W3 -Gs0 -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE +$cflags = -W3 -wd4090 -Gs0 -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE $unistd = $thread_cflag = $sys_id = WIN64A @@ -750,7 +750,7 @@ $multilib = *** VC-WIN64I $cc = cl -$cflags = -W3 -Gs0 -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE +$cflags = -W3 -wd4090 -Gs0 -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE $unistd = $thread_cflag = $sys_id = WIN64I @@ -1430,7 +1430,7 @@ $multilib = *** debug-VC-WIN32 $cc = cl -$cflags = -W3 -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE +$cflags = -W3 -wd4090 -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE $unistd = $thread_cflag = $sys_id = WIN32 @@ -1464,7 +1464,7 @@ $multilib = *** debug-VC-WIN64A $cc = cl -$cflags = -W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE +$cflags = -W3 -wd4090 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE $unistd = $thread_cflag = $sys_id = WIN64A @@ -1498,7 +1498,7 @@ $multilib = *** debug-VC-WIN64I $cc = cl -$cflags = -W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE +$cflags = -W3 -wd4090 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE $unistd = $thread_cflag = $sys_id = WIN64I diff --git a/crypto/ec/asm/ecp_nistz256-x86.pl b/crypto/ec/asm/ecp_nistz256-x86.pl index 0670c69..b0daf15 100755 --- a/crypto/ec/asm/ecp_nistz256-x86.pl +++ b/crypto/ec/asm/ecp_nistz256-x86.pl @@ -622,7 +622,7 @@ for(1..37) { &movdqa (&QWP(0x10,"esp"),"xmm2"); &pand ("xmm5","xmm6"); # lower 32 bits of a[0]*b[i] - &movdqa ("xmm2",&DWP(0x60,"ebx")); + &movdqa ("xmm2",&QWP(0x60,"ebx")); &pmuludq("xmm1","xmm7"); # a[5]*b[i] &paddq ("xmm3","xmm5"); # a[3]*b[i]+lw(a[0]*b[i]), reduction step &paddq ("xmm0",&QWP(0x40,"esp")); @@ -679,7 +679,7 @@ for(1..37) { &movdqa (&QWP(0x10,"esp"),"xmm2"); &pand ("xmm5","xmm6"); # lower 32 bits of a[0]*b[i] - &movdqa ("xmm2",&DWP(0x60,"ebx")); + &movdqa ("xmm2",&QWP(0x60,"ebx")); &pmuludq("xmm1","xmm7"); # a[5]*b[7] &paddq ("xmm3","xmm5"); # reduction step &paddq ("xmm0",&QWP(0x40,"esp")); diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c index c50b845..0370ae6 100644 --- a/crypto/ec/ecp_nistz256.c +++ b/crypto/ec/ecp_nistz256.c @@ -28,11 +28,8 @@ #include -#include "internal/bn_int.h" -#include -#include #include "cryptlib.h" - +#include "internal/bn_int.h" #include "ec_lcl.h" #if BN_BITS2 != 64 @@ -166,7 +163,7 @@ static unsigned int _booth_recode_w7(unsigned int in) static void copy_conditional(BN_ULONG dst[P256_LIMBS], const BN_ULONG src[P256_LIMBS], BN_ULONG move) { - BN_ULONG mask1 = -move; + BN_ULONG mask1 = 0-move; BN_ULONG mask2 = ~mask1; dst[0] = (src[0] & mask1) ^ (dst[0] & mask2); @@ -560,9 +557,10 @@ static void ecp_nistz256_windowed_mul(const EC_GROUP *group, P256_POINT *r, const BIGNUM **scalar, const EC_POINT **point, - int num, BN_CTX *ctx) + size_t num, BN_CTX *ctx) { - int i, j; + size_t i; + int j; unsigned int idx; unsigned char (*p_str)[33] = NULL; const unsigned int window_size = 5; @@ -573,8 +571,9 @@ static void ecp_nistz256_windowed_mul(const EC_GROUP *group, P256_POINT (*table)[16] = NULL; void *table_storage = NULL; - if ((table_storage = - OPENSSL_malloc((num * 16 + 5) * sizeof(P256_POINT) + 64)) == NULL + if ((num * 16 + 6) > OPENSSL_MALLOC_MAX_NELEMS(P256_POINT) + || (table_storage = + OPENSSL_malloc((num * 16 + 5) * sizeof(P256_POINT) + 64)) == NULL || (p_str = OPENSSL_malloc(num * 33 * sizeof(unsigned char))) == NULL || (scalars = OPENSSL_malloc(num * sizeof(BIGNUM *))) == NULL) { @@ -604,16 +603,16 @@ static void ecp_nistz256_windowed_mul(const EC_GROUP *group, for (j = 0; j < bn_get_top(scalars[i]) * BN_BYTES; j += BN_BYTES) { BN_ULONG d = bn_get_words(scalars[i])[j / BN_BYTES]; - p_str[i][j + 0] = d & 0xff; - p_str[i][j + 1] = (d >> 8) & 0xff; - p_str[i][j + 2] = (d >> 16) & 0xff; - p_str[i][j + 3] = (d >>= 24) & 0xff; + p_str[i][j + 0] = (unsigned char)d; + p_str[i][j + 1] = (unsigned char)(d >> 8); + p_str[i][j + 2] = (unsigned char)(d >> 16); + p_str[i][j + 3] = (unsigned char)(d >>= 24); if (BN_BYTES == 8) { d >>= 8; - p_str[i][j + 4] = d & 0xff; - p_str[i][j + 5] = (d >> 8) & 0xff; - p_str[i][j + 6] = (d >> 16) & 0xff; - p_str[i][j + 7] = (d >> 24) & 0xff; + p_str[i][j + 4] = (unsigned char)d; + p_str[i][j + 5] = (unsigned char)(d >> 8); + p_str[i][j + 6] = (unsigned char)(d >> 16); + p_str[i][j + 7] = (unsigned char)(d >> 24); } } for (; j < 33; j++) @@ -1225,16 +1224,16 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group, for (i = 0; i < bn_get_top(scalar) * BN_BYTES; i += BN_BYTES) { BN_ULONG d = bn_get_words(scalar)[i / BN_BYTES]; - p_str[i + 0] = d & 0xff; - p_str[i + 1] = (d >> 8) & 0xff; - p_str[i + 2] = (d >> 16) & 0xff; - p_str[i + 3] = (d >>= 24) & 0xff; + p_str[i + 0] = (unsigned char)d; + p_str[i + 1] = (unsigned char)(d >> 8); + p_str[i + 2] = (unsigned char)(d >> 16); + p_str[i + 3] = (unsigned char)(d >>= 24); if (BN_BYTES == 8) { d >>= 8; - p_str[i + 4] = d & 0xff; - p_str[i + 5] = (d >> 8) & 0xff; - p_str[i + 6] = (d >> 16) & 0xff; - p_str[i + 7] = (d >> 24) & 0xff; + p_str[i + 4] = (unsigned char)d; + p_str[i + 5] = (unsigned char)(d >> 8); + p_str[i + 6] = (unsigned char)(d >> 16); + p_str[i + 7] = (unsigned char)(d >> 24); } } From matt at openssl.org Tue Feb 10 22:56:41 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 10 Feb 2015 23:56:41 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150210225642.1478E1DF1AB@butler.localdomain> The branch master has been updated via b7c9187b32a14b5b4a850161aed5c044d2130d5a (commit) via ea6bd2645431a064394c746fba7013950ea04f78 (commit) via f2baac27d5f95326fa441e1cb08925b46f88b21c (commit) via 75ea3632bd4d647dae8191da4b228f491bec975d (commit) from 5afc296aa69d5c8d6aed9078c0ab4cc532cf2457 (commit) - Log ----------------------------------------------------------------- commit b7c9187b32a14b5b4a850161aed5c044d2130d5a Author: Matt Caswell Date: Sun Feb 8 23:37:54 2015 +0000 Add SSL_SESSION_get0_ticket API function. Reviewed-by: Tim Hudson commit ea6bd2645431a064394c746fba7013950ea04f78 Author: Matt Caswell Date: Sun Feb 8 22:41:10 2015 +0000 Correct reading back of tlsext_tick_lifetime_hint from ASN1. When writing out the hint, if the hint > 0, then we write it out otherwise we skip it. Previously when reading the hint back in, if were expecting to see one (because the ticket length > 0), but it wasn't present then we set the hint to -1, otherwise we set it to 0. This fails to set the hint to the same as when it was written out. The hint should never be negative because the RFC states the hint is unsigned. It is valid for a server to set the hint to 0 (this means the lifetime is unspecified according to the RFC). If the server set it to 0, it should still be 0 when we read it back in. Reviewed-by: Tim Hudson commit f2baac27d5f95326fa441e1cb08925b46f88b21c Author: Matt Caswell Date: Sun Feb 8 15:43:16 2015 +0000 Provide the API functions SSL_SESSION_has_ticket and SSL_SESSION_get_ticket_lifetime_hint. The latter has been reported as required to fix Qt for OpenSSL 1.1.0. I have also added the former in order to determine whether a ticket is present or not - otherwise it is difficult to know whether a zero lifetime hint is because the server set it to 0, or because there is no ticket. Reviewed-by: Tim Hudson commit 75ea3632bd4d647dae8191da4b228f491bec975d Author: Matt Caswell Date: Sun Feb 8 15:42:46 2015 +0000 Make tlsext_tick_lifetime_hint an unsigned long (from signed long). From RFC4507: "The ticket_lifetime_hint field contains a hint from the server about how long the ticket should be stored. The value indicates the lifetime in seconds as a 32-bit unsigned integer in network byte order." Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: doc/ssl/SSL_SESSION_has_ticket.pod | 42 ++++++++++++++++++++++++++++++++++++ ssl/ssl.h | 4 ++++ ssl/ssl_asn1.c | 4 +--- ssl/ssl_locl.h | 2 +- ssl/ssl_sess.c | 18 ++++++++++++++++ 5 files changed, 66 insertions(+), 4 deletions(-) create mode 100644 doc/ssl/SSL_SESSION_has_ticket.pod diff --git a/doc/ssl/SSL_SESSION_has_ticket.pod b/doc/ssl/SSL_SESSION_has_ticket.pod new file mode 100644 index 0000000..d9b2a06 --- /dev/null +++ b/doc/ssl/SSL_SESSION_has_ticket.pod @@ -0,0 +1,42 @@ +=pod + +=head1 NAME + +SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime_hint, SSL_SESSION_get_ticket - get details about the ticket associated with a session + +=head1 SYNOPSIS + + #include + + int SSL_SESSION_has_ticket(const SSL_SESSION *s); + unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s); + void SSL_SESSION_get0_ticket(const SSL_SESSION *s, unsigned char **tick, + size_t *len); + +=head1 DESCRIPTION + +SSL_SESSION_has_ticket() returns 1 if there is a Session Ticket associated with +this session, and 0 otherwise. + +SSL_SESSION_get_ticket_lifetime_hint returns the lifetime hint in seconds +associated with the session ticket. + +SSL_SESSION_get0_ticket obtains a pointer to the ticket associated with a +session. The length of the ticket is written to B<*len>. If B is non +NULL then a pointer to the ticket is written to B<*tick>. The pointer is only +valid while the connection is in use. The session (and hence the ticket pointer) +may also become invalid as a result of a call to SSL_CTX_flush_sessions(). + +=head1 SEE ALSO + +L, +L, +L, +L + +=head1 HISTORY + +SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime_hint and +SSL_SESSION_get0_ticket were added in OpenSSL 1.1.0. + +=cut diff --git a/ssl/ssl.h b/ssl/ssl.h index 564b75e..13fb053 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1460,6 +1460,10 @@ long SSL_SESSION_get_time(const SSL_SESSION *s); long SSL_SESSION_set_time(SSL_SESSION *s, long t); long SSL_SESSION_get_timeout(const SSL_SESSION *s); long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); +int SSL_SESSION_has_ticket(const SSL_SESSION *s); +unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s); +void SSL_SESSION_get0_ticket(const SSL_SESSION *s, unsigned char **tick, + size_t *len); void SSL_copy_session_id(SSL *to, const SSL *from); X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index b27e058..63fe17f 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -569,9 +569,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, OPENSSL_free(ai.data); ai.data = NULL; ai.length = 0; - } else if (ret->tlsext_ticklen && ret->session_id_length) - ret->tlsext_tick_lifetime_hint = -1; - else + } else ret->tlsext_tick_lifetime_hint = 0; os.length = 0; os.data = NULL; diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 49425d8..7a8a303 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -670,7 +670,7 @@ struct ssl_session_st { /* RFC4507 info */ unsigned char *tlsext_tick; /* Session ticket */ size_t tlsext_ticklen; /* Session ticket length */ - long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ + unsigned long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ # endif # ifndef OPENSSL_NO_SRP char *srp_username; diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 0eda59e..cf019c8 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -848,6 +848,24 @@ long SSL_SESSION_set_time(SSL_SESSION *s, long t) return (t); } +int SSL_SESSION_has_ticket(const SSL_SESSION *s) +{ + return (s->tlsext_ticklen > 0) ? 1 : 0; +} + +unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s) +{ + return s->tlsext_tick_lifetime_hint; +} + +void SSL_SESSION_get0_ticket(const SSL_SESSION *s, unsigned char **tick, + size_t *len) +{ + *len = s->tlsext_ticklen; + if(tick != NULL) + *tick = s->tlsext_tick; +} + X509 *SSL_SESSION_get0_peer(SSL_SESSION *s) { return s->peer; From appro at openssl.org Wed Feb 11 19:30:42 2015 From: appro at openssl.org (Andy Polyakov) Date: Wed, 11 Feb 2015 20:30:42 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150211193042.B70771DF1AB@butler.localdomain> The branch master has been updated via dda8199922f9d52087d2c41b22a61eb4f9671385 (commit) via c79e17731f462d6d42b917027a7085c0f59a2214 (commit) from b7c9187b32a14b5b4a850161aed5c044d2130d5a (commit) - Log ----------------------------------------------------------------- commit dda8199922f9d52087d2c41b22a61eb4f9671385 Author: Andy Polyakov Date: Wed Feb 11 20:30:13 2015 +0100 Add Camellia CTR mode. Reviewed-by: Rich Salz commit c79e17731f462d6d42b917027a7085c0f59a2214 Author: Andy Polyakov Date: Wed Feb 11 20:28:47 2015 +0100 Add more Camellia OIDs. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: crypto/evp/c_allc.c | 3 ++ crypto/evp/e_camellia.c | 9 ++--- crypto/evp/evptests.txt | 64 ++++++++++++++++++++++++++++++++++ crypto/objects/obj_dat.h | 82 +++++++++++++++++++++++++++++++++++++++++--- crypto/objects/obj_mac.h | 60 ++++++++++++++++++++++++++++++++ crypto/objects/obj_mac.num | 12 +++++++ crypto/objects/objects.txt | 12 +++++++ 7 files changed, 231 insertions(+), 11 deletions(-) diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c index 174a419..7ae36d7 100644 --- a/crypto/evp/c_allc.c +++ b/crypto/evp/c_allc.c @@ -245,5 +245,8 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher(EVP_camellia_256_ofb()); EVP_add_cipher_alias(SN_camellia_256_cbc, "CAMELLIA256"); EVP_add_cipher_alias(SN_camellia_256_cbc, "camellia256"); + EVP_add_cipher(EVP_camellia_128_ctr()); + EVP_add_cipher(EVP_camellia_192_ctr()); + EVP_add_cipher(EVP_camellia_256_ctr()); #endif } diff --git a/crypto/evp/e_camellia.c b/crypto/evp/e_camellia.c index f9c8401..0a7ea4d 100644 --- a/crypto/evp/e_camellia.c +++ b/crypto/evp/e_camellia.c @@ -248,10 +248,9 @@ const EVP_CIPHER *EVP_camellia_##keylen##_##mode(void) \ BLOCK_CIPHER_generic(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ BLOCK_CIPHER_generic(nid,keylen,1,16,cfb128,cfb,CFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ BLOCK_CIPHER_generic(nid,keylen,1,16,cfb1,cfb1,CFB,flags) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags) -# if 0 /* not yet, missing NID */ -BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags) -# endif + BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags) \ + BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags) + /* The subkey for Camellia is generated. */ static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) @@ -364,7 +363,6 @@ static int camellia_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return 1; } -# if 0 /* not yet, missing NID */ static int camellia_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { @@ -380,7 +378,6 @@ static int camellia_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ctx->num = (size_t)num; return 1; } -# endif BLOCK_CIPHER_generic_pack(NID_camellia, 128, 0) BLOCK_CIPHER_generic_pack(NID_camellia, 192, 0) diff --git a/crypto/evp/evptests.txt b/crypto/evp/evptests.txt index 8ffbfab..718f723 100644 --- a/crypto/evp/evptests.txt +++ b/crypto/evp/evptests.txt @@ -1297,6 +1297,70 @@ Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 Ciphertext = 0A4A0404E26AA78A27CB271E8BF3CF20 +# Camellia test vectors from RFC5528 +Cipher = CAMELLIA-128-CTR +Key = AE6852F8121067CC4BF7A5765577F39E +IV = 00000030000000000000000000000001 +Operation = ENCRYPT +Plaintext = 53696E676C6520626C6F636B206D7367 +Ciphertext = D09DC29A8214619A20877C76DB1F0B3F + +Cipher = CAMELLIA-128-CTR +Key = 7E24067817FAE0D743D6CE1F32539163 +IV = 006CB6DBC0543B59DA48D90B00000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Ciphertext = DBF3C78DC08396D4DA7C907765BBCB442B8E8E0F31F0DCA72C7417E35360E048 + +Cipher = CAMELLIA-128-CTR +Key = 7691BE035E5020A8AC6E618529F9A0DC +IV = 00E0017B27777F3F4A1786F000000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223 +Ciphertext = B19D1FCDCB75EB882F849CE24D85CF739CE64B2B5C9D73F14F2D5D9DCE9889CDDF508696 + +Cipher = CAMELLIA-192-CTR +Key = 16AF5B145FC9F579C175F93E3BFB0EED863D06CCFDB78515 +IV = 0000004836733C147D6D93CB00000001 +Operation = ENCRYPT +Plaintext = 53696E676C6520626C6F636B206D7367 +Ciphertext = 2379399E8A8D2B2B16702FC78B9E9696 + +Cipher = CAMELLIA-192-CTR +Key = 7C5CB2401B3DC33C19E7340819E0F69C678C3DB8E6F6A91A +IV = 0096B03B020C6EADC2CB500D00000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Ciphertext = 7DEF34F7A5D0E415674B7FFCAE67C75DD018B86FF23051E056392A99F35A4CED + +Cipher = CAMELLIA-192-CTR +Key = 02BF391EE8ECB159B959617B0965279BF59B60A786D3E0FE +IV = 0007BDFD5CBD60278DCC091200000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223 +Ciphertext = 5710E556E1487A20B5AC0E73F19E4E7876F37FDC91B1EF4D4DADE8E666A64D0ED557AB57 + +Cipher = CAMELLIA-256-CTR +Key = 776BEFF2851DB06F4C8A0542C8696F6C6A81AF1EEC96B4D37FC1D689E6C1C104 +IV = 00000060DB5672C97AA8F0B200000001 +Operation = ENCRYPT +Plaintext = 53696E676C6520626C6F636B206D7367 +Ciphertext = 3401F9C8247EFFCEBD6994714C1BBB11 + +Cipher = CAMELLIA-256-CTR +Key = F6D66D6BD52D59BB0796365879EFF886C66DD51A5B6A99744B50590C87A23884 +IV = 00FAAC24C1585EF15A43D87500000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Ciphertext = D6C30392246F7808A83C2B22A8839E45E51CD48A1CDF406EBC9CC2D3AB834108 + +Cipher = CAMELLIA-256-CTR +Key = FF7A617CE69148E4F1726E2F43581DE2AA62D9F805532EDFF1EED687FB54153D +IV = 001CC5B751A51D70A1C1114800000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223 +Ciphertext = A4DA23FCE6A5FFAA6D64AE9A0652A42CD161A34B65F9679F75C01F101F71276F15EF0D8D + # SEED test vectors from RFC4269 Cipher = SEED-ECB Key = 00000000000000000000000000000000 diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index e93e1b0..336daef 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -62,12 +62,12 @@ * [including the GNU Public Licence.] */ -#define NUM_NID 961 -#define NUM_SN 954 -#define NUM_LN 954 -#define NUM_OBJ 890 +#define NUM_NID 973 +#define NUM_SN 966 +#define NUM_LN 966 +#define NUM_OBJ 902 -static const unsigned char lvalues[6255]={ +static const unsigned char lvalues[6351]={ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ @@ -952,6 +952,18 @@ static const unsigned char lvalues[6255]={ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x01,/* [6221] OBJ_jurisdictionLocalityName */ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x02,/* [6232] OBJ_jurisdictionStateOrProvinceName */ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x03,/* [6243] OBJ_jurisdictionCountryName */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x06, /* [6254] OBJ_camellia_128_gcm */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x07, /* [6262] OBJ_camellia_128_ccm */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x09, /* [6270] OBJ_camellia_128_ctr */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x0A, /* [6278] OBJ_camellia_128_cmac */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1A, /* [6286] OBJ_camellia_192_gcm */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1B, /* [6294] OBJ_camellia_192_ccm */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1D, /* [6302] OBJ_camellia_192_ctr */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1E, /* [6310] OBJ_camellia_192_cmac */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2E, /* [6318] OBJ_camellia_256_gcm */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2F, /* [6326] OBJ_camellia_256_ccm */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x31, /* [6334] OBJ_camellia_256_ctr */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x32, /* [6342] OBJ_camellia_256_cmac */ }; static const ASN1_OBJECT nid_objs[NUM_NID]={ @@ -2517,6 +2529,30 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ {"AES-128-OCB","aes-128-ocb",NID_aes_128_ocb,0,NULL,0}, {"AES-192-OCB","aes-192-ocb",NID_aes_192_ocb,0,NULL,0}, {"AES-256-OCB","aes-256-ocb",NID_aes_256_ocb,0,NULL,0}, +{"CAMELLIA-128-GCM","camellia-128-gcm",NID_camellia_128_gcm,8, + &(lvalues[6254]),0}, +{"CAMELLIA-128-CCM","camellia-128-ccm",NID_camellia_128_ccm,8, + &(lvalues[6262]),0}, +{"CAMELLIA-128-CTR","camellia-128-ctr",NID_camellia_128_ctr,8, + &(lvalues[6270]),0}, +{"CAMELLIA-128-CMAC","camellia-128-cmac",NID_camellia_128_cmac,8, + &(lvalues[6278]),0}, +{"CAMELLIA-192-GCM","camellia-192-gcm",NID_camellia_192_gcm,8, + &(lvalues[6286]),0}, +{"CAMELLIA-192-CCM","camellia-192-ccm",NID_camellia_192_ccm,8, + &(lvalues[6294]),0}, +{"CAMELLIA-192-CTR","camellia-192-ctr",NID_camellia_192_ctr,8, + &(lvalues[6302]),0}, +{"CAMELLIA-192-CMAC","camellia-192-cmac",NID_camellia_192_cmac,8, + &(lvalues[6310]),0}, +{"CAMELLIA-256-GCM","camellia-256-gcm",NID_camellia_256_gcm,8, + &(lvalues[6318]),0}, +{"CAMELLIA-256-CCM","camellia-256-ccm",NID_camellia_256_ccm,8, + &(lvalues[6326]),0}, +{"CAMELLIA-256-CTR","camellia-256-ctr",NID_camellia_256_ctr,8, + &(lvalues[6334]),0}, +{"CAMELLIA-256-CMAC","camellia-256-cmac",NID_camellia_256_cmac,8, + &(lvalues[6342]),0}, }; static const unsigned int sn_objs[NUM_SN]={ @@ -2559,22 +2595,34 @@ static const unsigned int sn_objs[NUM_SN]={ 94, /* "BF-OFB" */ 14, /* "C" */ 751, /* "CAMELLIA-128-CBC" */ +962, /* "CAMELLIA-128-CCM" */ 757, /* "CAMELLIA-128-CFB" */ 760, /* "CAMELLIA-128-CFB1" */ 763, /* "CAMELLIA-128-CFB8" */ +964, /* "CAMELLIA-128-CMAC" */ +963, /* "CAMELLIA-128-CTR" */ 754, /* "CAMELLIA-128-ECB" */ +961, /* "CAMELLIA-128-GCM" */ 766, /* "CAMELLIA-128-OFB" */ 752, /* "CAMELLIA-192-CBC" */ +966, /* "CAMELLIA-192-CCM" */ 758, /* "CAMELLIA-192-CFB" */ 761, /* "CAMELLIA-192-CFB1" */ 764, /* "CAMELLIA-192-CFB8" */ +968, /* "CAMELLIA-192-CMAC" */ +967, /* "CAMELLIA-192-CTR" */ 755, /* "CAMELLIA-192-ECB" */ +965, /* "CAMELLIA-192-GCM" */ 767, /* "CAMELLIA-192-OFB" */ 753, /* "CAMELLIA-256-CBC" */ +970, /* "CAMELLIA-256-CCM" */ 759, /* "CAMELLIA-256-CFB" */ 762, /* "CAMELLIA-256-CFB1" */ 765, /* "CAMELLIA-256-CFB8" */ +972, /* "CAMELLIA-256-CMAC" */ +971, /* "CAMELLIA-256-CTR" */ 756, /* "CAMELLIA-256-ECB" */ +969, /* "CAMELLIA-256-GCM" */ 768, /* "CAMELLIA-256-OFB" */ 108, /* "CAST5-CBC" */ 110, /* "CAST5-CFB" */ @@ -3711,22 +3759,34 @@ static const unsigned int ln_objs[NUM_LN]={ 881, /* "cACertificate" */ 483, /* "cNAMERecord" */ 751, /* "camellia-128-cbc" */ +962, /* "camellia-128-ccm" */ 757, /* "camellia-128-cfb" */ 760, /* "camellia-128-cfb1" */ 763, /* "camellia-128-cfb8" */ +964, /* "camellia-128-cmac" */ +963, /* "camellia-128-ctr" */ 754, /* "camellia-128-ecb" */ +961, /* "camellia-128-gcm" */ 766, /* "camellia-128-ofb" */ 752, /* "camellia-192-cbc" */ +966, /* "camellia-192-ccm" */ 758, /* "camellia-192-cfb" */ 761, /* "camellia-192-cfb1" */ 764, /* "camellia-192-cfb8" */ +968, /* "camellia-192-cmac" */ +967, /* "camellia-192-ctr" */ 755, /* "camellia-192-ecb" */ +965, /* "camellia-192-gcm" */ 767, /* "camellia-192-ofb" */ 753, /* "camellia-256-cbc" */ +970, /* "camellia-256-ccm" */ 759, /* "camellia-256-cfb" */ 762, /* "camellia-256-cfb1" */ 765, /* "camellia-256-cfb8" */ +972, /* "camellia-256-cmac" */ +971, /* "camellia-256-ctr" */ 756, /* "camellia-256-ecb" */ +969, /* "camellia-256-gcm" */ 768, /* "camellia-256-ofb" */ 443, /* "caseIgnoreIA5StringSyntax" */ 108, /* "cast5-cbc" */ @@ -4838,12 +4898,24 @@ static const unsigned int obj_objs[NUM_OBJ]={ 754, /* OBJ_camellia_128_ecb 0 3 4401 5 3 1 9 1 */ 766, /* OBJ_camellia_128_ofb128 0 3 4401 5 3 1 9 3 */ 757, /* OBJ_camellia_128_cfb128 0 3 4401 5 3 1 9 4 */ +961, /* OBJ_camellia_128_gcm 0 3 4401 5 3 1 9 6 */ +962, /* OBJ_camellia_128_ccm 0 3 4401 5 3 1 9 7 */ +963, /* OBJ_camellia_128_ctr 0 3 4401 5 3 1 9 9 */ +964, /* OBJ_camellia_128_cmac 0 3 4401 5 3 1 9 10 */ 755, /* OBJ_camellia_192_ecb 0 3 4401 5 3 1 9 21 */ 767, /* OBJ_camellia_192_ofb128 0 3 4401 5 3 1 9 23 */ 758, /* OBJ_camellia_192_cfb128 0 3 4401 5 3 1 9 24 */ +965, /* OBJ_camellia_192_gcm 0 3 4401 5 3 1 9 26 */ +966, /* OBJ_camellia_192_ccm 0 3 4401 5 3 1 9 27 */ +967, /* OBJ_camellia_192_ctr 0 3 4401 5 3 1 9 29 */ +968, /* OBJ_camellia_192_cmac 0 3 4401 5 3 1 9 30 */ 756, /* OBJ_camellia_256_ecb 0 3 4401 5 3 1 9 41 */ 768, /* OBJ_camellia_256_ofb128 0 3 4401 5 3 1 9 43 */ 759, /* OBJ_camellia_256_cfb128 0 3 4401 5 3 1 9 44 */ +969, /* OBJ_camellia_256_gcm 0 3 4401 5 3 1 9 46 */ +970, /* OBJ_camellia_256_ccm 0 3 4401 5 3 1 9 47 */ +971, /* OBJ_camellia_256_ctr 0 3 4401 5 3 1 9 49 */ +972, /* OBJ_camellia_256_cmac 0 3 4401 5 3 1 9 50 */ 437, /* OBJ_pilot 0 9 2342 19200300 100 */ 776, /* OBJ_seed_ecb 1 2 410 200004 1 3 */ 777, /* OBJ_seed_cbc 1 2 410 200004 1 4 */ diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h index 55fc5ec..e314f5c 100644 --- a/crypto/objects/obj_mac.h +++ b/crypto/objects/obj_mac.h @@ -3944,6 +3944,26 @@ #define NID_camellia_128_cfb128 757 #define OBJ_camellia_128_cfb128 OBJ_camellia,4L +#define SN_camellia_128_gcm "CAMELLIA-128-GCM" +#define LN_camellia_128_gcm "camellia-128-gcm" +#define NID_camellia_128_gcm 961 +#define OBJ_camellia_128_gcm OBJ_camellia,6L + +#define SN_camellia_128_ccm "CAMELLIA-128-CCM" +#define LN_camellia_128_ccm "camellia-128-ccm" +#define NID_camellia_128_ccm 962 +#define OBJ_camellia_128_ccm OBJ_camellia,7L + +#define SN_camellia_128_ctr "CAMELLIA-128-CTR" +#define LN_camellia_128_ctr "camellia-128-ctr" +#define NID_camellia_128_ctr 963 +#define OBJ_camellia_128_ctr OBJ_camellia,9L + +#define SN_camellia_128_cmac "CAMELLIA-128-CMAC" +#define LN_camellia_128_cmac "camellia-128-cmac" +#define NID_camellia_128_cmac 964 +#define OBJ_camellia_128_cmac OBJ_camellia,10L + #define SN_camellia_192_ecb "CAMELLIA-192-ECB" #define LN_camellia_192_ecb "camellia-192-ecb" #define NID_camellia_192_ecb 755 @@ -3959,6 +3979,26 @@ #define NID_camellia_192_cfb128 758 #define OBJ_camellia_192_cfb128 OBJ_camellia,24L +#define SN_camellia_192_gcm "CAMELLIA-192-GCM" +#define LN_camellia_192_gcm "camellia-192-gcm" +#define NID_camellia_192_gcm 965 +#define OBJ_camellia_192_gcm OBJ_camellia,26L + +#define SN_camellia_192_ccm "CAMELLIA-192-CCM" +#define LN_camellia_192_ccm "camellia-192-ccm" +#define NID_camellia_192_ccm 966 +#define OBJ_camellia_192_ccm OBJ_camellia,27L + +#define SN_camellia_192_ctr "CAMELLIA-192-CTR" +#define LN_camellia_192_ctr "camellia-192-ctr" +#define NID_camellia_192_ctr 967 +#define OBJ_camellia_192_ctr OBJ_camellia,29L + +#define SN_camellia_192_cmac "CAMELLIA-192-CMAC" +#define LN_camellia_192_cmac "camellia-192-cmac" +#define NID_camellia_192_cmac 968 +#define OBJ_camellia_192_cmac OBJ_camellia,30L + #define SN_camellia_256_ecb "CAMELLIA-256-ECB" #define LN_camellia_256_ecb "camellia-256-ecb" #define NID_camellia_256_ecb 756 @@ -3974,6 +4014,26 @@ #define NID_camellia_256_cfb128 759 #define OBJ_camellia_256_cfb128 OBJ_camellia,44L +#define SN_camellia_256_gcm "CAMELLIA-256-GCM" +#define LN_camellia_256_gcm "camellia-256-gcm" +#define NID_camellia_256_gcm 969 +#define OBJ_camellia_256_gcm OBJ_camellia,46L + +#define SN_camellia_256_ccm "CAMELLIA-256-CCM" +#define LN_camellia_256_ccm "camellia-256-ccm" +#define NID_camellia_256_ccm 970 +#define OBJ_camellia_256_ccm OBJ_camellia,47L + +#define SN_camellia_256_ctr "CAMELLIA-256-CTR" +#define LN_camellia_256_ctr "camellia-256-ctr" +#define NID_camellia_256_ctr 971 +#define OBJ_camellia_256_ctr OBJ_camellia,49L + +#define SN_camellia_256_cmac "CAMELLIA-256-CMAC" +#define LN_camellia_256_cmac "camellia-256-cmac" +#define NID_camellia_256_cmac 972 +#define OBJ_camellia_256_cmac OBJ_camellia,50L + #define SN_camellia_128_cfb1 "CAMELLIA-128-CFB1" #define LN_camellia_128_cfb1 "camellia-128-cfb1" #define NID_camellia_128_cfb1 760 diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index 648e2df..f4fe14f 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -958,3 +958,15 @@ jurisdictionCountryName 957 aes_128_ocb 958 aes_192_ocb 959 aes_256_ocb 960 +camellia_128_gcm 961 +camellia_128_ccm 962 +camellia_128_ctr 963 +camellia_128_cmac 964 +camellia_192_gcm 965 +camellia_192_ccm 966 +camellia_192_ctr 967 +camellia_192_cmac 968 +camellia_256_gcm 969 +camellia_256_ccm 970 +camellia_256_ctr 971 +camellia_256_cmac 972 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index a4af282..ee38910 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -1251,18 +1251,30 @@ camellia 1 : CAMELLIA-128-ECB : camellia-128-ecb camellia 3 : CAMELLIA-128-OFB : camellia-128-ofb !Cname camellia-128-cfb128 camellia 4 : CAMELLIA-128-CFB : camellia-128-cfb +camellia 6 : CAMELLIA-128-GCM : camellia-128-gcm +camellia 7 : CAMELLIA-128-CCM : camellia-128-ccm +camellia 9 : CAMELLIA-128-CTR : camellia-128-ctr +camellia 10 : CAMELLIA-128-CMAC : camellia-128-cmac camellia 21 : CAMELLIA-192-ECB : camellia-192-ecb !Cname camellia-192-ofb128 camellia 23 : CAMELLIA-192-OFB : camellia-192-ofb !Cname camellia-192-cfb128 camellia 24 : CAMELLIA-192-CFB : camellia-192-cfb +camellia 26 : CAMELLIA-192-GCM : camellia-192-gcm +camellia 27 : CAMELLIA-192-CCM : camellia-192-ccm +camellia 29 : CAMELLIA-192-CTR : camellia-192-ctr +camellia 30 : CAMELLIA-192-CMAC : camellia-192-cmac camellia 41 : CAMELLIA-256-ECB : camellia-256-ecb !Cname camellia-256-ofb128 camellia 43 : CAMELLIA-256-OFB : camellia-256-ofb !Cname camellia-256-cfb128 camellia 44 : CAMELLIA-256-CFB : camellia-256-cfb +camellia 46 : CAMELLIA-256-GCM : camellia-256-gcm +camellia 47 : CAMELLIA-256-CCM : camellia-256-ccm +camellia 49 : CAMELLIA-256-CTR : camellia-256-ctr +camellia 50 : CAMELLIA-256-CMAC : camellia-256-cmac # There are no OIDs for these modes... From appro at openssl.org Wed Feb 11 19:37:26 2015 From: appro at openssl.org (Andy Polyakov) Date: Wed, 11 Feb 2015 20:37:26 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150211193726.96B741DF1AB@butler.localdomain> The branch master has been updated via 7b4a4b71b52c704580f5ef043017f06d4fb97e7e (commit) via 7a6c9a2e96247b0c623252f398abe123cdf1e3f8 (commit) from dda8199922f9d52087d2c41b22a61eb4f9671385 (commit) - Log ----------------------------------------------------------------- commit 7b4a4b71b52c704580f5ef043017f06d4fb97e7e Author: Andy Polyakov Date: Fri Jan 23 23:02:27 2015 +0100 Engage ecp_nistz256-armv4 module. Reviewed-by: Emilia K?sper commit 7a6c9a2e96247b0c623252f398abe123cdf1e3f8 Author: Andy Polyakov Date: Wed Feb 11 20:34:18 2015 +0100 Add ec/asm/ecp_nistz256-armv4.pl module. Reviewed-by: Emilia K?sper ----------------------------------------------------------------------- Summary of changes: Configure | 2 +- TABLE | 4 +- crypto/ec/Makefile | 3 + crypto/ec/asm/ecp_nistz256-armv4.pl | 1809 +++++++++++++++++++++++++++++++++++ 4 files changed, 1815 insertions(+), 3 deletions(-) create mode 100755 crypto/ec/asm/ecp_nistz256-armv4.pl diff --git a/Configure b/Configure index 8c94195..69320b7 100755 --- a/Configure +++ b/Configure @@ -140,7 +140,7 @@ my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o::::::sha1-alpha.o:::::::ghash- my $mips64_asm=":bn-mips.o mips-mont.o:::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o sha512-mips.o::::::::"; my $mips32_asm=$mips64_asm; $mips32_asm =~ s/\s*sha512\-mips\.o//; my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o s390x-gf2m.o:::aes-s390x.o aes-ctr.o aes-xts.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::ghash-s390x.o:"; -my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o:::aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o ghashv8-armx.o::void"; +my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o:ecp_nistz256.o ecp_nistz256-armv4.o::aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o ghashv8-armx.o::void"; my $aarch64_asm="armcap.o arm64cpuid.o mem_clr.o::::aes_core.o aes_cbc.o aesv8-armx.o:::sha1-armv8.o sha256-armv8.o sha512-armv8.o:::::::ghashv8-armx.o:"; my $parisc11_asm="pariscid.o:bn_asm.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::32"; my $parisc20_asm="pariscid.o:pa-risc2W.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::64"; diff --git a/TABLE b/TABLE index 691f2ec..67c6639 100644 --- a/TABLE +++ b/TABLE @@ -996,7 +996,7 @@ $lflags = -ldl $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR $cpuid_obj = armcap.o armv4cpuid.o $bn_obj = bn_asm.o armv4-mont.o armv4-gf2m.o -$ec_obj = +$ec_obj = ecp_nistz256.o ecp_nistz256-armv4.o $des_obj = $aes_obj = aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o $bf_obj = @@ -3988,7 +3988,7 @@ $lflags = -ldl $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR $cpuid_obj = armcap.o armv4cpuid.o $bn_obj = bn_asm.o armv4-mont.o armv4-gf2m.o -$ec_obj = +$ec_obj = ecp_nistz256.o ecp_nistz256-armv4.o $des_obj = $aes_obj = aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o $bf_obj = diff --git a/crypto/ec/Makefile b/crypto/ec/Makefile index 319e003..7e9f7a6 100644 --- a/crypto/ec/Makefile +++ b/crypto/ec/Makefile @@ -57,6 +57,9 @@ ecp_nistz256-x86_64.s: asm/ecp_nistz256-x86_64.pl ecp_nistz256-avx2.s: asm/ecp_nistz256-avx2.pl $(PERL) asm/ecp_nistz256-avx2.pl $(PERLASM_SCHEME) > $@ +ecp_nistz256-%.S: asm/ecp_nistz256-%.pl; $(PERL) $< $(PERLASM_SCHEME) $@ +ecp_nistz256-armv4.o: ecp_nistz256-armv4.S + files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO diff --git a/crypto/ec/asm/ecp_nistz256-armv4.pl b/crypto/ec/asm/ecp_nistz256-armv4.pl new file mode 100755 index 0000000..9f5500e --- /dev/null +++ b/crypto/ec/asm/ecp_nistz256-armv4.pl @@ -0,0 +1,1809 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# ECP_NISTZ256 module for ARMv4. +# +# October 2014. +# +# Original ECP_NISTZ256 submission targeting x86_64 is detailed in +# http://eprint.iacr.org/2013/816. In the process of adaptation +# original .c module was made 32-bit savvy in order to make this +# implementation possible. +# +# with/without -DECP_NISTZ256_ASM +# Cortex-A8 +53-170% +# Cortex-A9 +76-205% +# Cortex-A15 +100-316% +# Snapdragon S4 +66-187% +# +# Ranges denote minimum and maximum improvement coefficients depending +# on benchmark. Lower coefficients are for ECDSA sign, server-side +# operation. Keep in mind that +200% means 3x improvement. + +$flavour = shift; +while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or +die "can't locate arm-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; + +$code.=<<___; +#include "arm_arch.h" + +.text +.code 32 +___ +######################################################################## +# Convert ecp_nistz256_table.c to layout expected by ecp_nistz_gather_w7 +# +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +open TABLE,") { + s/TOBN$\s*(0x[0-9a-f]+),\s*(0x[0-9a-f]+)\s*$/push @arr,hex($2),hex($1)/geo; +} +close TABLE; + +# See ecp_nistz256_table.c for explanation for why it's 64*16*37. +# 64*16*37-1 is because $#arr returns last valid index or @arr, not +# amount of elements. +die "insane number of elements" if ($#arr != 64*16*37-1); + +$code.=<<___; +.globl ecp_nistz256_precomputed +.type ecp_nistz256_precomputed,%object +.align 12 +ecp_nistz256_precomputed: +___ +######################################################################## +# this conversion smashes P256_POINT_AFFINE by individual bytes with +# 64 byte interval, similar to +# 1111222233334444 +# 1234123412341234 +for(1..37) { + @tbl = splice(@arr,0,64*16); + for($i=0;$i<64;$i++) { + undef @line; + for($j=0;$j<64;$j++) { + push @line,(@tbl[$j*16+$i/4]>>(($i%4)*8))&0xff; + } + $code.=".byte\t"; + $code.=join(',',map { sprintf "0x%02x",$_} @line); + $code.="\n"; + } +} +$code.=<<___; +.size ecp_nistz256_precomputed,.-ecp_nistz256_precomputed +.align 5 +.LRR: @ 2^512 mod P precomputed for NIST P256 polynomial +.long 0x00000003, 0x00000000, 0xffffffff, 0xfffffffb +.long 0xfffffffe, 0xffffffff, 0xfffffffd, 0x00000004 +.Lone: +.long 1,0,0,0,0,0,0,0 +.asciz "ECP_NISTZ256 for ARMv4, CRYPTOGAMS by " +.align 6 +___ + +######################################################################## +# common register layout, note that $t2 is link register, so that if +# internal subroutine uses $t2, then it has to offload lr... + +($r_ptr,$a_ptr,$b_ptr,$ff,$a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7,$t1,$t2)= + map("r$_",(0..12,14)); +($t0,$t3)=($ff,$a_ptr); + +$code.=<<___; +@ void ecp_nistz256_to_mont(BN_ULONG r0[8],const BN_ULONG r1[8]); +.globl ecp_nistz256_to_mont +.type ecp_nistz256_to_mont,%function +ecp_nistz256_to_mont: + adr $b_ptr,.LRR + b .Lecp_nistz256_mul_mont +.size ecp_nistz256_to_mont,.-ecp_nistz256_to_mont + +@ void ecp_nistz256_from_mont(BN_ULONG r0[8],const BN_ULONG r1[8]); +.globl ecp_nistz256_from_mont +.type ecp_nistz256_from_mont,%function +ecp_nistz256_from_mont: + adr $b_ptr,.Lone + b .Lecp_nistz256_mul_mont +.size ecp_nistz256_from_mont,.-ecp_nistz256_from_mont + +@ void ecp_nistz256_mul_by_2(BN_ULONG r0[8],const BN_ULONG r1[8]); +.globl ecp_nistz256_mul_by_2 +.type ecp_nistz256_mul_by_2,%function +.align 4 +ecp_nistz256_mul_by_2: + stmdb sp!,{r4-r12,lr} + bl _ecp_nistz256_mul_by_2 +#if __ARM_ARCH__>=5 || !defined(__thumb__) + ldmia sp!,{r4-r12,pc} +#else + ldmia sp!,{r4-r12,lr} + bx lr @ interoperable with Thumb ISA:-) +#endif +.size ecp_nistz256_mul_by_2,.-ecp_nistz256_mul_by_2 + +.type _ecp_nistz256_mul_by_2,%function +.align 4 +_ecp_nistz256_mul_by_2: + ldr $a0,[$a_ptr,#0] + ldr $a1,[$a_ptr,#4] + ldr $a2,[$a_ptr,#8] + adds $a0,$a0,$a0 @ a[0:7]+=a[0:7], i.e. add with itself + ldr $a3,[$a_ptr,#12] + adcs $a1,$a1,$a1 + ldr $a4,[$a_ptr,#16] + adcs $a2,$a2,$a2 + ldr $a5,[$a_ptr,#20] + adcs $a3,$a3,$a3 + ldr $a6,[$a_ptr,#24] + adcs $a4,$a4,$a4 + ldr $a7,[$a_ptr,#28] + adcs $a5,$a5,$a5 + adcs $a6,$a6,$a6 + mov $ff,#0 + adcs $a7,$a7,$a7 + movcs $ff,#-1 @ $ff = carry ? -1 : 0 + + b .Lreduce_by_sub +.size _ecp_nistz256_mul_by_2,.-_ecp_nistz256_mul_by_2 + +@ void ecp_nistz256_add(BN_ULONG r0[8],const BN_ULONG r1[8], +@ const BN_ULONG r2[8]); +.globl ecp_nistz256_add +.type ecp_nistz256_add,%function +.align 4 +ecp_nistz256_add: + stmdb sp!,{r4-r12,lr} + bl _ecp_nistz256_add +#if __ARM_ARCH__>=5 || !defined(__thumb__) + ldmia sp!,{r4-r12,pc} +#else + ldmia sp!,{r4-r12,lr} + bx lr @ interoperable with Thumb ISA:-) +#endif +.size ecp_nistz256_add,.-ecp_nistz256_add + +.type _ecp_nistz256_add,%function +.align 4 +_ecp_nistz256_add: + str lr,[sp,#-4]! @ push lr + + ldr $a0,[$a_ptr,#0] + ldr $a1,[$a_ptr,#4] + ldr $a2,[$a_ptr,#8] + ldr $a3,[$a_ptr,#12] + ldr $a4,[$a_ptr,#16] + ldr $t0,[$b_ptr,#0] + ldr $a5,[$a_ptr,#20] + ldr $t1,[$b_ptr,#4] + ldr $a6,[$a_ptr,#24] + ldr $t2,[$b_ptr,#8] + ldr $a7,[$a_ptr,#28] + ldr $t3,[$b_ptr,#12] + adds $a0,$a0,$t0 + ldr $t0,[$b_ptr,#16] + adcs $a1,$a1,$t1 + ldr $t1,[$b_ptr,#20] + adcs $a2,$a2,$t2 + ldr $t2,[$b_ptr,#24] + adcs $a3,$a3,$t3 + ldr $t3,[$b_ptr,#28] + adcs $a4,$a4,$t0 + adcs $a5,$a5,$t1 + adcs $a6,$a6,$t2 + mov $ff,#0 + adcs $a7,$a7,$t3 + movcs $ff,#-1 @ $ff = carry ? -1 : 0, "broadcast" carry + ldr lr,[sp],#4 @ pop lr + +.Lreduce_by_sub: + + @ if a+b carries, subtract modulus. + @ + @ Note that because mod has special form, i.e. consists of + @ 0xffffffff, 1 and 0s, we can conditionally synthesize it by + @ using value of broadcasted carry as a whole or extracting + @ single bit. Follow $ff register... + + subs $a0,$a0,$ff @ subtract synthesized modulus + sbcs $a1,$a1,$ff + str $a0,[$r_ptr,#0] + sbcs $a2,$a2,$ff + str $a1,[$r_ptr,#4] + sbcs $a3,$a3,#0 + str $a2,[$r_ptr,#8] + sbcs $a4,$a4,#0 + str $a3,[$r_ptr,#12] + sbcs $a5,$a5,#0 + str $a4,[$r_ptr,#16] + sbcs $a6,$a6,$ff,lsr#31 + str $a5,[$r_ptr,#20] + sbcs $a7,$a7,$ff + str $a6,[$r_ptr,#24] + str $a7,[$r_ptr,#28] + + mov pc,lr +.size _ecp_nistz256_add,.-_ecp_nistz256_add + +@ void ecp_nistz256_mul_by_3(BN_ULONG r0[8],const BN_ULONG r1[8]); +.globl ecp_nistz256_mul_by_3 +.type ecp_nistz256_mul_by_3,%function +.align 4 +ecp_nistz256_mul_by_3: + stmdb sp!,{r4-r12,lr} + bl _ecp_nistz256_mul_by_3 +#if __ARM_ARCH__>=5 || !defined(__thumb__) + ldmia sp!,{r4-r12,pc} +#else + ldmia sp!,{r4-r12,lr} + bx lr @ interoperable with Thumb ISA:-) +#endif +.size ecp_nistz256_mul_by_3,.-ecp_nistz256_mul_by_3 + +.type _ecp_nistz256_mul_by_3,%function +.align 4 +_ecp_nistz256_mul_by_3: + str lr,[sp,#-4]! @ push lr + + @ As multiplication by 3 is performed as 2*n+n, below are inline + @ copies of _ecp_nistz256_mul_by_2 and _ecp_nistz256_add, see + @ corresponding subroutines for details. + + ldr $a0,[$a_ptr,#0] + ldr $a1,[$a_ptr,#4] + ldr $a2,[$a_ptr,#8] + adds $a0,$a0,$a0 @ a[0:7]+=a[0:7] + ldr $a3,[$a_ptr,#12] + adcs $a1,$a1,$a1 + ldr $a4,[$a_ptr,#16] + adcs $a2,$a2,$a2 + ldr $a5,[$a_ptr,#20] + adcs $a3,$a3,$a3 + ldr $a6,[$a_ptr,#24] + adcs $a4,$a4,$a4 + ldr $a7,[$a_ptr,#28] + adcs $a5,$a5,$a5 + adcs $a6,$a6,$a6 + mov $ff,#0 + adcs $a7,$a7,$a7 + movcs $ff,#-1 @ $ff = carry ? -1 : 0, "broadcast" carry + + subs $a0,$a0,$ff @ subtract synthesized modulus, see + @ .Lreduce_by_sub for details, except + @ that we don't write anything to + @ memory, but keep intermediate + @ results in registers... + sbcs $a1,$a1,$ff + sbcs $a2,$a2,$ff + sbcs $a3,$a3,#0 + sbcs $a4,$a4,#0 + ldr $b_ptr,[$a_ptr,#0] + sbcs $a5,$a5,#0 + ldr $t1,[$a_ptr,#4] + sbcs $a6,$a6,$ff,lsr#31 + ldr $t2,[$a_ptr,#8] + sbcs $a7,$a7,$ff + + ldr $t0,[$a_ptr,#12] + adds $a0,$a0,$b_ptr @ 2*a[0:7]+=a[0:7] + ldr $b_ptr,[$a_ptr,#16] + adcs $a1,$a1,$t1 + ldr $t1,[$a_ptr,#20] + adcs $a2,$a2,$t2 + ldr $t2,[$a_ptr,#24] + adcs $a3,$a3,$t0 + ldr $t3,[$a_ptr,#28] + adcs $a4,$a4,$b_ptr + adcs $a5,$a5,$t1 + adcs $a6,$a6,$t2 + mov $ff,#0 + adcs $a7,$a7,$t3 + movcs $ff,#-1 @ $ff = carry ? -1 : 0, "broadcast" carry + ldr lr,[sp],#4 @ pop lr + + b .Lreduce_by_sub +.size ecp_nistz256_mul_by_3,.-ecp_nistz256_mul_by_3 + +@ void ecp_nistz256_div_by_2(BN_ULONG r0[8],const BN_ULONG r1[8]); +.globl ecp_nistz256_div_by_2 +.type ecp_nistz256_div_by_2,%function +.align 4 +ecp_nistz256_div_by_2: + stmdb sp!,{r4-r12,lr} + bl _ecp_nistz256_div_by_2 +#if __ARM_ARCH__>=5 || !defined(__thumb__) + ldmia sp!,{r4-r12,pc} +#else + ldmia sp!,{r4-r12,lr} + bx lr @ interoperable with Thumb ISA:-) +#endif +.size ecp_nistz256_div_by_2,.-ecp_nistz256_div_by_2 + +.type _ecp_nistz256_div_by_2,%function +.align 4 +_ecp_nistz256_div_by_2: + @ ret = (a is odd ? a+mod : a) >> 1 + + ldr $a0,[$a_ptr,#0] + ldr $a1,[$a_ptr,#4] + ldr $a2,[$a_ptr,#8] + mov $ff,$a0,lsl#31 @ place least significant bit to most + @ significant position, now arithmetic + @ right shift by 31 will produce -1 or + @ 0, while logical rigth shift 1 or 0, + @ this is how modulus is conditionally + @ synthesized in this case... + ldr $a3,[$a_ptr,#12] + adds $a0,$a0,$ff,asr#31 + ldr $a4,[$a_ptr,#16] + adcs $a1,$a1,$ff,asr#31 + ldr $a5,[$a_ptr,#20] + adcs $a2,$a2,$ff,asr#31 + ldr $a6,[$a_ptr,#24] + adcs $a3,$a3,#0 + ldr $a7,[$a_ptr,#28] + adcs $a4,$a4,#0 + mov $a0,$a0,lsr#1 @ a[0:7]>>=1, we can start early + @ because it doesn't affect flags + adcs $a5,$a5,#0 + orr $a0,$a0,$a1,lsl#31 + adcs $a6,$a6,$ff,lsr#31 + mov $b_ptr,#0 + adcs $a7,$a7,$ff,asr#31 + mov $a1,$a1,lsr#1 + adc $b_ptr,$b_ptr,#0 @ top-most carry bit from addition + + orr $a1,$a1,$a2,lsl#31 + mov $a2,$a2,lsr#1 + str $a0,[$r_ptr,#0] + orr $a2,$a2,$a3,lsl#31 + mov $a3,$a3,lsr#1 + str $a1,[$r_ptr,#4] + orr $a3,$a3,$a4,lsl#31 + mov $a4,$a4,lsr#1 + str $a2,[$r_ptr,#8] + orr $a4,$a4,$a5,lsl#31 + mov $a5,$a5,lsr#1 + str $a3,[$r_ptr,#12] + orr $a5,$a5,$a6,lsl#31 + mov $a6,$a6,lsr#1 + str $a4,[$r_ptr,#16] + orr $a6,$a6,$a7,lsl#31 + mov $a7,$a7,lsr#1 + str $a5,[$r_ptr,#20] + orr $a7,$a7,$b_ptr,lsl#31 @ don't forget the top-most carry bit + str $a6,[$r_ptr,#24] + str $a7,[$r_ptr,#28] + + mov pc,lr +.size _ecp_nistz256_div_by_2,.-_ecp_nistz256_div_by_2 + +@ void ecp_nistz256_sub(BN_ULONG r0[8],const BN_ULONG r1[8], +@ const BN_ULONG r2[8]); +.globl ecp_nistz256_sub +.type ecp_nistz256_sub,%function +.align 4 +ecp_nistz256_sub: + stmdb sp!,{r4-r12,lr} + bl _ecp_nistz256_sub +#if __ARM_ARCH__>=5 || !defined(__thumb__) + ldmia sp!,{r4-r12,pc} +#else + ldmia sp!,{r4-r12,lr} + bx lr @ interoperable with Thumb ISA:-) +#endif +.size ecp_nistz256_sub,.-ecp_nistz256_sub + +.type _ecp_nistz256_sub,%function +.align 4 +_ecp_nistz256_sub: + str lr,[sp,#-4]! @ push lr + + ldr $a0,[$a_ptr,#0] + ldr $a1,[$a_ptr,#4] + ldr $a2,[$a_ptr,#8] + ldr $a3,[$a_ptr,#12] + ldr $a4,[$a_ptr,#16] + ldr $t0,[$b_ptr,#0] + ldr $a5,[$a_ptr,#20] + ldr $t1,[$b_ptr,#4] + ldr $a6,[$a_ptr,#24] + ldr $t2,[$b_ptr,#8] + ldr $a7,[$a_ptr,#28] + ldr $t3,[$b_ptr,#12] + subs $a0,$a0,$t0 + ldr $t0,[$b_ptr,#16] + sbcs $a1,$a1,$t1 + ldr $t1,[$b_ptr,#20] + sbcs $a2,$a2,$t2 + ldr $t2,[$b_ptr,#24] + sbcs $a3,$a3,$t3 + ldr $t3,[$b_ptr,#28] + sbcs $a4,$a4,$t0 + sbcs $a5,$a5,$t1 + sbcs $a6,$a6,$t2 + sbcs $a7,$a7,$t3 + sbc $ff,$ff,$ff @ broadcast borrow bit + ldr lr,[sp],#4 @ pop lr + +.Lreduce_by_add: + + @ if a-b borrows, add modulus. + @ + @ Note that because mod has special form, i.e. consists of + @ 0xffffffff, 1 and 0s, we can conditionally synthesize it by + @ broadcasting borrow bit to a register, $ff, and using it as + @ a whole or extracting single bit. + + adds $a0,$a0,$ff @ add synthesized modulus + adcs $a1,$a1,$ff + str $a0,[$r_ptr,#0] + adcs $a2,$a2,$ff + str $a1,[$r_ptr,#4] + adcs $a3,$a3,#0 + str $a2,[$r_ptr,#8] + adcs $a4,$a4,#0 + str $a3,[$r_ptr,#12] + adcs $a5,$a5,#0 + str $a4,[$r_ptr,#16] + adcs $a6,$a6,$ff,lsr#31 + str $a5,[$r_ptr,#20] + adcs $a7,$a7,$ff + str $a6,[$r_ptr,#24] + str $a7,[$r_ptr,#28] + + mov pc,lr +.size _ecp_nistz256_sub,.-_ecp_nistz256_sub + +@ void ecp_nistz256_neg(BN_ULONG r0[8],const BN_ULONG r1[8]); +.globl ecp_nistz256_neg +.type ecp_nistz256_neg,%function +.align 4 +ecp_nistz256_neg: + stmdb sp!,{r4-r12,lr} + bl _ecp_nistz256_neg +#if __ARM_ARCH__>=5 || !defined(__thumb__) + ldmia sp!,{r4-r12,pc} +#else + ldmia sp!,{r4-r12,lr} + bx lr @ interoperable with Thumb ISA:-) +#endif +.size ecp_nistz256_neg,.-ecp_nistz256_neg + +.type _ecp_nistz256_neg,%function +.align 4 +_ecp_nistz256_neg: + ldr $a0,[$a_ptr,#0] + eor $ff,$ff,$ff + ldr $a1,[$a_ptr,#4] + ldr $a2,[$a_ptr,#8] + subs $a0,$ff,$a0 + ldr $a3,[$a_ptr,#12] + sbcs $a1,$ff,$a1 + ldr $a4,[$a_ptr,#16] + sbcs $a2,$ff,$a2 + ldr $a5,[$a_ptr,#20] + sbcs $a3,$ff,$a3 + ldr $a6,[$a_ptr,#24] + sbcs $a4,$ff,$a4 + ldr $a7,[$a_ptr,#28] + sbcs $a5,$ff,$a5 + sbcs $a6,$ff,$a6 + sbcs $a7,$ff,$a7 + sbc $ff,$ff,$ff + + b .Lreduce_by_add +.size _ecp_nistz256_neg,.-_ecp_nistz256_neg +___ +{ +my @acc=map("r$_",(3..11)); +my ($t0,$t1,$bj,$t2,$t3)=map("r$_",(0,1,2,12,14)); + +$code.=<<___; +@ void ecp_nistz256_sqr_mont(BN_ULONG r0[8],const BN_ULONG r1[8]); +.globl ecp_nistz256_sqr_mont +.type ecp_nistz256_sqr_mont,%function +.align 4 +ecp_nistz256_sqr_mont: + mov $b_ptr,$a_ptr + b .Lecp_nistz256_mul_mont +.size ecp_nistz256_sqr_mont,.-ecp_nistz256_sqr_mont + +@ void ecp_nistz256_mul_mont(BN_ULONG r0[8],const BN_ULONG r1[8], +@ const BN_ULONG r2[8]); +.globl ecp_nistz256_mul_mont +.type ecp_nistz256_mul_mont,%function +.align 4 +ecp_nistz256_mul_mont: +.Lecp_nistz256_mul_mont: + stmdb sp!,{r4-r12,lr} + bl _ecp_nistz256_mul_mont +#if __ARM_ARCH__>=5 || !defined(__thumb__) + ldmia sp!,{r4-r12,pc} +#else + ldmia sp!,{r4-r12,lr} + bx lr @ interoperable with Thumb ISA:-) +#endif +.size ecp_nistz256_mul_mont,.-ecp_nistz256_mul_mont + +.type _ecp_nistz256_mul_mont,%function +.align 4 +_ecp_nistz256_mul_mont: + stmdb sp!,{r0-r2,lr} @ make a copy of arguments too + + ldr $bj,[$b_ptr,#0] @ b[0] + ldmia $a_ptr,{@acc[1]- at acc[8]} + + umull @acc[0],$t3, at acc[1],$bj @ r[0]=a[0]*b[0] + stmdb sp!,{$acc[1]- at acc[8]} @ copy a[0-7] to stack, so + @ that it can be addressed + @ without spending register + @ on address + umull @acc[1],$t0, at acc[2],$bj @ r[1]=a[1]*b[0] + umull @acc[2],$t1, at acc[3],$bj + adds @acc[1], at acc[1],$t3 @ accumulate high part of mult + umull @acc[3],$t2, at acc[4],$bj + adcs @acc[2], at acc[2],$t0 + umull @acc[4],$t3, at acc[5],$bj + adcs @acc[3], at acc[3],$t1 + umull @acc[5],$t0, at acc[6],$bj + adcs @acc[4], at acc[4],$t2 + umull @acc[6],$t1, at acc[7],$bj + adcs @acc[5], at acc[5],$t3 + umull @acc[7],$t2, at acc[8],$bj + adcs @acc[6], at acc[6],$t0 + adcs @acc[7], at acc[7],$t1 + eor $t3,$t3,$t3 @ first overflow bit is zero + adc @acc[8],$t2,#0 +___ +for(my $i=1;$i<8;$i++) { +my $t4=@acc[0]; + + # Reduction iteration is normally performed by accumulating + # result of multiplication of modulus by "magic" digit [and + # omitting least significant word, which is guaranteed to + # be 0], but thanks to special form of modulus and "magic" + # digit being equal to least significant word, it can be + # performed with additions and subtractions alone. Indeed: + # + # ffff.0001.0000.0000.0000.ffff.ffff.ffff + # * abcd + # + xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.abcd + # + # Now observing that ff..ff*x = (2^n-1)*x = 2^n*x-x, we + # rewrite above as: + # + # xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.abcd + # + abcd.0000.abcd.0000.0000.abcd.0000.0000.0000 + # - abcd.0000.0000.0000.0000.0000.0000.abcd + # + # or marking redundant operations: + # + # xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.---- + # + abcd.0000.abcd.0000.0000.abcd.----.----.---- + # - abcd.----.----.----.----.----.----.---- + +$code.=<<___; + @ multiplication-less reduction $i + adds @acc[3], at acc[3], at acc[0] @ r[3]+=r[0] + ldr $bj,[sp,#40] @ restore b_ptr + adcs @acc[4], at acc[4],#0 @ r[4]+=0 + adcs @acc[5], at acc[5],#0 @ r[5]+=0 + adcs @acc[6], at acc[6], at acc[0] @ r[6]+=r[0] + ldr $t1,[sp,#0] @ load a[0] + adcs @acc[7], at acc[7],#0 @ r[7]+=0 + ldr $bj,[$bj,#4*$i] @ load b[i] + adcs @acc[8], at acc[8], at acc[0] @ r[8]+=r[0] + eor $t0,$t0,$t0 + adc $t3,$t3,#0 @ overflow bit + subs @acc[7], at acc[7], at acc[0] @ r[7]-=r[0] + ldr $t2,[sp,#4] @ a[1] + sbcs @acc[8], at acc[8],#0 @ r[8]-=0 + umlal @acc[1],$t0,$t1,$bj @ "r[0]"+=a[0]*b[i] + eor $t1,$t1,$t1 + sbc @acc[0],$t3,#0 @ overflow bit, keep in mind + @ that netto result is + @ addition of a value which + @ makes underflow impossible + + ldr $t3,[sp,#8] @ a[2] + umlal @acc[2],$t1,$t2,$bj @ "r[1]"+=a[1]*b[i] + str @acc[0],[sp,#36] @ temporarily offload overflow + eor $t2,$t2,$t2 + ldr $t4,[sp,#12] @ a[3], $t4 is alias @acc[0] + umlal @acc[3],$t2,$t3,$bj @ "r[2]"+=a[2]*b[i] + eor $t3,$t3,$t3 + adds @acc[2], at acc[2],$t0 @ accumulate high part of mult + ldr $t0,[sp,#16] @ a[4] + umlal @acc[4],$t3,$t4,$bj @ "r[3]"+=a[3]*b[i] + eor $t4,$t4,$t4 + adcs @acc[3], at acc[3],$t1 + ldr $t1,[sp,#20] @ a[5] + umlal @acc[5],$t4,$t0,$bj @ "r[4]"+=a[4]*b[i] + eor $t0,$t0,$t0 + adcs @acc[4], at acc[4],$t2 + ldr $t2,[sp,#24] @ a[6] + umlal @acc[6],$t0,$t1,$bj @ "r[5]"+=a[5]*b[i] + eor $t1,$t1,$t1 + adcs @acc[5], at acc[5],$t3 + ldr $t3,[sp,#28] @ a[7] + umlal @acc[7],$t1,$t2,$bj @ "r[6]"+=a[6]*b[i] + eor $t2,$t2,$t2 + adcs @acc[6], at acc[6],$t4 + ldr @acc[0],[sp,#36] @ restore overflow bit + umlal @acc[8],$t2,$t3,$bj @ "r[7]"+=a[7]*b[i] + eor $t3,$t3,$t3 + adcs @acc[7], at acc[7],$t0 + adcs @acc[8], at acc[8],$t1 + adcs @acc[0],$acc[0],$t2 + adc $t3,$t3,#0 @ new overflow bit +___ + push(@acc,shift(@acc)); # rotate registers, so that + # "r[i]" becomes r[i] +} +$code.=<<___; + @ last multiplication-less reduction + adds @acc[3], at acc[3], at acc[0] + ldr $r_ptr,[sp,#32] @ restore r_ptr + adcs @acc[4], at acc[4],#0 + adcs @acc[5], at acc[5],#0 + adcs @acc[6], at acc[6], at acc[0] + adcs @acc[7], at acc[7],#0 + adcs @acc[8], at acc[8], at acc[0] + adc $t3,$t3,#0 + subs @acc[7], at acc[7], at acc[0] + sbcs @acc[8], at acc[8],#0 + sbc @acc[0],$t3,#0 @ overflow bit + + @ Final step is "if result > mod, subtract mod", but we do it + @ "other way around", namely subtract modulus from result + @ and if it borrowed, add modulus back. + + subs @acc[1], at acc[1],#-1 @ compare to modulus + sbcs @acc[2], at acc[2],#-1 + sbcs @acc[3], at acc[3],#-1 + sbcs @acc[4], at acc[4],#0 + sbcs @acc[5], at acc[5],#0 + sbcs @acc[6], at acc[6],#0 + sbcs @acc[7], at acc[7],#1 + sbcs @acc[8], at acc[8],#-1 + ldr lr,[sp,#44] @ restore lr + sbc @acc[0], at acc[0],#0 @ broadcast borrow bit + add sp,sp,#48 + + @ Note that because mod has special form, i.e. consists of + @ 0xffffffff, 1 and 0s, we can conditionally synthesize it by + @ broadcasting borrow bit to a register, @acc[0], and using it as + @ a whole or extracting single bit. + + adds @acc[1], at acc[1], at acc[0] @ add modulus or zero + adcs @acc[2], at acc[2], at acc[0] + str @acc[1],[$r_ptr,#0] + adcs @acc[3], at acc[3], at acc[0] + str @acc[2],[$r_ptr,#4] + adcs @acc[4], at acc[4],#0 + str @acc[3],[$r_ptr,#8] + adcs @acc[5], at acc[5],#0 + str @acc[4],[$r_ptr,#12] + adcs @acc[6], at acc[6],#0 + str @acc[5],[$r_ptr,#16] + adcs @acc[7], at acc[7], at acc[0],lsr#31 + str @acc[6],[$r_ptr,#20] + adc @acc[8], at acc[8], at acc[0] + str @acc[7],[$r_ptr,#24] + str @acc[8],[$r_ptr,#28] + + mov pc,lr +.size _ecp_nistz256_mul_mont,.-_ecp_nistz256_mul_mont +___ +} + +{ +my ($out,$inp,$index,$mask)=map("r$_",(0..3)); +$code.=<<___; +@ void ecp_nistz256_scatter_w5(void *r0,const P256_POINT *r1, +@ int r2); +.globl ecp_nistz256_scatter_w5 +.type ecp_nistz256_scatter_w5,%function +.align 5 +ecp_nistz256_scatter_w5: + stmdb sp!,{r4-r11} + + add $out,$out,$index,lsl#2 + + ldmia $inp!,{r4-r11} @ X + str r4,[$out,#64*0-4] + str r5,[$out,#64*1-4] + str r6,[$out,#64*2-4] + str r7,[$out,#64*3-4] + str r8,[$out,#64*4-4] + str r9,[$out,#64*5-4] + str r10,[$out,#64*6-4] + str r11,[$out,#64*7-4] + add $out,$out,#64*8 + + ldmia $inp!,{r4-r11} @ Y + str r4,[$out,#64*0-4] + str r5,[$out,#64*1-4] + str r6,[$out,#64*2-4] + str r7,[$out,#64*3-4] + str r8,[$out,#64*4-4] + str r9,[$out,#64*5-4] + str r10,[$out,#64*6-4] + str r11,[$out,#64*7-4] + add $out,$out,#64*8 + + ldmia $inp,{r4-r11} @ Z + str r4,[$out,#64*0-4] + str r5,[$out,#64*1-4] + str r6,[$out,#64*2-4] + str r7,[$out,#64*3-4] + str r8,[$out,#64*4-4] + str r9,[$out,#64*5-4] + str r10,[$out,#64*6-4] + str r11,[$out,#64*7-4] + + ldmia sp!,{r4-r11} +#if __ARM_ARCH__>=5 || defined(__thumb__) + bx lr +#else + mov pc,lr +#endif +.size ecp_nistz256_scatter_w5,.-ecp_nistz256_scatter_w5 + +@ void ecp_nistz256_gather_w5(P256_POINT *r0,const void *r1, +@ int r2); +.globl ecp_nistz256_gather_w5 +.type ecp_nistz256_gather_w5,%function +.align 5 +ecp_nistz256_gather_w5: + stmdb sp!,{r4-r11} + + cmp $index,#0 + mov $mask,#0 + subne $index,$index,#1 + movne $mask,#-1 + add $inp,$inp,$index,lsl#2 + + ldr r4,[$inp,#64*0] + ldr r5,[$inp,#64*1] + ldr r6,[$inp,#64*2] + and r4,r4,$mask + ldr r7,[$inp,#64*3] + and r5,r5,$mask + ldr r8,[$inp,#64*4] + and r6,r6,$mask + ldr r9,[$inp,#64*5] + and r7,r7,$mask + ldr r10,[$inp,#64*6] + and r8,r8,$mask + ldr r11,[$inp,#64*7] + add $inp,$inp,#64*8 + and r9,r9,$mask + and r10,r10,$mask + and r11,r11,$mask + stmia $out!,{r4-r11} @ X + + ldr r4,[$inp,#64*0] + ldr r5,[$inp,#64*1] + ldr r6,[$inp,#64*2] + and r4,r4,$mask + ldr r7,[$inp,#64*3] + and r5,r5,$mask + ldr r8,[$inp,#64*4] + and r6,r6,$mask + ldr r9,[$inp,#64*5] + and r7,r7,$mask + ldr r10,[$inp,#64*6] + and r8,r8,$mask + ldr r11,[$inp,#64*7] + add $inp,$inp,#64*8 + and r9,r9,$mask + and r10,r10,$mask + and r11,r11,$mask + stmia $out!,{r4-r11} @ Y + + ldr r4,[$inp,#64*0] + ldr r5,[$inp,#64*1] + ldr r6,[$inp,#64*2] + and r4,r4,$mask + ldr r7,[$inp,#64*3] + and r5,r5,$mask + ldr r8,[$inp,#64*4] + and r6,r6,$mask + ldr r9,[$inp,#64*5] + and r7,r7,$mask + ldr r10,[$inp,#64*6] + and r8,r8,$mask + ldr r11,[$inp,#64*7] + and r9,r9,$mask + and r10,r10,$mask + and r11,r11,$mask + stmia $out,{r4-r11} @ Z + + ldmia sp!,{r4-r11} +#if __ARM_ARCH__>=5 || defined(__thumb__) + bx lr +#else + mov pc,lr +#endif +.size ecp_nistz256_gather_w5,.-ecp_nistz256_gather_w5 + +@ void ecp_nistz256_scatter_w7(void *r0,const P256_POINT_AFFINE *r1, +@ int r2); +.globl ecp_nistz256_scatter_w7 +.type ecp_nistz256_scatter_w7,%function +.align 5 +ecp_nistz256_scatter_w7: + add $out,$out,$index + mov $index,#64/4 +.Loop_scatter_w7: + ldr $mask,[$inp],#4 + subs $index,$index,#1 + strb $mask,[$out,#64*0-1] + mov $mask,$mask,lsr#8 + strb $mask,[$out,#64*1-1] + mov $mask,$mask,lsr#8 + strb $mask,[$out,#64*2-1] + mov $mask,$mask,lsr#8 + strb $mask,[$out,#64*3-1] + add $out,$out,#64*4 + bne .Loop_scatter_w7 + +#if __ARM_ARCH__>=5 || defined(__thumb__) + bx lr +#else + mov pc,lr +#endif +.size ecp_nistz256_scatter_w7,.-ecp_nistz256_scatter_w7 + +@ void ecp_nistz256_gather_w7(P256_POINT_AFFINE *r0,const void *r1, +@ int r2); +.globl ecp_nistz256_gather_w7 +.type ecp_nistz256_gather_w7,%function +.align 5 +ecp_nistz256_gather_w7: + stmdb sp!,{r4-r7} + + cmp $index,#0 + mov $mask,#0 + subne $index,$index,#1 + movne $mask,#-1 + add $inp,$inp,$index + mov $index,#64/4 + nop +.Loop_gather_w7: + ldrb r4,[$inp,#64*0] + subs $index,$index,#1 + ldrb r5,[$inp,#64*1] + ldrb r6,[$inp,#64*2] + ldrb r7,[$inp,#64*3] + add $inp,$inp,#64*4 + orr r4,r4,r5,lsl#8 + orr r4,r4,r6,lsl#16 + orr r4,r4,r7,lsl#24 + and r4,r4,$mask + str r4,[$out],#4 + bne .Loop_gather_w7 + + ldmia sp!,{r4-r7} +#if __ARM_ARCH__>=5 || defined(__thumb__) + bx lr +#else + mov pc,lr +#endif +.size ecp_nistz256_gather_w7,.-ecp_nistz256_gather_w7 +___ +} +if (0) { +# In comparison to integer-only equivalent of below subroutine: +# +# Cortex-A8 +10% +# Cortex-A9 -10% +# Snapdragon S4 +5% +# +# As not all time is spent in multiplication, overall impact is deemed +# too low to care about. + +my ($A0,$A1,$A2,$A3,$Bi,$zero,$temp)=map("d$_",(0..7)); +my $mask="q4"; +my $mult="q5"; +my @AxB=map("q$_",(8..15)); + +my ($rptr,$aptr,$bptr,$toutptr)=map("r$_",(0..3)); + +$code.=<<___; +#if __ARM_ARCH__>=7 +.fpu neon + +.globl ecp_nistz256_mul_mont_neon +.type ecp_nistz256_mul_mont_neon,%function +.align 5 +ecp_nistz256_mul_mont_neon: + mov ip,sp + stmdb sp!,{r4-r9} + vstmdb sp!,{q4-q5} @ ABI specification says so + + sub $toutptr,sp,#40 + vld1.32 {${Bi}[0]},[$bptr,:32]! + veor $zero,$zero,$zero + vld1.32 {$A0-$A3}, [$aptr] @ can't specify :32 :-( + vzip.16 $Bi,$zero + mov sp,$toutptr @ alloca + vmov.i64 $mask,#0xffff + + vmull.u32 @AxB[0],$Bi,${A0}[0] + vmull.u32 @AxB[1],$Bi,${A0}[1] + vmull.u32 @AxB[2],$Bi,${A1}[0] + vmull.u32 @AxB[3],$Bi,${A1}[1] + vshr.u64 $temp, at AxB[0]#lo,#16 + vmull.u32 @AxB[4],$Bi,${A2}[0] + vadd.u64 @AxB[0]#hi, at AxB[0]#hi,$temp + vmull.u32 @AxB[5],$Bi,${A2}[1] + vshr.u64 $temp, at AxB[0]#hi,#16 @ upper 32 bits of a[0]*b[0] + vmull.u32 @AxB[6],$Bi,${A3}[0] + vand.u64 @AxB[0], at AxB[0],$mask @ lower 32 bits of a[0]*b[0] + vmull.u32 @AxB[7],$Bi,${A3}[1] +___ +for($i=1;$i<8;$i++) { +$code.=<<___; + vld1.32 {${Bi}[0]},[$bptr,:32]! + veor $zero,$zero,$zero + vadd.u64 @AxB[1]#lo, at AxB[1]#lo,$temp @ reduction + vshl.u64 $mult, at AxB[0],#32 + vadd.u64 @AxB[3], at AxB[3], at AxB[0] + vsub.u64 $mult,$mult, at AxB[0] + vzip.16 $Bi,$zero + vadd.u64 @AxB[6], at AxB[6], at AxB[0] + vadd.u64 @AxB[7], at AxB[7],$mult +___ + push(@AxB,shift(@AxB)); +$code.=<<___; + vmlal.u32 @AxB[0],$Bi,${A0}[0] + vmlal.u32 @AxB[1],$Bi,${A0}[1] + vmlal.u32 @AxB[2],$Bi,${A1}[0] + vmlal.u32 @AxB[3],$Bi,${A1}[1] + vshr.u64 $temp, at AxB[0]#lo,#16 + vmlal.u32 @AxB[4],$Bi,${A2}[0] + vadd.u64 @AxB[0]#hi, at AxB[0]#hi,$temp + vmlal.u32 @AxB[5],$Bi,${A2}[1] + vshr.u64 $temp, at AxB[0]#hi,#16 @ upper 33 bits of a[0]*b[i]+t[0] + vmlal.u32 @AxB[6],$Bi,${A3}[0] + vand.u64 @AxB[0], at AxB[0],$mask @ lower 32 bits of a[0]*b[0] + vmull.u32 @AxB[7],$Bi,${A3}[1] +___ +} +$code.=<<___; + vadd.u64 @AxB[1]#lo, at AxB[1]#lo,$temp @ last reduction + vshl.u64 $mult, at AxB[0],#32 + vadd.u64 @AxB[3], at AxB[3], at AxB[0] + vsub.u64 $mult,$mult, at AxB[0] + vadd.u64 @AxB[6], at AxB[6], at AxB[0] + vadd.u64 @AxB[7], at AxB[7],$mult + + vshr.u64 $temp, at AxB[1]#lo,#16 @ convert + vadd.u64 @AxB[1]#hi, at AxB[1]#hi,$temp + vshr.u64 $temp, at AxB[1]#hi,#16 + vzip.16 @AxB[1]#lo, at AxB[1]#hi +___ +foreach (2..7) { +$code.=<<___; + vadd.u64 @AxB[$_]#lo, at AxB[$_]#lo,$temp + vst1.32 {@AxB[$_-1]#lo[0]},[$toutptr,:32]! + vshr.u64 $temp, at AxB[$_]#lo,#16 + vadd.u64 @AxB[$_]#hi, at AxB[$_]#hi,$temp + vshr.u64 $temp, at AxB[$_]#hi,#16 + vzip.16 @AxB[$_]#lo, at AxB[$_]#hi +___ +} +$code.=<<___; + vst1.32 {@AxB[7]#lo[0]},[$toutptr,:32]! + vst1.32 {$temp},[$toutptr] @ upper 33 bits + + ldr r1,[sp,#0] + ldr r2,[sp,#4] + ldr r3,[sp,#8] + subs r1,r1,#-1 + ldr r4,[sp,#12] + sbcs r2,r2,#-1 + ldr r5,[sp,#16] + sbcs r3,r3,#-1 + ldr r6,[sp,#20] + sbcs r4,r4,#0 + ldr r7,[sp,#24] + sbcs r5,r5,#0 + ldr r8,[sp,#28] + sbcs r6,r6,#0 + ldr r9,[sp,#32] @ top-most bit + sbcs r7,r7,#1 + sub sp,ip,#40+16 + sbcs r8,r8,#-1 + sbc r9,r9,#0 + vldmia sp!,{q4-q5} + + adds r1,r1,r9 + adcs r2,r2,r9 + str r1,[$rptr,#0] + adcs r3,r3,r9 + str r2,[$rptr,#4] + adcs r4,r4,#0 + str r3,[$rptr,#8] + adcs r5,r5,#0 + str r4,[$rptr,#12] + adcs r6,r6,#0 + str r5,[$rptr,#16] + adcs r7,r7,r9,lsr#31 + str r6,[$rptr,#20] + adcs r8,r8,r9 + str r7,[$rptr,#24] + str r8,[$rptr,#28] + + ldmia sp!,{r4-r9} + bx lr +.size ecp_nistz256_mul_mont_neon,.-ecp_nistz256_mul_mont_neon +#endif +___ +} + +{{{ +######################################################################## +# Below $aN assignment matches order in which 256-bit result appears in +# register bank at return from _ecp_nistz256_mul_mont, so that we can +# skip over reloading it from memory. This means that below functions +# use custom calling sequence accepting 256-bit input in registers, +# output pointer in r0, $r_ptr, and optional pointer in r2, $b_ptr. +# +# See their "normal" counterparts for insights on calculations. + +my ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7, + $t0,$t1,$t2,$t3)=map("r$_",(11,3..10,12,14,1)); +my $ff=$b_ptr; + +$code.=<<___; +.type __ecp_nistz256_sub_from,%function +.align 5 +__ecp_nistz256_sub_from: + str lr,[sp,#-4]! @ push lr + + ldr $t0,[$b_ptr,#0] + ldr $t1,[$b_ptr,#4] + ldr $t2,[$b_ptr,#8] + ldr $t3,[$b_ptr,#12] + subs $a0,$a0,$t0 + ldr $t0,[$b_ptr,#16] + sbcs $a1,$a1,$t1 + ldr $t1,[$b_ptr,#20] + sbcs $a2,$a2,$t2 + ldr $t2,[$b_ptr,#24] + sbcs $a3,$a3,$t3 + ldr $t3,[$b_ptr,#28] + sbcs $a4,$a4,$t0 + sbcs $a5,$a5,$t1 + sbcs $a6,$a6,$t2 + sbcs $a7,$a7,$t3 + sbc $ff,$ff,$ff @ broadcast borrow bit + ldr lr,[sp],#4 @ pop lr + + adds $a0,$a0,$ff @ add synthesized modulus + adcs $a1,$a1,$ff + str $a0,[$r_ptr,#0] + adcs $a2,$a2,$ff + str $a1,[$r_ptr,#4] + adcs $a3,$a3,#0 + str $a2,[$r_ptr,#8] + adcs $a4,$a4,#0 + str $a3,[$r_ptr,#12] + adcs $a5,$a5,#0 + str $a4,[$r_ptr,#16] + adcs $a6,$a6,$ff,lsr#31 + str $a5,[$r_ptr,#20] + adcs $a7,$a7,$ff + str $a6,[$r_ptr,#24] + str $a7,[$r_ptr,#28] + + mov pc,lr +.size __ecp_nistz256_sub_from,.-__ecp_nistz256_sub_from + +.type __ecp_nistz256_sub_morf,%function +.align 5 +__ecp_nistz256_sub_morf: + str lr,[sp,#-4]! @ push lr + + ldr $t0,[$b_ptr,#0] + ldr $t1,[$b_ptr,#4] + ldr $t2,[$b_ptr,#8] + ldr $t3,[$b_ptr,#12] + subs $a0,$t0,$a0 + ldr $t0,[$b_ptr,#16] + sbcs $a1,$t1,$a1 + ldr $t1,[$b_ptr,#20] + sbcs $a2,$t2,$a2 + ldr $t2,[$b_ptr,#24] + sbcs $a3,$t3,$a3 + ldr $t3,[$b_ptr,#28] + sbcs $a4,$t0,$a4 + sbcs $a5,$t1,$a5 + sbcs $a6,$t2,$a6 + sbcs $a7,$t3,$a7 + sbc $ff,$ff,$ff @ broadcast borrow bit + ldr lr,[sp],#4 @ pop lr + + adds $a0,$a0,$ff @ add synthesized modulus + adcs $a1,$a1,$ff + str $a0,[$r_ptr,#0] + adcs $a2,$a2,$ff + str $a1,[$r_ptr,#4] + adcs $a3,$a3,#0 + str $a2,[$r_ptr,#8] + adcs $a4,$a4,#0 + str $a3,[$r_ptr,#12] + adcs $a5,$a5,#0 + str $a4,[$r_ptr,#16] + adcs $a6,$a6,$ff,lsr#31 + str $a5,[$r_ptr,#20] + adcs $a7,$a7,$ff + str $a6,[$r_ptr,#24] + str $a7,[$r_ptr,#28] + + mov pc,lr +.size __ecp_nistz256_sub_morf,.-__ecp_nistz256_sub_morf + +.type __ecp_nistz256_mul_by_2,%function +.align 4 +__ecp_nistz256_mul_by_2: + adds $a0,$a0,$a0 @ a[0:7]+=a[0:7] + adcs $a1,$a1,$a1 + adcs $a2,$a2,$a2 + adcs $a3,$a3,$a3 + adcs $a4,$a4,$a4 + adcs $a5,$a5,$a5 + adcs $a6,$a6,$a6 + mov $ff,#0 + adcs $a7,$a7,$a7 + movcs $ff,#-1 @ $ff = carry ? -1 : 0 + + subs $a0,$a0,$ff @ subtract synthesized modulus + sbcs $a1,$a1,$ff + str $a0,[$r_ptr,#0] + sbcs $a2,$a2,$ff + str $a1,[$r_ptr,#4] + sbcs $a3,$a3,#0 + str $a2,[$r_ptr,#8] + sbcs $a4,$a4,#0 + str $a3,[$r_ptr,#12] + sbcs $a5,$a5,#0 + str $a4,[$r_ptr,#16] + sbcs $a6,$a6,$ff,lsr#31 + str $a5,[$r_ptr,#20] + sbcs $a7,$a7,$ff + str $a6,[$r_ptr,#24] + str $a7,[$r_ptr,#28] + + mov pc,lr +.size __ecp_nistz256_mul_by_2,.-__ecp_nistz256_mul_by_2 + +___ + +######################################################################## +# following subroutines are "literal" implemetation of those found in +# ecp_nistz256.c +# +######################################################################## +# void ecp_nistz256_point_double(P256_POINT *out,const P256_POINT *inp); +# +{ +my ($S,$M,$Zsqr,$in_x,$tmp0)=map(32*$_,(0..4)); +# above map() describes stack layout with 5 temporary +# 256-bit vectors on top. Then note that we push +# starting from r0, which means that we have copy of +# input arguments just below these temporary vectors. + +$code.=<<___; +.globl ecp_nistz256_point_double +.type ecp_nistz256_point_double,%function +.align 5 +ecp_nistz256_point_double: + stmdb sp!,{r0-r12,lr} @ push from r0, unusual, but intentional + sub sp,sp,#32*5 + + add r3,sp,#$in_x + ldmia $a_ptr!,{r4-r11} @ copy in_x + stmia r3,{r4-r11} + + add $r_ptr,sp,#$S + bl _ecp_nistz256_mul_by_2 @ p256_mul_by_2(S, in_y); + + add $b_ptr,$a_ptr,#32 + add $a_ptr,$a_ptr,#32 + add $r_ptr,sp,#$Zsqr + bl _ecp_nistz256_mul_mont @ p256_sqr_mont(Zsqr, in_z); + + add $a_ptr,sp,#$S + add $b_ptr,sp,#$S + add $r_ptr,sp,#$S + bl _ecp_nistz256_mul_mont @ p256_sqr_mont(S, S); + + ldr $b_ptr,[sp,#32*5+4] + add $a_ptr,$b_ptr,#32 + add $b_ptr,$b_ptr,#64 + add $r_ptr,sp,#$tmp0 + bl _ecp_nistz256_mul_mont @ p256_mul_mont(tmp0, in_z, in_y); + + ldr $r_ptr,[sp,#32*5] + add $r_ptr,$r_ptr,#64 + bl __ecp_nistz256_mul_by_2 @ p256_mul_by_2(res_z, tmp0); + + add $a_ptr,sp,#$in_x + add $b_ptr,sp,#$Zsqr + add $r_ptr,sp,#$M + bl _ecp_nistz256_add @ p256_add(M, in_x, Zsqr); + + add $a_ptr,sp,#$in_x + add $b_ptr,sp,#$Zsqr + add $r_ptr,sp,#$Zsqr + bl _ecp_nistz256_sub @ p256_sub(Zsqr, in_x, Zsqr); + + add $a_ptr,sp,#$S + add $b_ptr,sp,#$S + add $r_ptr,sp,#$tmp0 + bl _ecp_nistz256_mul_mont @ p256_sqr_mont(tmp0, S); + + add $a_ptr,sp,#$Zsqr + add $b_ptr,sp,#$M + add $r_ptr,sp,#$M + bl _ecp_nistz256_mul_mont @ p256_mul_mont(M, M, Zsqr); + + ldr $r_ptr,[sp,#32*5] + add $a_ptr,sp,#$tmp0 + add $r_ptr,$r_ptr,#32 + bl _ecp_nistz256_div_by_2 @ p256_div_by_2(res_y, tmp0); + + add $a_ptr,sp,#$M + add $r_ptr,sp,#$M + bl _ecp_nistz256_mul_by_3 @ p256_mul_by_3(M, M); + + add $a_ptr,sp,#$in_x + add $b_ptr,sp,#$S + add $r_ptr,sp,#$S + bl _ecp_nistz256_mul_mont @ p256_mul_mont(S, S, in_x); + + add $r_ptr,sp,#$tmp0 + bl __ecp_nistz256_mul_by_2 @ p256_mul_by_2(tmp0, S); + + ldr $r_ptr,[sp,#32*5] + add $a_ptr,sp,#$M + add $b_ptr,sp,#$M + bl _ecp_nistz256_mul_mont @ p256_sqr_mont(res_x, M); + + add $b_ptr,sp,#$tmp0 + bl __ecp_nistz256_sub_from @ p256_sub(res_x, res_x, tmp0); + + add $b_ptr,sp,#$S + add $r_ptr,sp,#$S + bl __ecp_nistz256_sub_morf @ p256_sub(S, S, res_x); + + add $a_ptr,sp,#$M + add $b_ptr,sp,#$S + bl _ecp_nistz256_mul_mont @ p256_mul_mont(S, S, M); + + ldr $r_ptr,[sp,#32*5] + add $b_ptr,$r_ptr,#32 + add $r_ptr,$r_ptr,#32 + bl __ecp_nistz256_sub_from @ p256_sub(res_y, S, res_y); + + add sp,sp,#32*5+16 @ +16 means "skip even over saved r0-r3" +#if __ARM_ARCH__>=5 || !defined(__thumb__) + ldmia sp!,{r4-r12,pc} +#else + ldmia sp!,{r4-r12,lr} + bx lr @ interoperable with Thumb ISA:-) +#endif +.size ecp_nistz256_point_double,.-ecp_nistz256_point_double +___ +} + +######################################################################## +# void ecp_nistz256_point_add(P256_POINT *out,const P256_POINT *in1, +# const P256_POINT *in2); +{ +my ($res_x,$res_y,$res_z, + $in1_x,$in1_y,$in1_z, + $in2_x,$in2_y,$in2_z, + $H,$Hsqr,$R,$Rsqr,$Hcub, + $U1,$U2,$S1,$S2)=map(32*$_,(0..17)); +my ($Z1sqr, $Z2sqr) = ($Hsqr, $Rsqr); +# above map() describes stack layout with 18 temporary +# 256-bit vectors on top. Then note that we push +# starting from r0, which means that we have copy of +# input arguments just below these temporary vectors. +# We use three of them for !in1infty, !in2intfy and +# result of check for zero. + +$code.=<<___; +.globl ecp_nistz256_point_add +.type ecp_nistz256_point_add,%function +.align 5 +ecp_nistz256_point_add: + stmdb sp!,{r0-r12,lr} @ push from r0, unusual, but intentional + sub sp,sp,#32*18 + + ldmia $b_ptr!,{r4-r11} @ copy in2 + add r3,sp,#$in2_x + orr r12,r4,r5 + orr r12,r12,r6 + orr r12,r12,r7 + orr r12,r12,r8 + orr r12,r12,r9 + orr r12,r12,r10 + orr r12,r12,r11 + stmia r3!,{r4-r11} + ldmia $b_ptr!,{r4-r11} + orr r12,r12,r4 + orr r12,r12,r5 + orr r12,r12,r6 + orr r12,r12,r7 + orr r12,r12,r8 + orr r12,r12,r9 + orr r12,r12,r10 + orr r12,r12,r11 + stmia r3!,{r4-r11} + ldmia $b_ptr,{r4-r11} + cmp r12,#0 + movne r12,#-1 + stmia r3,{r4-r11} + str r12,[sp,#32*18+8] @ !in2infty + + ldmia $a_ptr!,{r4-r11} @ copy in1 + add r3,sp,#$in1_x + orr r12,r4,r5 + orr r12,r12,r6 + orr r12,r12,r7 + orr r12,r12,r8 + orr r12,r12,r9 + orr r12,r12,r10 + orr r12,r12,r11 + stmia r3!,{r4-r11} + ldmia $a_ptr!,{r4-r11} + orr r12,r12,r4 + orr r12,r12,r5 + orr r12,r12,r6 + orr r12,r12,r7 + orr r12,r12,r8 + orr r12,r12,r9 + orr r12,r12,r10 + orr r12,r12,r11 + stmia r3!,{r4-r11} + ldmia $a_ptr,{r4-r11} + cmp r12,#0 + movne r12,#-1 + stmia r3,{r4-r11} + str r12,[sp,#32*18+4] @ !in1infty + + add $a_ptr,sp,#$in2_z + add $b_ptr,sp,#$in2_z + add $r_ptr,sp,#$Z2sqr + bl _ecp_nistz256_mul_mont @ p256_sqr_mont(Z2sqr, in2_z); + + add $a_ptr,sp,#$in1_z + add $b_ptr,sp,#$in1_z + add $r_ptr,sp,#$Z1sqr + bl _ecp_nistz256_mul_mont @ p256_sqr_mont(Z1sqr, in1_z); + + add $a_ptr,sp,#$in2_z + add $b_ptr,sp,#$Z2sqr + add $r_ptr,sp,#$S1 + bl _ecp_nistz256_mul_mont @ p256_mul_mont(S1, Z2sqr, in2_z); + + add $a_ptr,sp,#$in1_z + add $b_ptr,sp,#$Z1sqr + add $r_ptr,sp,#$S2 + bl _ecp_nistz256_mul_mont @ p256_mul_mont(S2, Z1sqr, in1_z); + + add $a_ptr,sp,#$in1_y + add $b_ptr,sp,#$S1 + add $r_ptr,sp,#$S1 + bl _ecp_nistz256_mul_mont @ p256_mul_mont(S1, S1, in1_y); + + add $a_ptr,sp,#$in2_y + add $b_ptr,sp,#$S2 + add $r_ptr,sp,#$S2 + bl _ecp_nistz256_mul_mont @ p256_mul_mont(S2, S2, in2_y); + + add $b_ptr,sp,#$S1 + add $r_ptr,sp,#$R + bl __ecp_nistz256_sub_from @ p256_sub(R, S2, S1); + + orr $a0,$a0,$a1 @ see if result is zero + orr $a2,$a2,$a3 + orr $a4,$a4,$a5 + orr $a0,$a0,$a2 + orr $a4,$a4,$a6 + orr $a0,$a0,$a7 + add $a_ptr,sp,#$in1_x + orr $a0,$a0,$a4 + add $b_ptr,sp,#$Z2sqr + str $a0,[sp,#32*18+12] + + add $r_ptr,sp,#$U1 + bl _ecp_nistz256_mul_mont @ p256_mul_mont(U1, in1_x, Z2sqr); + + add $a_ptr,sp,#$in2_x + add $b_ptr,sp,#$Z1sqr + add $r_ptr,sp,#$U2 + bl _ecp_nistz256_mul_mont @ p256_mul_mont(U2, in2_x, Z1sqr); + + add $b_ptr,sp,#$U1 + add $r_ptr,sp,#$H + bl __ecp_nistz256_sub_from @ p256_sub(H, U2, U1); + + orr $a0,$a0,$a1 @ see if result is zero + orr $a2,$a2,$a3 + orr $a4,$a4,$a5 + orr $a0,$a0,$a2 + orr $a4,$a4,$a6 + orr $a0,$a0,$a7 + orrs $a0,$a0,$a4 + + bne .Ladd_proceed @ is_equal(U1,U2)? + + ldr $t0,[sp,#32*18+4] + ldr $t1,[sp,#32*18+8] + ldr $t2,[sp,#32*18+12] + tst $t0,$t1 + beq .Ladd_proceed @ (in1infty || in2infty)? + tst $t2,$t2 + beq .Ladd_proceed @ is_equal(S1,S2)? + + ldr $r_ptr,[sp,#32*18] + eor r4,r4,r4 + eor r5,r5,r5 + eor r6,r6,r6 + eor r7,r7,r7 + eor r8,r8,r8 + eor r9,r9,r9 + eor r10,r10,r10 + eor r11,r11,r11 + stmia $r_ptr!,{r4-r11} + stmia $r_ptr!,{r4-r11} + stmia $r_ptr!,{r4-r11} + b .Ladd_done + +.align 4 +.Ladd_proceed: + add $a_ptr,sp,#$R + add $b_ptr,sp,#$R + add $r_ptr,sp,#$Rsqr + bl _ecp_nistz256_mul_mont @ p256_sqr_mont(Rsqr, R); + + add $a_ptr,sp,#$H + add $b_ptr,sp,#$in1_z + add $r_ptr,sp,#$res_z + bl _ecp_nistz256_mul_mont @ p256_mul_mont(res_z, H, in1_z); + + add $a_ptr,sp,#$H + add $b_ptr,sp,#$H + add $r_ptr,sp,#$Hsqr + bl _ecp_nistz256_mul_mont @ p256_sqr_mont(Hsqr, H); + + add $a_ptr,sp,#$in2_z + add $b_ptr,sp,#$res_z + add $r_ptr,sp,#$res_z + bl _ecp_nistz256_mul_mont @ p256_mul_mont(res_z, res_z, in2_z); + + add $a_ptr,sp,#$H + add $b_ptr,sp,#$Hsqr + add $r_ptr,sp,#$Hcub + bl _ecp_nistz256_mul_mont @ p256_mul_mont(Hcub, Hsqr, H); + + add $a_ptr,sp,#$Hsqr + add $b_ptr,sp,#$U1 + add $r_ptr,sp,#$U2 + bl _ecp_nistz256_mul_mont @ p256_mul_mont(U2, U1, Hsqr); + + add $r_ptr,sp,#$Hsqr + bl __ecp_nistz256_mul_by_2 @ p256_mul_by_2(Hsqr, U2); + + add $b_ptr,sp,#$Rsqr + add $r_ptr,sp,#$res_x + bl __ecp_nistz256_sub_morf @ p256_sub(res_x, Rsqr, Hsqr); + + add $b_ptr,sp,#$Hcub + bl __ecp_nistz256_sub_from @ p256_sub(res_x, res_x, Hcub); + + add $b_ptr,sp,#$U2 + add $r_ptr,sp,#$res_y + bl __ecp_nistz256_sub_morf @ p256_sub(res_y, U2, res_x); + + add $a_ptr,sp,#$Hcub + add $b_ptr,sp,#$S1 + add $r_ptr,sp,#$S2 + bl _ecp_nistz256_mul_mont @ p256_mul_mont(S2, S1, Hcub); + + add $a_ptr,sp,#$R + add $b_ptr,sp,#$res_y + add $r_ptr,sp,#$res_y + bl _ecp_nistz256_mul_mont @ p256_mul_mont(res_y, res_y, R); + + add $b_ptr,sp,#$S2 + bl __ecp_nistz256_sub_from @ p256_sub(res_y, res_y, S2); + + ldr r11,[sp,#32*18+4] @ !in1intfy + ldr r12,[sp,#32*18+8] @ !in2intfy + add r1,sp,#$res_x + add r2,sp,#$in2_x + and r10,r11,r12 + mvn r11,r11 + add r3,sp,#$in1_x + and r11,r11,r12 + mvn r12,r12 + ldr $r_ptr,[sp,#32*18] +___ +for($i=0;$i<96;$i+=8) { # conditional moves +$code.=<<___; + ldmia r1!,{r4-r5} @ res_x + ldmia r2!,{r6-r7} @ in2_x + ldmia r3!,{r8-r9} @ in1_x + and r4,r4,r10 + and r5,r5,r10 + and r6,r6,r11 + and r7,r7,r11 + and r8,r8,r12 + and r9,r9,r12 + orr r4,r4,r6 + orr r5,r5,r7 + orr r4,r4,r8 + orr r5,r5,r9 + stmia $r_ptr!,{r4-r5} +___ +} +$code.=<<___; +.Ladd_done: + add sp,sp,#32*18+16 @ +16 means "skip even over saved r0-r3" +#if __ARM_ARCH__>=5 || defined(__thumb__) + ldmia sp!,{r4-r12,pc} +#else + ldmia sp!,{r4-r12,lr} + bx lr @ interoperable with Thumb ISA:-) +#endif +.size ecp_nistz256_point_add,.-ecp_nistz256_point_add +___ +} + +######################################################################## +# void ecp_nistz256_point_add_affine(P256_POINT *out,const P256_POINT *in1, +# const P256_POINT_AFFINE *in2); +{ +my ($res_x,$res_y,$res_z, + $in1_x,$in1_y,$in1_z, + $in2_x,$in2_y, + $U2,$S2,$H,$R,$Hsqr,$Hcub,$Rsqr)=map(32*$_,(0..14)); +my $Z1sqr = $S2; +# above map() describes stack layout with 18 temporary +# 256-bit vectors on top. Then note that we push +# starting from r0, which means that we have copy of +# input arguments just below these temporary vectors. +# We use two of them for !in1infty, !in2intfy. + +my @ONE_mont=(1,0,0,-1,-1,-1,-2,0); + +$code.=<<___; +.globl ecp_nistz256_point_add_affine +.type ecp_nistz256_point_add_affine,%function +.align 5 +ecp_nistz256_point_add_affine: + stmdb sp!,{r0-r12,lr} @ push from r0, unusual, but intentional + sub sp,sp,#32*15 + + ldmia $a_ptr!,{r4-r11} @ copy in1 + add r3,sp,#$in1_x + orr r12,r4,r5 + orr r12,r12,r6 + orr r12,r12,r7 + orr r12,r12,r8 + orr r12,r12,r9 + orr r12,r12,r10 + orr r12,r12,r11 + stmia r3!,{r4-r11} + ldmia $a_ptr!,{r4-r11} + orr r12,r12,r4 + orr r12,r12,r5 + orr r12,r12,r6 + orr r12,r12,r7 + orr r12,r12,r8 + orr r12,r12,r9 + orr r12,r12,r10 + orr r12,r12,r11 + stmia r3!,{r4-r11} + ldmia $a_ptr,{r4-r11} + cmp r12,#0 + movne r12,#-1 + stmia r3,{r4-r11} + str r12,[sp,#32*15+4] @ !in1infty + + ldmia $b_ptr!,{r4-r11} @ copy in2 + add r3,sp,#$in2_x + orr r12,r4,r5 + orr r12,r12,r6 + orr r12,r12,r7 + orr r12,r12,r8 + orr r12,r12,r9 + orr r12,r12,r10 + orr r12,r12,r11 + stmia r3!,{r4-r11} + ldmia $b_ptr!,{r4-r11} + orr r12,r12,r4 + orr r12,r12,r5 + orr r12,r12,r6 + orr r12,r12,r7 + orr r12,r12,r8 + orr r12,r12,r9 + orr r12,r12,r10 + orr r12,r12,r11 + stmia r3!,{r4-r11} + cmp r12,#0 + movne r12,#-1 + str r12,[sp,#32*15+8] @ !in2infty + + add $a_ptr,sp,#$in1_z + add $b_ptr,sp,#$in1_z + add $r_ptr,sp,#$Z1sqr + bl _ecp_nistz256_mul_mont @ p256_sqr_mont(Z1sqr, in1_z); + + add $a_ptr,sp,#$Z1sqr + add $b_ptr,sp,#$in2_x + add $r_ptr,sp,#$U2 + bl _ecp_nistz256_mul_mont @ p256_mul_mont(U2, Z1sqr, in2_x); + + add $b_ptr,sp,#$in1_x + add $r_ptr,sp,#$H + bl __ecp_nistz256_sub_from @ p256_sub(H, U2, in1_x); + + add $a_ptr,sp,#$Z1sqr + add $b_ptr,sp,#$in1_z + add $r_ptr,sp,#$S2 + bl _ecp_nistz256_mul_mont @ p256_mul_mont(S2, Z1sqr, in1_z); + + add $a_ptr,sp,#$H + add $b_ptr,sp,#$in1_z + add $r_ptr,sp,#$res_z + bl _ecp_nistz256_mul_mont @ p256_mul_mont(res_z, H, in1_z); + + add $a_ptr,sp,#$in2_y + add $b_ptr,sp,#$S2 + add $r_ptr,sp,#$S2 + bl _ecp_nistz256_mul_mont @ p256_mul_mont(S2, S2, in2_y); + + add $b_ptr,sp,#$in1_y + add $r_ptr,sp,#$R + bl __ecp_nistz256_sub_from @ p256_sub(R, S2, in1_y); + + add $a_ptr,sp,#$H + add $b_ptr,sp,#$H + add $r_ptr,sp,#$Hsqr + bl _ecp_nistz256_mul_mont @ p256_sqr_mont(Hsqr, H); + + add $a_ptr,sp,#$R + add $b_ptr,sp,#$R + add $r_ptr,sp,#$Rsqr + bl _ecp_nistz256_mul_mont @ p256_sqr_mont(Rsqr, R); + + add $a_ptr,sp,#$H + add $b_ptr,sp,#$Hsqr + add $r_ptr,sp,#$Hcub + bl _ecp_nistz256_mul_mont @ p256_mul_mont(Hcub, Hsqr, H); + + add $a_ptr,sp,#$Hsqr + add $b_ptr,sp,#$in1_x + add $r_ptr,sp,#$U2 + bl _ecp_nistz256_mul_mont @ p256_mul_mont(U2, in1_x, Hsqr); + + add $r_ptr,sp,#$Hsqr + bl __ecp_nistz256_mul_by_2 @ p256_mul_by_2(Hsqr, U2); + + add $b_ptr,sp,#$Rsqr + add $r_ptr,sp,#$res_x + bl __ecp_nistz256_sub_morf @ p256_sub(res_x, Rsqr, Hsqr); + + add $b_ptr,sp,#$Hcub + bl __ecp_nistz256_sub_from @ p256_sub(res_x, res_x, Hcub); + + add $b_ptr,sp,#$U2 + add $r_ptr,sp,#$res_y + bl __ecp_nistz256_sub_morf @ p256_sub(res_y, U2, res_x); + + add $a_ptr,sp,#$Hcub + add $b_ptr,sp,#$in1_y + add $r_ptr,sp,#$S2 + bl _ecp_nistz256_mul_mont @ p256_mul_mont(S2, in1_y, Hcub); + + add $a_ptr,sp,#$R + add $b_ptr,sp,#$res_y + add $r_ptr,sp,#$res_y + bl _ecp_nistz256_mul_mont @ p256_mul_mont(res_y, res_y, R); + + add $b_ptr,sp,#$S2 + bl __ecp_nistz256_sub_from @ p256_sub(res_y, res_y, S2); + + ldr r11,[sp,#32*15+4] @ !in1intfy + ldr r12,[sp,#32*15+8] @ !in2intfy + add r1,sp,#$res_x + add r2,sp,#$in2_x + and r10,r11,r12 + mvn r11,r11 + add r3,sp,#$in1_x + and r11,r11,r12 + mvn r12,r12 + ldr $r_ptr,[sp,#32*15] +___ +for($i=0;$i<64;$i+=8) { # conditional moves +$code.=<<___; + ldmia r1!,{r4-r5} @ res_x + ldmia r2!,{r6-r7} @ in2_x + ldmia r3!,{r8-r9} @ in1_x + and r4,r4,r10 + and r5,r5,r10 + and r6,r6,r11 + and r7,r7,r11 + and r8,r8,r12 + and r9,r9,r12 + orr r4,r4,r6 + orr r5,r5,r7 + orr r4,r4,r8 + orr r5,r5,r9 + stmia $r_ptr!,{r4-r5} +___ +} +for(;$i<96;$i+=8) { +my $j=($i-64)/4; +$code.=<<___; + ldmia r1!,{r4-r5} @ res_z + ldmia r3!,{r8-r9} @ in1_z + and r4,r4,r10 + and r5,r5,r10 + and r6,r11,#@ONE_mont[$j] + and r7,r11,#@ONE_mont[$j+1] + and r8,r8,r12 + and r9,r9,r12 + orr r4,r4,r6 + orr r5,r5,r7 + orr r4,r4,r8 + orr r5,r5,r9 + stmia $r_ptr!,{r4-r5} +___ +} +$code.=<<___; + add sp,sp,#32*15+16 @ +16 means "skip even over saved r0-r3" +#if __ARM_ARCH__>=5 || !defined(__thumb__) + ldmia sp!,{r4-r12,pc} +#else + ldmia sp!,{r4-r12,lr} + bx lr @ interoperable with Thumb ISA:-) +#endif +.size ecp_nistz256_point_add_affine,.-ecp_nistz256_point_add_affine +___ +} }}} + +foreach (split("\n",$code)) { + s/\`([^\`]*)\`/eval $1/geo; + + s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/geo; + + print $_,"\n"; +} +close STDOUT; # enforce flush From rsalz at openssl.org Thu Feb 12 16:15:17 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 12 Feb 2015 17:15:17 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150212161517.E8BF61DF1AB@butler.localdomain> The branch master has been updated via 1d2932de4cefcc200f175863a42c311916269981 (commit) from 7b4a4b71b52c704580f5ef043017f06d4fb97e7e (commit) - Log ----------------------------------------------------------------- commit 1d2932de4cefcc200f175863a42c311916269981 Author: Eric Dequin Date: Thu Feb 12 10:44:30 2015 -0500 Missing OPENSSL_free on error path. Reviewed-by: Andy Polyakov Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: ssl/t1_enc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 0c49619..7333ba9 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -649,6 +649,7 @@ int tls1_setup_key_block(SSL *s) if ((p2 = (unsigned char *)OPENSSL_malloc(num)) == NULL) { SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE); + OPENSSL_free(p1); goto err; } #ifdef TLS_DEBUG From rsalz at openssl.org Thu Feb 12 16:15:36 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 12 Feb 2015 17:15:36 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150212161536.A011C1DF1AB@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via 62bfff2d99a59bdc2ae8cb8764deab4ec026c70b (commit) from 95929797a01eb4ad42694f1f848bdbb9decbcefe (commit) - Log ----------------------------------------------------------------- commit 62bfff2d99a59bdc2ae8cb8764deab4ec026c70b Author: Eric Dequin Date: Thu Feb 12 10:44:30 2015 -0500 Missing OPENSSL_free on error path. Reviewed-by: Andy Polyakov Reviewed-by: Richard Levitte (cherry picked from commit 1d2932de4cefcc200f175863a42c311916269981) ----------------------------------------------------------------------- Summary of changes: ssl/t1_enc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 0f5baa6..e1a3607 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -650,6 +650,7 @@ int tls1_setup_key_block(SSL *s) if ((p2 = (unsigned char *)OPENSSL_malloc(num)) == NULL) { SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE); + OPENSSL_free(p1); goto err; } #ifdef TLS_DEBUG From rsalz at openssl.org Thu Feb 12 16:15:50 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 12 Feb 2015 17:15:50 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <20150212161550.8E48F1DF1AB@butler.localdomain> The branch OpenSSL_1_0_1-stable has been updated via a1331af032ff038a8e2a111c54f7d0722a0f7a49 (commit) from e48e86232e20cb3352e83c36555f1ab748605ee5 (commit) - Log ----------------------------------------------------------------- commit a1331af032ff038a8e2a111c54f7d0722a0f7a49 Author: Eric Dequin Date: Thu Feb 12 10:44:30 2015 -0500 Missing OPENSSL_free on error path. Reviewed-by: Andy Polyakov Reviewed-by: Richard Levitte (cherry picked from commit 1d2932de4cefcc200f175863a42c311916269981) ----------------------------------------------------------------------- Summary of changes: ssl/t1_enc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 99d830d..741dc0b 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -631,6 +631,7 @@ int tls1_setup_key_block(SSL *s) if ((p2 = (unsigned char *)OPENSSL_malloc(num)) == NULL) { SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE); + OPENSSL_free(p1); goto err; } #ifdef TLS_DEBUG From rsalz at openssl.org Thu Feb 12 17:50:23 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 12 Feb 2015 18:50:23 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150212175023.EE8091DF1AB@butler.localdomain> The branch master has been updated via 5006c32253483ba232dd441c28624801195cd7b5 (commit) from 1d2932de4cefcc200f175863a42c311916269981 (commit) - Log ----------------------------------------------------------------- commit 5006c32253483ba232dd441c28624801195cd7b5 Author: Clang via Jeffrey Walton Date: Thu Feb 12 11:20:48 2015 -0500 RT3684: rand_egd needs stddef.h And remove backup definition of offsetof. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/rand/rand_egd.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c index 53d7a2b..44ed4bb 100644 --- a/crypto/rand/rand_egd.c +++ b/crypto/rand/rand_egd.c @@ -113,6 +113,7 @@ int RAND_egd_bytes(const char *path, int bytes) #else # include # include OPENSSL_UNISTD +# include # include # include # ifndef NO_SYS_UN_H @@ -130,10 +131,6 @@ struct sockaddr_un { # include # include -# ifndef offsetof -# define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER) -# endif - int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) { int ret = 0; From rsalz at openssl.org Thu Feb 12 18:01:22 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 12 Feb 2015 19:01:22 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150212180122.CD6BC1DF1AB@butler.localdomain> The branch master has been updated via b0333e697c008d639c56f48e9148cb8cba957e32 (commit) from 5006c32253483ba232dd441c28624801195cd7b5 (commit) - Log ----------------------------------------------------------------- commit b0333e697c008d639c56f48e9148cb8cba957e32 Author: Graeme Perrow Date: Thu Feb 12 13:00:42 2015 -0500 RT3670: Check return from BUF_MEM_grow_clean Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/conf/conf_def.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 59053e8..c8744e6 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -570,7 +570,11 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) CONFerr(CONF_F_STR_COPY, CONF_R_VARIABLE_HAS_NO_VALUE); goto err; } - BUF_MEM_grow_clean(buf, (strlen(p) + buf->length - (e - from))); + if (!BUF_MEM_grow_clean(buf, + (strlen(p) + buf->length - (e - from)))) { + CONFerr(CONF_F_STR_COPY, ERR_R_MALLOC_FAILURE); + goto err; + } while (*p) buf->data[to++] = *(p++); From rsalz at openssl.org Thu Feb 12 18:01:40 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 12 Feb 2015 19:01:40 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150212180140.3775D1DF1AB@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via ee1ccd0a41ad068957fe65ba7521e593b51bbad4 (commit) from 62bfff2d99a59bdc2ae8cb8764deab4ec026c70b (commit) - Log ----------------------------------------------------------------- commit ee1ccd0a41ad068957fe65ba7521e593b51bbad4 Author: Graeme Perrow Date: Thu Feb 12 13:00:42 2015 -0500 RT3670: Check return from BUF_MEM_grow_clean Reviewed-by: Richard Levitte (cherry picked from commit b0333e697c008d639c56f48e9148cb8cba957e32) ----------------------------------------------------------------------- Summary of changes: crypto/conf/conf_def.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index e3ffeb2..faca9ae 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -585,7 +585,11 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) CONFerr(CONF_F_STR_COPY, CONF_R_VARIABLE_HAS_NO_VALUE); goto err; } - BUF_MEM_grow_clean(buf, (strlen(p) + buf->length - (e - from))); + if (!BUF_MEM_grow_clean(buf, + (strlen(p) + buf->length - (e - from)))) { + CONFerr(CONF_F_STR_COPY, ERR_R_MALLOC_FAILURE); + goto err; + } while (*p) buf->data[to++] = *(p++); From rsalz at openssl.org Thu Feb 12 18:02:05 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 12 Feb 2015 19:02:05 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <20150212180205.544CB1DF1AB@butler.localdomain> The branch OpenSSL_1_0_1-stable has been updated via bb14c2c9cac6050e231d6ea88a82232270101021 (commit) from a1331af032ff038a8e2a111c54f7d0722a0f7a49 (commit) - Log ----------------------------------------------------------------- commit bb14c2c9cac6050e231d6ea88a82232270101021 Author: Graeme Perrow Date: Thu Feb 12 13:00:42 2015 -0500 RT3670: Check return from BUF_MEM_grow_clean Reviewed-by: Richard Levitte (cherry picked from commit b0333e697c008d639c56f48e9148cb8cba957e32) ----------------------------------------------------------------------- Summary of changes: crypto/conf/conf_def.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index e3ffeb2..faca9ae 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -585,7 +585,11 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) CONFerr(CONF_F_STR_COPY, CONF_R_VARIABLE_HAS_NO_VALUE); goto err; } - BUF_MEM_grow_clean(buf, (strlen(p) + buf->length - (e - from))); + if (!BUF_MEM_grow_clean(buf, + (strlen(p) + buf->length - (e - from)))) { + CONFerr(CONF_F_STR_COPY, ERR_R_MALLOC_FAILURE); + goto err; + } while (*p) buf->data[to++] = *(p++); From appro at openssl.org Thu Feb 12 18:27:18 2015 From: appro at openssl.org (Andy Polyakov) Date: Thu, 12 Feb 2015 19:27:18 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150212182718.422571DF1AB@butler.localdomain> The branch master has been updated via 2b8f33a5741e5c6eab5053140a79673bf972bc13 (commit) from b0333e697c008d639c56f48e9148cb8cba957e32 (commit) - Log ----------------------------------------------------------------- commit 2b8f33a5741e5c6eab5053140a79673bf972bc13 Author: Andy Polyakov Date: Thu Feb 12 19:26:37 2015 +0100 evp/evp.h: add missing camellia-ctr declarations. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/evp/evp.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index f12e866..0dbd420 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -909,6 +909,7 @@ const EVP_CIPHER *EVP_camellia_128_cfb8(void); const EVP_CIPHER *EVP_camellia_128_cfb128(void); # define EVP_camellia_128_cfb EVP_camellia_128_cfb128 const EVP_CIPHER *EVP_camellia_128_ofb(void); +const EVP_CIPHER *EVP_camellia_128_ctr(void); const EVP_CIPHER *EVP_camellia_192_ecb(void); const EVP_CIPHER *EVP_camellia_192_cbc(void); const EVP_CIPHER *EVP_camellia_192_cfb1(void); @@ -916,6 +917,7 @@ const EVP_CIPHER *EVP_camellia_192_cfb8(void); const EVP_CIPHER *EVP_camellia_192_cfb128(void); # define EVP_camellia_192_cfb EVP_camellia_192_cfb128 const EVP_CIPHER *EVP_camellia_192_ofb(void); +const EVP_CIPHER *EVP_camellia_192_ctr(void); const EVP_CIPHER *EVP_camellia_256_ecb(void); const EVP_CIPHER *EVP_camellia_256_cbc(void); const EVP_CIPHER *EVP_camellia_256_cfb1(void); @@ -923,6 +925,7 @@ const EVP_CIPHER *EVP_camellia_256_cfb8(void); const EVP_CIPHER *EVP_camellia_256_cfb128(void); # define EVP_camellia_256_cfb EVP_camellia_256_cfb128 const EVP_CIPHER *EVP_camellia_256_ofb(void); +const EVP_CIPHER *EVP_camellia_256_ctr(void); # endif # ifndef OPENSSL_NO_SEED From rsalz at openssl.org Thu Feb 12 19:24:13 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 12 Feb 2015 20:24:13 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150212192413.6ECE41DF1AB@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via 872f91c4036e35d292d423e751741ba76f8c5594 (commit) from ee1ccd0a41ad068957fe65ba7521e593b51bbad4 (commit) - Log ----------------------------------------------------------------- commit 872f91c4036e35d292d423e751741ba76f8c5594 Author: Rich Salz Date: Thu Feb 12 14:23:28 2015 -0500 RT3684: rand_egd needs stddef.h Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: crypto/rand/rand_egd.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c index 1b6e501..737aebf 100644 --- a/crypto/rand/rand_egd.c +++ b/crypto/rand/rand_egd.c @@ -113,6 +113,7 @@ int RAND_egd_bytes(const char *path, int bytes) #else # include # include OPENSSL_UNISTD +# include # include # include # ifndef NO_SYS_UN_H From rsalz at openssl.org Thu Feb 12 19:24:31 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 12 Feb 2015 20:24:31 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <20150212192431.D373F1DF1AB@butler.localdomain> The branch OpenSSL_1_0_1-stable has been updated via a9ea906654c616908f1195f1396c5bf5cf7fe646 (commit) from bb14c2c9cac6050e231d6ea88a82232270101021 (commit) - Log ----------------------------------------------------------------- commit a9ea906654c616908f1195f1396c5bf5cf7fe646 Author: Rich Salz Date: Thu Feb 12 14:23:28 2015 -0500 RT3684: rand_egd needs stddef.h Reviewed-by: Andy Polyakov (cherry picked from commit 872f91c4036e35d292d423e751741ba76f8c5594) ----------------------------------------------------------------------- Summary of changes: crypto/rand/rand_egd.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c index 1b6e501..737aebf 100644 --- a/crypto/rand/rand_egd.c +++ b/crypto/rand/rand_egd.c @@ -113,6 +113,7 @@ int RAND_egd_bytes(const char *path, int bytes) #else # include # include OPENSSL_UNISTD +# include # include # include # ifndef NO_SYS_UN_H From rsalz at openssl.org Thu Feb 12 19:40:43 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 12 Feb 2015 20:40:43 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150212194043.1A0FF1DF1AB@butler.localdomain> The branch master has been updated via c81f425eaa09dcf3f1f55a008c0486d7b742f20d (commit) from 2b8f33a5741e5c6eab5053140a79673bf972bc13 (commit) - Log ----------------------------------------------------------------- commit c81f425eaa09dcf3f1f55a008c0486d7b742f20d Author: Rich Salz Date: Thu Feb 12 14:38:31 2015 -0500 RT937: Enable pilotAttributeType uniqueIdentifier Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/objects/obj_dat.h | 3266 ++++++++++++++++++++++---------------------- crypto/objects/obj_mac.h | 5 + crypto/objects/objects.txt | 3 +- 3 files changed, 1641 insertions(+), 1633 deletions(-) diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 336daef..bf5496e 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -63,11 +63,11 @@ */ #define NUM_NID 973 -#define NUM_SN 966 -#define NUM_LN 966 -#define NUM_OBJ 902 +#define NUM_SN 967 +#define NUM_LN 967 +#define NUM_OBJ 903 -static const unsigned char lvalues[6351]={ +static const unsigned char lvalues[6361]={ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ @@ -151,819 +151,820 @@ static const unsigned char lvalues[6351]={ 0x55,0x04,0x2A, /* [534] OBJ_givenName */ 0x55,0x04,0x04, /* [537] OBJ_surname */ 0x55,0x04,0x2B, /* [540] OBJ_initials */ -0x55,0x1D,0x1F, /* [543] OBJ_crl_distribution_points */ -0x2B,0x0E,0x03,0x02,0x03, /* [546] OBJ_md5WithRSA */ -0x55,0x04,0x05, /* [551] OBJ_serialNumber */ -0x55,0x04,0x0C, /* [554] OBJ_title */ -0x55,0x04,0x0D, /* [557] OBJ_description */ -0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0A,/* [560] OBJ_cast5_cbc */ -0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0C,/* [569] OBJ_pbeWithMD5AndCast5_CBC */ -0x2A,0x86,0x48,0xCE,0x38,0x04,0x03, /* [578] OBJ_dsaWithSHA1 */ -0x2B,0x0E,0x03,0x02,0x1D, /* [585] OBJ_sha1WithRSA */ -0x2A,0x86,0x48,0xCE,0x38,0x04,0x01, /* [590] OBJ_dsa */ -0x2B,0x24,0x03,0x02,0x01, /* [597] OBJ_ripemd160 */ -0x2B,0x24,0x03,0x03,0x01,0x02, /* [602] OBJ_ripemd160WithRSA */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08, /* [608] OBJ_rc5_cbc */ -0x29,0x01,0x01,0x85,0x1A,0x01, /* [616] OBJ_rle_compression */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x08,/* [622] OBJ_zlib_compression */ -0x55,0x1D,0x25, /* [633] OBJ_ext_key_usage */ -0x2B,0x06,0x01,0x05,0x05,0x07, /* [636] OBJ_id_pkix */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03, /* [642] OBJ_id_kp */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01, /* [649] OBJ_server_auth */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02, /* [657] OBJ_client_auth */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03, /* [665] OBJ_code_sign */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04, /* [673] OBJ_email_protect */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08, /* [681] OBJ_time_stamp */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,/* [689] OBJ_ms_code_ind */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,/* [699] OBJ_ms_code_com */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,/* [709] OBJ_ms_ctl_sign */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [719] OBJ_ms_sgc */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [729] OBJ_ms_efs */ -0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [739] OBJ_ns_sgc */ -0x55,0x1D,0x1B, /* [748] OBJ_delta_crl */ -0x55,0x1D,0x15, /* [751] OBJ_crl_reason */ -0x55,0x1D,0x18, /* [754] OBJ_invalidity_date */ -0x2B,0x65,0x01,0x04,0x01, /* [757] OBJ_sxnet */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01,/* [762] OBJ_pbe_WithSHA1And128BitRC4 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02,/* [772] OBJ_pbe_WithSHA1And40BitRC4 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03,/* [782] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04,/* [792] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05,/* [802] OBJ_pbe_WithSHA1And128BitRC2_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06,/* [812] OBJ_pbe_WithSHA1And40BitRC2_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01,/* [822] OBJ_keyBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02,/* [833] OBJ_pkcs8ShroudedKeyBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03,/* [844] OBJ_certBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04,/* [855] OBJ_crlBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05,/* [866] OBJ_secretBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06,/* [877] OBJ_safeContentsBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14,/* [888] OBJ_friendlyName */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15,/* [897] OBJ_localKeyID */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01,/* [906] OBJ_x509Certificate */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02,/* [916] OBJ_sdsiCertificate */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01,/* [926] OBJ_x509Crl */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D,/* [936] OBJ_pbes2 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E,/* [945] OBJ_pbmac1 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07, /* [954] OBJ_hmacWithSHA1 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01, /* [962] OBJ_id_qt_cps */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02, /* [970] OBJ_id_qt_unotice */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F,/* [978] OBJ_SMIMECapabilities */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04,/* [987] OBJ_pbeWithMD2AndRC2_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06,/* [996] OBJ_pbeWithMD5AndRC2_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A,/* [1005] OBJ_pbeWithSHA1AndDES_CBC */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E,/* [1014] OBJ_ms_ext_req */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E,/* [1024] OBJ_ext_req */ -0x55,0x04,0x29, /* [1033] OBJ_name */ -0x55,0x04,0x2E, /* [1036] OBJ_dnQualifier */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01, /* [1039] OBJ_id_pe */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30, /* [1046] OBJ_id_ad */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01, /* [1053] OBJ_info_access */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01, /* [1061] OBJ_ad_OCSP */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02, /* [1069] OBJ_ad_ca_issuers */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09, /* [1077] OBJ_OCSP_sign */ -0x2A, /* [1085] OBJ_member_body */ -0x2A,0x86,0x48, /* [1086] OBJ_ISO_US */ -0x2A,0x86,0x48,0xCE,0x38, /* [1089] OBJ_X9_57 */ -0x2A,0x86,0x48,0xCE,0x38,0x04, /* [1094] OBJ_X9cm */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01, /* [1100] OBJ_pkcs1 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05, /* [1108] OBJ_pkcs5 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,/* [1116] OBJ_SMIME */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,/* [1125] OBJ_id_smime_mod */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,/* [1135] OBJ_id_smime_ct */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,/* [1145] OBJ_id_smime_aa */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,/* [1155] OBJ_id_smime_alg */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,/* [1165] OBJ_id_smime_cd */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,/* [1175] OBJ_id_smime_spq */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,/* [1185] OBJ_id_smime_cti */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01,/* [1195] OBJ_id_smime_mod_cms */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02,/* [1206] OBJ_id_smime_mod_ess */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03,/* [1217] OBJ_id_smime_mod_oid */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04,/* [1228] OBJ_id_smime_mod_msg_v3 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05,/* [1239] OBJ_id_smime_mod_ets_eSignature_88 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06,/* [1250] OBJ_id_smime_mod_ets_eSignature_97 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07,/* [1261] OBJ_id_smime_mod_ets_eSigPolicy_88 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08,/* [1272] OBJ_id_smime_mod_ets_eSigPolicy_97 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01,/* [1283] OBJ_id_smime_ct_receipt */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02,/* [1294] OBJ_id_smime_ct_authData */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03,/* [1305] OBJ_id_smime_ct_publishCert */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04,/* [1316] OBJ_id_smime_ct_TSTInfo */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05,/* [1327] OBJ_id_smime_ct_TDTInfo */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06,/* [1338] OBJ_id_smime_ct_contentInfo */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07,/* [1349] OBJ_id_smime_ct_DVCSRequestData */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08,/* [1360] OBJ_id_smime_ct_DVCSResponseData */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01,/* [1371] OBJ_id_smime_aa_receiptRequest */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02,/* [1382] OBJ_id_smime_aa_securityLabel */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03,/* [1393] OBJ_id_smime_aa_mlExpandHistory */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04,/* [1404] OBJ_id_smime_aa_contentHint */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05,/* [1415] OBJ_id_smime_aa_msgSigDigest */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06,/* [1426] OBJ_id_smime_aa_encapContentType */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07,/* [1437] OBJ_id_smime_aa_contentIdentifier */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08,/* [1448] OBJ_id_smime_aa_macValue */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09,/* [1459] OBJ_id_smime_aa_equivalentLabels */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A,/* [1470] OBJ_id_smime_aa_contentReference */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B,/* [1481] OBJ_id_smime_aa_encrypKeyPref */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C,/* [1492] OBJ_id_smime_aa_signingCertificate */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D,/* [1503] OBJ_id_smime_aa_smimeEncryptCerts */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E,/* [1514] OBJ_id_smime_aa_timeStampToken */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F,/* [1525] OBJ_id_smime_aa_ets_sigPolicyId */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10,/* [1536] OBJ_id_smime_aa_ets_commitmentType */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11,/* [1547] OBJ_id_smime_aa_ets_signerLocation */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12,/* [1558] OBJ_id_smime_aa_ets_signerAttr */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13,/* [1569] OBJ_id_smime_aa_ets_otherSigCert */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14,/* [1580] OBJ_id_smime_aa_ets_contentTimestamp */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15,/* [1591] OBJ_id_smime_aa_ets_CertificateRefs */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16,/* [1602] OBJ_id_smime_aa_ets_RevocationRefs */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17,/* [1613] OBJ_id_smime_aa_ets_certValues */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18,/* [1624] OBJ_id_smime_aa_ets_revocationValues */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19,/* [1635] OBJ_id_smime_aa_ets_escTimeStamp */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A,/* [1646] OBJ_id_smime_aa_ets_certCRLTimestamp */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B,/* [1657] OBJ_id_smime_aa_ets_archiveTimeStamp */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C,/* [1668] OBJ_id_smime_aa_signatureType */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D,/* [1679] OBJ_id_smime_aa_dvcs_dvc */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01,/* [1690] OBJ_id_smime_alg_ESDHwith3DES */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02,/* [1701] OBJ_id_smime_alg_ESDHwithRC2 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03,/* [1712] OBJ_id_smime_alg_3DESwrap */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04,/* [1723] OBJ_id_smime_alg_RC2wrap */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05,/* [1734] OBJ_id_smime_alg_ESDH */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06,/* [1745] OBJ_id_smime_alg_CMS3DESwrap */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07,/* [1756] OBJ_id_smime_alg_CMSRC2wrap */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01,/* [1767] OBJ_id_smime_cd_ldap */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01,/* [1778] OBJ_id_smime_spq_ets_sqt_uri */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02,/* [1789] OBJ_id_smime_spq_ets_sqt_unotice */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01,/* [1800] OBJ_id_smime_cti_ets_proofOfOrigin */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02,/* [1811] OBJ_id_smime_cti_ets_proofOfReceipt */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03,/* [1822] OBJ_id_smime_cti_ets_proofOfDelivery */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04,/* [1833] OBJ_id_smime_cti_ets_proofOfSender */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05,/* [1844] OBJ_id_smime_cti_ets_proofOfApproval */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06,/* [1855] OBJ_id_smime_cti_ets_proofOfCreation */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04, /* [1866] OBJ_md4 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00, /* [1874] OBJ_id_pkix_mod */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x02, /* [1881] OBJ_id_qt */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04, /* [1888] OBJ_id_it */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05, /* [1895] OBJ_id_pkip */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x06, /* [1902] OBJ_id_alg */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07, /* [1909] OBJ_id_cmc */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x08, /* [1916] OBJ_id_on */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09, /* [1923] OBJ_id_pda */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A, /* [1930] OBJ_id_aca */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0B, /* [1937] OBJ_id_qcs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0C, /* [1944] OBJ_id_cct */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01, /* [1951] OBJ_id_pkix1_explicit_88 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02, /* [1959] OBJ_id_pkix1_implicit_88 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03, /* [1967] OBJ_id_pkix1_explicit_93 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04, /* [1975] OBJ_id_pkix1_implicit_93 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05, /* [1983] OBJ_id_mod_crmf */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06, /* [1991] OBJ_id_mod_cmc */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07, /* [1999] OBJ_id_mod_kea_profile_88 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08, /* [2007] OBJ_id_mod_kea_profile_93 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09, /* [2015] OBJ_id_mod_cmp */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A, /* [2023] OBJ_id_mod_qualified_cert_88 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B, /* [2031] OBJ_id_mod_qualified_cert_93 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C, /* [2039] OBJ_id_mod_attribute_cert */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D, /* [2047] OBJ_id_mod_timestamp_protocol */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E, /* [2055] OBJ_id_mod_ocsp */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F, /* [2063] OBJ_id_mod_dvcs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10, /* [2071] OBJ_id_mod_cmp2000 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02, /* [2079] OBJ_biometricInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03, /* [2087] OBJ_qcStatements */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04, /* [2095] OBJ_ac_auditEntity */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05, /* [2103] OBJ_ac_targeting */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06, /* [2111] OBJ_aaControls */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07, /* [2119] OBJ_sbgp_ipAddrBlock */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08, /* [2127] OBJ_sbgp_autonomousSysNum */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09, /* [2135] OBJ_sbgp_routerIdentifier */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03, /* [2143] OBJ_textNotice */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05, /* [2151] OBJ_ipsecEndSystem */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06, /* [2159] OBJ_ipsecTunnel */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07, /* [2167] OBJ_ipsecUser */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A, /* [2175] OBJ_dvcs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01, /* [2183] OBJ_id_it_caProtEncCert */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02, /* [2191] OBJ_id_it_signKeyPairTypes */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03, /* [2199] OBJ_id_it_encKeyPairTypes */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04, /* [2207] OBJ_id_it_preferredSymmAlg */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05, /* [2215] OBJ_id_it_caKeyUpdateInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06, /* [2223] OBJ_id_it_currentCRL */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07, /* [2231] OBJ_id_it_unsupportedOIDs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08, /* [2239] OBJ_id_it_subscriptionRequest */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09, /* [2247] OBJ_id_it_subscriptionResponse */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A, /* [2255] OBJ_id_it_keyPairParamReq */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B, /* [2263] OBJ_id_it_keyPairParamRep */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C, /* [2271] OBJ_id_it_revPassphrase */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D, /* [2279] OBJ_id_it_implicitConfirm */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E, /* [2287] OBJ_id_it_confirmWaitTime */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F, /* [2295] OBJ_id_it_origPKIMessage */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01, /* [2303] OBJ_id_regCtrl */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02, /* [2311] OBJ_id_regInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01,/* [2319] OBJ_id_regCtrl_regToken */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02,/* [2328] OBJ_id_regCtrl_authenticator */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03,/* [2337] OBJ_id_regCtrl_pkiPublicationInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04,/* [2346] OBJ_id_regCtrl_pkiArchiveOptions */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05,/* [2355] OBJ_id_regCtrl_oldCertID */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06,/* [2364] OBJ_id_regCtrl_protocolEncrKey */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01,/* [2373] OBJ_id_regInfo_utf8Pairs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02,/* [2382] OBJ_id_regInfo_certReq */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01, /* [2391] OBJ_id_alg_des40 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02, /* [2399] OBJ_id_alg_noSignature */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03, /* [2407] OBJ_id_alg_dh_sig_hmac_sha1 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04, /* [2415] OBJ_id_alg_dh_pop */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01, /* [2423] OBJ_id_cmc_statusInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02, /* [2431] OBJ_id_cmc_identification */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03, /* [2439] OBJ_id_cmc_identityProof */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04, /* [2447] OBJ_id_cmc_dataReturn */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05, /* [2455] OBJ_id_cmc_transactionId */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06, /* [2463] OBJ_id_cmc_senderNonce */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07, /* [2471] OBJ_id_cmc_recipientNonce */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08, /* [2479] OBJ_id_cmc_addExtensions */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09, /* [2487] OBJ_id_cmc_encryptedPOP */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A, /* [2495] OBJ_id_cmc_decryptedPOP */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B, /* [2503] OBJ_id_cmc_lraPOPWitness */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F, /* [2511] OBJ_id_cmc_getCert */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10, /* [2519] OBJ_id_cmc_getCRL */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11, /* [2527] OBJ_id_cmc_revokeRequest */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12, /* [2535] OBJ_id_cmc_regInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13, /* [2543] OBJ_id_cmc_responseInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15, /* [2551] OBJ_id_cmc_queryPending */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16, /* [2559] OBJ_id_cmc_popLinkRandom */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17, /* [2567] OBJ_id_cmc_popLinkWitness */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18, /* [2575] OBJ_id_cmc_confirmCertAcceptance */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01, /* [2583] OBJ_id_on_personalData */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01, /* [2591] OBJ_id_pda_dateOfBirth */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02, /* [2599] OBJ_id_pda_placeOfBirth */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03, /* [2607] OBJ_id_pda_gender */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04, /* [2615] OBJ_id_pda_countryOfCitizenship */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05, /* [2623] OBJ_id_pda_countryOfResidence */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01, /* [2631] OBJ_id_aca_authenticationInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02, /* [2639] OBJ_id_aca_accessIdentity */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03, /* [2647] OBJ_id_aca_chargingIdentity */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04, /* [2655] OBJ_id_aca_group */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05, /* [2663] OBJ_id_aca_role */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01, /* [2671] OBJ_id_qcs_pkixQCSyntax_v1 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01, /* [2679] OBJ_id_cct_crs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02, /* [2687] OBJ_id_cct_PKIData */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03, /* [2695] OBJ_id_cct_PKIResponse */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03, /* [2703] OBJ_ad_timeStamping */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04, /* [2711] OBJ_ad_dvcs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2719] OBJ_id_pkix_OCSP_basic */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2728] OBJ_id_pkix_OCSP_Nonce */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2737] OBJ_id_pkix_OCSP_CrlID */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2746] OBJ_id_pkix_OCSP_acceptableResponses */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2755] OBJ_id_pkix_OCSP_noCheck */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2764] OBJ_id_pkix_OCSP_archiveCutoff */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2773] OBJ_id_pkix_OCSP_serviceLocator */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2782] OBJ_id_pkix_OCSP_extendedStatus */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2791] OBJ_id_pkix_OCSP_valid */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2800] OBJ_id_pkix_OCSP_path */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2809] OBJ_id_pkix_OCSP_trustRoot */ -0x2B,0x0E,0x03,0x02, /* [2818] OBJ_algorithm */ -0x2B,0x0E,0x03,0x02,0x0B, /* [2822] OBJ_rsaSignature */ -0x55,0x08, /* [2827] OBJ_X500algorithms */ -0x2B, /* [2829] OBJ_org */ -0x2B,0x06, /* [2830] OBJ_dod */ -0x2B,0x06,0x01, /* [2832] OBJ_iana */ -0x2B,0x06,0x01,0x01, /* [2835] OBJ_Directory */ -0x2B,0x06,0x01,0x02, /* [2839] OBJ_Management */ -0x2B,0x06,0x01,0x03, /* [2843] OBJ_Experimental */ -0x2B,0x06,0x01,0x04, /* [2847] OBJ_Private */ -0x2B,0x06,0x01,0x05, /* [2851] OBJ_Security */ -0x2B,0x06,0x01,0x06, /* [2855] OBJ_SNMPv2 */ -0x2B,0x06,0x01,0x07, /* [2859] OBJ_Mail */ -0x2B,0x06,0x01,0x04,0x01, /* [2863] OBJ_Enterprises */ -0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,/* [2868] OBJ_dcObject */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2877] OBJ_domainComponent */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2887] OBJ_Domain */ -0x55,0x01,0x05, /* [2897] OBJ_selected_attribute_types */ -0x55,0x01,0x05,0x37, /* [2900] OBJ_clearance */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2904] OBJ_md4WithRSAEncryption */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A, /* [2913] OBJ_ac_proxying */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B, /* [2921] OBJ_sinfo_access */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06, /* [2929] OBJ_id_aca_encAttrs */ -0x55,0x04,0x48, /* [2937] OBJ_role */ -0x55,0x1D,0x24, /* [2940] OBJ_policy_constraints */ -0x55,0x1D,0x37, /* [2943] OBJ_target_information */ -0x55,0x1D,0x38, /* [2946] OBJ_no_rev_avail */ -0x2A,0x86,0x48,0xCE,0x3D, /* [2949] OBJ_ansi_X9_62 */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01, /* [2954] OBJ_X9_62_prime_field */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02, /* [2961] OBJ_X9_62_characteristic_two_field */ -0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01, /* [2968] OBJ_X9_62_id_ecPublicKey */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01, /* [2975] OBJ_X9_62_prime192v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02, /* [2983] OBJ_X9_62_prime192v2 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03, /* [2991] OBJ_X9_62_prime192v3 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04, /* [2999] OBJ_X9_62_prime239v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05, /* [3007] OBJ_X9_62_prime239v2 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06, /* [3015] OBJ_X9_62_prime239v3 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07, /* [3023] OBJ_X9_62_prime256v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01, /* [3031] OBJ_ecdsa_with_SHA1 */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01,/* [3038] OBJ_ms_csp_name */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01,/* [3047] OBJ_aes_128_ecb */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02,/* [3056] OBJ_aes_128_cbc */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03,/* [3065] OBJ_aes_128_ofb128 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04,/* [3074] OBJ_aes_128_cfb128 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15,/* [3083] OBJ_aes_192_ecb */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16,/* [3092] OBJ_aes_192_cbc */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17,/* [3101] OBJ_aes_192_ofb128 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18,/* [3110] OBJ_aes_192_cfb128 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29,/* [3119] OBJ_aes_256_ecb */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A,/* [3128] OBJ_aes_256_cbc */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B,/* [3137] OBJ_aes_256_ofb128 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C,/* [3146] OBJ_aes_256_cfb128 */ -0x55,0x1D,0x17, /* [3155] OBJ_hold_instruction_code */ -0x2A,0x86,0x48,0xCE,0x38,0x02,0x01, /* [3158] OBJ_hold_instruction_none */ -0x2A,0x86,0x48,0xCE,0x38,0x02,0x02, /* [3165] OBJ_hold_instruction_call_issuer */ -0x2A,0x86,0x48,0xCE,0x38,0x02,0x03, /* [3172] OBJ_hold_instruction_reject */ -0x09, /* [3179] OBJ_data */ -0x09,0x92,0x26, /* [3180] OBJ_pss */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C, /* [3183] OBJ_ucl */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64, /* [3190] OBJ_pilot */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,/* [3198] OBJ_pilotAttributeType */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,/* [3207] OBJ_pilotAttributeSyntax */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,/* [3216] OBJ_pilotObjectClass */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A,/* [3225] OBJ_pilotGroups */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04,/* [3234] OBJ_iA5StringSyntax */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05,/* [3244] OBJ_caseIgnoreIA5StringSyntax */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03,/* [3254] OBJ_pilotObject */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04,/* [3264] OBJ_pilotPerson */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05,/* [3274] OBJ_account */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06,/* [3284] OBJ_document */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07,/* [3294] OBJ_room */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09,/* [3304] OBJ_documentSeries */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E,/* [3314] OBJ_rFC822localPart */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F,/* [3324] OBJ_dNSDomain */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11,/* [3334] OBJ_domainRelatedObject */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12,/* [3344] OBJ_friendlyCountry */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13,/* [3354] OBJ_simpleSecurityObject */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14,/* [3364] OBJ_pilotOrganization */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15,/* [3374] OBJ_pilotDSA */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16,/* [3384] OBJ_qualityLabelledData */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01,/* [3394] OBJ_userId */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02,/* [3404] OBJ_textEncodedORAddress */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03,/* [3414] OBJ_rfc822Mailbox */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04,/* [3424] OBJ_info */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05,/* [3434] OBJ_favouriteDrink */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06,/* [3444] OBJ_roomNumber */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07,/* [3454] OBJ_photo */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08,/* [3464] OBJ_userClass */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09,/* [3474] OBJ_host */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A,/* [3484] OBJ_manager */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B,/* [3494] OBJ_documentIdentifier */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C,/* [3504] OBJ_documentTitle */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D,/* [3514] OBJ_documentVersion */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E,/* [3524] OBJ_documentAuthor */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F,/* [3534] OBJ_documentLocation */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14,/* [3544] OBJ_homeTelephoneNumber */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15,/* [3554] OBJ_secretary */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16,/* [3564] OBJ_otherMailbox */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17,/* [3574] OBJ_lastModifiedTime */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18,/* [3584] OBJ_lastModifiedBy */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A,/* [3594] OBJ_aRecord */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B,/* [3604] OBJ_pilotAttributeType27 */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C,/* [3614] OBJ_mXRecord */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D,/* [3624] OBJ_nSRecord */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E,/* [3634] OBJ_sOARecord */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F,/* [3644] OBJ_cNAMERecord */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25,/* [3654] OBJ_associatedDomain */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26,/* [3664] OBJ_associatedName */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27,/* [3674] OBJ_homePostalAddress */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28,/* [3684] OBJ_personalTitle */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29,/* [3694] OBJ_mobileTelephoneNumber */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A,/* [3704] OBJ_pagerTelephoneNumber */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B,/* [3714] OBJ_friendlyCountryName */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D,/* [3724] OBJ_organizationalStatus */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E,/* [3734] OBJ_janetMailbox */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F,/* [3744] OBJ_mailPreferenceOption */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30,/* [3754] OBJ_buildingName */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31,/* [3764] OBJ_dSAQuality */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32,/* [3774] OBJ_singleLevelQuality */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33,/* [3784] OBJ_subtreeMinimumQuality */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34,/* [3794] OBJ_subtreeMaximumQuality */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35,/* [3804] OBJ_personalSignature */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36,/* [3814] OBJ_dITRedirect */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37,/* [3824] OBJ_audio */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38,/* [3834] OBJ_documentPublisher */ -0x55,0x04,0x2D, /* [3844] OBJ_x500UniqueIdentifier */ -0x2B,0x06,0x01,0x07,0x01, /* [3847] OBJ_mime_mhs */ -0x2B,0x06,0x01,0x07,0x01,0x01, /* [3852] OBJ_mime_mhs_headings */ -0x2B,0x06,0x01,0x07,0x01,0x02, /* [3858] OBJ_mime_mhs_bodies */ -0x2B,0x06,0x01,0x07,0x01,0x01,0x01, /* [3864] OBJ_id_hex_partial_message */ -0x2B,0x06,0x01,0x07,0x01,0x01,0x02, /* [3871] OBJ_id_hex_multipart_message */ -0x55,0x04,0x2C, /* [3878] OBJ_generationQualifier */ -0x55,0x04,0x41, /* [3881] OBJ_pseudonym */ -0x67,0x2A, /* [3884] OBJ_id_set */ -0x67,0x2A,0x00, /* [3886] OBJ_set_ctype */ -0x67,0x2A,0x01, /* [3889] OBJ_set_msgExt */ -0x67,0x2A,0x03, /* [3892] OBJ_set_attr */ -0x67,0x2A,0x05, /* [3895] OBJ_set_policy */ -0x67,0x2A,0x07, /* [3898] OBJ_set_certExt */ -0x67,0x2A,0x08, /* [3901] OBJ_set_brand */ -0x67,0x2A,0x00,0x00, /* [3904] OBJ_setct_PANData */ -0x67,0x2A,0x00,0x01, /* [3908] OBJ_setct_PANToken */ -0x67,0x2A,0x00,0x02, /* [3912] OBJ_setct_PANOnly */ -0x67,0x2A,0x00,0x03, /* [3916] OBJ_setct_OIData */ -0x67,0x2A,0x00,0x04, /* [3920] OBJ_setct_PI */ -0x67,0x2A,0x00,0x05, /* [3924] OBJ_setct_PIData */ -0x67,0x2A,0x00,0x06, /* [3928] OBJ_setct_PIDataUnsigned */ -0x67,0x2A,0x00,0x07, /* [3932] OBJ_setct_HODInput */ -0x67,0x2A,0x00,0x08, /* [3936] OBJ_setct_AuthResBaggage */ -0x67,0x2A,0x00,0x09, /* [3940] OBJ_setct_AuthRevReqBaggage */ -0x67,0x2A,0x00,0x0A, /* [3944] OBJ_setct_AuthRevResBaggage */ -0x67,0x2A,0x00,0x0B, /* [3948] OBJ_setct_CapTokenSeq */ -0x67,0x2A,0x00,0x0C, /* [3952] OBJ_setct_PInitResData */ -0x67,0x2A,0x00,0x0D, /* [3956] OBJ_setct_PI_TBS */ -0x67,0x2A,0x00,0x0E, /* [3960] OBJ_setct_PResData */ -0x67,0x2A,0x00,0x10, /* [3964] OBJ_setct_AuthReqTBS */ -0x67,0x2A,0x00,0x11, /* [3968] OBJ_setct_AuthResTBS */ -0x67,0x2A,0x00,0x12, /* [3972] OBJ_setct_AuthResTBSX */ -0x67,0x2A,0x00,0x13, /* [3976] OBJ_setct_AuthTokenTBS */ -0x67,0x2A,0x00,0x14, /* [3980] OBJ_setct_CapTokenData */ -0x67,0x2A,0x00,0x15, /* [3984] OBJ_setct_CapTokenTBS */ -0x67,0x2A,0x00,0x16, /* [3988] OBJ_setct_AcqCardCodeMsg */ -0x67,0x2A,0x00,0x17, /* [3992] OBJ_setct_AuthRevReqTBS */ -0x67,0x2A,0x00,0x18, /* [3996] OBJ_setct_AuthRevResData */ -0x67,0x2A,0x00,0x19, /* [4000] OBJ_setct_AuthRevResTBS */ -0x67,0x2A,0x00,0x1A, /* [4004] OBJ_setct_CapReqTBS */ -0x67,0x2A,0x00,0x1B, /* [4008] OBJ_setct_CapReqTBSX */ -0x67,0x2A,0x00,0x1C, /* [4012] OBJ_setct_CapResData */ -0x67,0x2A,0x00,0x1D, /* [4016] OBJ_setct_CapRevReqTBS */ -0x67,0x2A,0x00,0x1E, /* [4020] OBJ_setct_CapRevReqTBSX */ -0x67,0x2A,0x00,0x1F, /* [4024] OBJ_setct_CapRevResData */ -0x67,0x2A,0x00,0x20, /* [4028] OBJ_setct_CredReqTBS */ -0x67,0x2A,0x00,0x21, /* [4032] OBJ_setct_CredReqTBSX */ -0x67,0x2A,0x00,0x22, /* [4036] OBJ_setct_CredResData */ -0x67,0x2A,0x00,0x23, /* [4040] OBJ_setct_CredRevReqTBS */ -0x67,0x2A,0x00,0x24, /* [4044] OBJ_setct_CredRevReqTBSX */ -0x67,0x2A,0x00,0x25, /* [4048] OBJ_setct_CredRevResData */ -0x67,0x2A,0x00,0x26, /* [4052] OBJ_setct_PCertReqData */ -0x67,0x2A,0x00,0x27, /* [4056] OBJ_setct_PCertResTBS */ -0x67,0x2A,0x00,0x28, /* [4060] OBJ_setct_BatchAdminReqData */ -0x67,0x2A,0x00,0x29, /* [4064] OBJ_setct_BatchAdminResData */ -0x67,0x2A,0x00,0x2A, /* [4068] OBJ_setct_CardCInitResTBS */ -0x67,0x2A,0x00,0x2B, /* [4072] OBJ_setct_MeAqCInitResTBS */ -0x67,0x2A,0x00,0x2C, /* [4076] OBJ_setct_RegFormResTBS */ -0x67,0x2A,0x00,0x2D, /* [4080] OBJ_setct_CertReqData */ -0x67,0x2A,0x00,0x2E, /* [4084] OBJ_setct_CertReqTBS */ -0x67,0x2A,0x00,0x2F, /* [4088] OBJ_setct_CertResData */ -0x67,0x2A,0x00,0x30, /* [4092] OBJ_setct_CertInqReqTBS */ -0x67,0x2A,0x00,0x31, /* [4096] OBJ_setct_ErrorTBS */ -0x67,0x2A,0x00,0x32, /* [4100] OBJ_setct_PIDualSignedTBE */ -0x67,0x2A,0x00,0x33, /* [4104] OBJ_setct_PIUnsignedTBE */ -0x67,0x2A,0x00,0x34, /* [4108] OBJ_setct_AuthReqTBE */ -0x67,0x2A,0x00,0x35, /* [4112] OBJ_setct_AuthResTBE */ -0x67,0x2A,0x00,0x36, /* [4116] OBJ_setct_AuthResTBEX */ -0x67,0x2A,0x00,0x37, /* [4120] OBJ_setct_AuthTokenTBE */ -0x67,0x2A,0x00,0x38, /* [4124] OBJ_setct_CapTokenTBE */ -0x67,0x2A,0x00,0x39, /* [4128] OBJ_setct_CapTokenTBEX */ -0x67,0x2A,0x00,0x3A, /* [4132] OBJ_setct_AcqCardCodeMsgTBE */ -0x67,0x2A,0x00,0x3B, /* [4136] OBJ_setct_AuthRevReqTBE */ -0x67,0x2A,0x00,0x3C, /* [4140] OBJ_setct_AuthRevResTBE */ -0x67,0x2A,0x00,0x3D, /* [4144] OBJ_setct_AuthRevResTBEB */ -0x67,0x2A,0x00,0x3E, /* [4148] OBJ_setct_CapReqTBE */ -0x67,0x2A,0x00,0x3F, /* [4152] OBJ_setct_CapReqTBEX */ -0x67,0x2A,0x00,0x40, /* [4156] OBJ_setct_CapResTBE */ -0x67,0x2A,0x00,0x41, /* [4160] OBJ_setct_CapRevReqTBE */ -0x67,0x2A,0x00,0x42, /* [4164] OBJ_setct_CapRevReqTBEX */ -0x67,0x2A,0x00,0x43, /* [4168] OBJ_setct_CapRevResTBE */ -0x67,0x2A,0x00,0x44, /* [4172] OBJ_setct_CredReqTBE */ -0x67,0x2A,0x00,0x45, /* [4176] OBJ_setct_CredReqTBEX */ -0x67,0x2A,0x00,0x46, /* [4180] OBJ_setct_CredResTBE */ -0x67,0x2A,0x00,0x47, /* [4184] OBJ_setct_CredRevReqTBE */ -0x67,0x2A,0x00,0x48, /* [4188] OBJ_setct_CredRevReqTBEX */ -0x67,0x2A,0x00,0x49, /* [4192] OBJ_setct_CredRevResTBE */ -0x67,0x2A,0x00,0x4A, /* [4196] OBJ_setct_BatchAdminReqTBE */ -0x67,0x2A,0x00,0x4B, /* [4200] OBJ_setct_BatchAdminResTBE */ -0x67,0x2A,0x00,0x4C, /* [4204] OBJ_setct_RegFormReqTBE */ -0x67,0x2A,0x00,0x4D, /* [4208] OBJ_setct_CertReqTBE */ -0x67,0x2A,0x00,0x4E, /* [4212] OBJ_setct_CertReqTBEX */ -0x67,0x2A,0x00,0x4F, /* [4216] OBJ_setct_CertResTBE */ -0x67,0x2A,0x00,0x50, /* [4220] OBJ_setct_CRLNotificationTBS */ -0x67,0x2A,0x00,0x51, /* [4224] OBJ_setct_CRLNotificationResTBS */ -0x67,0x2A,0x00,0x52, /* [4228] OBJ_setct_BCIDistributionTBS */ -0x67,0x2A,0x01,0x01, /* [4232] OBJ_setext_genCrypt */ -0x67,0x2A,0x01,0x03, /* [4236] OBJ_setext_miAuth */ -0x67,0x2A,0x01,0x04, /* [4240] OBJ_setext_pinSecure */ -0x67,0x2A,0x01,0x05, /* [4244] OBJ_setext_pinAny */ -0x67,0x2A,0x01,0x07, /* [4248] OBJ_setext_track2 */ -0x67,0x2A,0x01,0x08, /* [4252] OBJ_setext_cv */ -0x67,0x2A,0x05,0x00, /* [4256] OBJ_set_policy_root */ -0x67,0x2A,0x07,0x00, /* [4260] OBJ_setCext_hashedRoot */ -0x67,0x2A,0x07,0x01, /* [4264] OBJ_setCext_certType */ -0x67,0x2A,0x07,0x02, /* [4268] OBJ_setCext_merchData */ -0x67,0x2A,0x07,0x03, /* [4272] OBJ_setCext_cCertRequired */ -0x67,0x2A,0x07,0x04, /* [4276] OBJ_setCext_tunneling */ -0x67,0x2A,0x07,0x05, /* [4280] OBJ_setCext_setExt */ -0x67,0x2A,0x07,0x06, /* [4284] OBJ_setCext_setQualf */ -0x67,0x2A,0x07,0x07, /* [4288] OBJ_setCext_PGWYcapabilities */ -0x67,0x2A,0x07,0x08, /* [4292] OBJ_setCext_TokenIdentifier */ -0x67,0x2A,0x07,0x09, /* [4296] OBJ_setCext_Track2Data */ -0x67,0x2A,0x07,0x0A, /* [4300] OBJ_setCext_TokenType */ -0x67,0x2A,0x07,0x0B, /* [4304] OBJ_setCext_IssuerCapabilities */ -0x67,0x2A,0x03,0x00, /* [4308] OBJ_setAttr_Cert */ -0x67,0x2A,0x03,0x01, /* [4312] OBJ_setAttr_PGWYcap */ -0x67,0x2A,0x03,0x02, /* [4316] OBJ_setAttr_TokenType */ -0x67,0x2A,0x03,0x03, /* [4320] OBJ_setAttr_IssCap */ -0x67,0x2A,0x03,0x00,0x00, /* [4324] OBJ_set_rootKeyThumb */ -0x67,0x2A,0x03,0x00,0x01, /* [4329] OBJ_set_addPolicy */ -0x67,0x2A,0x03,0x02,0x01, /* [4334] OBJ_setAttr_Token_EMV */ -0x67,0x2A,0x03,0x02,0x02, /* [4339] OBJ_setAttr_Token_B0Prime */ -0x67,0x2A,0x03,0x03,0x03, /* [4344] OBJ_setAttr_IssCap_CVM */ -0x67,0x2A,0x03,0x03,0x04, /* [4349] OBJ_setAttr_IssCap_T2 */ -0x67,0x2A,0x03,0x03,0x05, /* [4354] OBJ_setAttr_IssCap_Sig */ -0x67,0x2A,0x03,0x03,0x03,0x01, /* [4359] OBJ_setAttr_GenCryptgrm */ -0x67,0x2A,0x03,0x03,0x04,0x01, /* [4365] OBJ_setAttr_T2Enc */ -0x67,0x2A,0x03,0x03,0x04,0x02, /* [4371] OBJ_setAttr_T2cleartxt */ -0x67,0x2A,0x03,0x03,0x05,0x01, /* [4377] OBJ_setAttr_TokICCsig */ -0x67,0x2A,0x03,0x03,0x05,0x02, /* [4383] OBJ_setAttr_SecDevSig */ -0x67,0x2A,0x08,0x01, /* [4389] OBJ_set_brand_IATA_ATA */ -0x67,0x2A,0x08,0x1E, /* [4393] OBJ_set_brand_Diners */ -0x67,0x2A,0x08,0x22, /* [4397] OBJ_set_brand_AmericanExpress */ -0x67,0x2A,0x08,0x23, /* [4401] OBJ_set_brand_JCB */ -0x67,0x2A,0x08,0x04, /* [4405] OBJ_set_brand_Visa */ -0x67,0x2A,0x08,0x05, /* [4409] OBJ_set_brand_MasterCard */ -0x67,0x2A,0x08,0xAE,0x7B, /* [4413] OBJ_set_brand_Novus */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A, /* [4418] OBJ_des_cdmf */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06,/* [4426] OBJ_rsaOAEPEncryptionSET */ -0x67, /* [4435] OBJ_international_organizations */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [4436] OBJ_ms_smartcard_login */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [4446] OBJ_ms_upn */ -0x55,0x04,0x09, /* [4456] OBJ_streetAddress */ -0x55,0x04,0x11, /* [4459] OBJ_postalCode */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x15, /* [4462] OBJ_id_ppl */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0E, /* [4469] OBJ_proxyCertInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00, /* [4477] OBJ_id_ppl_anyLanguage */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01, /* [4485] OBJ_id_ppl_inheritAll */ -0x55,0x1D,0x1E, /* [4493] OBJ_name_constraints */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02, /* [4496] OBJ_Independent */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,/* [4504] OBJ_sha256WithRSAEncryption */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C,/* [4513] OBJ_sha384WithRSAEncryption */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D,/* [4522] OBJ_sha512WithRSAEncryption */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E,/* [4531] OBJ_sha224WithRSAEncryption */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,/* [4540] OBJ_sha256 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,/* [4549] OBJ_sha384 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,/* [4558] OBJ_sha512 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,/* [4567] OBJ_sha224 */ -0x2B, /* [4576] OBJ_identified_organization */ -0x2B,0x81,0x04, /* [4577] OBJ_certicom_arc */ -0x67,0x2B, /* [4580] OBJ_wap */ -0x67,0x2B,0x01, /* [4582] OBJ_wap_wsg */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03, /* [4585] OBJ_X9_62_id_characteristic_two_basis */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,/* [4593] OBJ_X9_62_onBasis */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,/* [4602] OBJ_X9_62_tpBasis */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x03,/* [4611] OBJ_X9_62_ppBasis */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x01, /* [4620] OBJ_X9_62_c2pnb163v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x02, /* [4628] OBJ_X9_62_c2pnb163v2 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x03, /* [4636] OBJ_X9_62_c2pnb163v3 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x04, /* [4644] OBJ_X9_62_c2pnb176v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x05, /* [4652] OBJ_X9_62_c2tnb191v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x06, /* [4660] OBJ_X9_62_c2tnb191v2 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x07, /* [4668] OBJ_X9_62_c2tnb191v3 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x08, /* [4676] OBJ_X9_62_c2onb191v4 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x09, /* [4684] OBJ_X9_62_c2onb191v5 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0A, /* [4692] OBJ_X9_62_c2pnb208w1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0B, /* [4700] OBJ_X9_62_c2tnb239v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0C, /* [4708] OBJ_X9_62_c2tnb239v2 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0D, /* [4716] OBJ_X9_62_c2tnb239v3 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0E, /* [4724] OBJ_X9_62_c2onb239v4 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0F, /* [4732] OBJ_X9_62_c2onb239v5 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x10, /* [4740] OBJ_X9_62_c2pnb272w1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x11, /* [4748] OBJ_X9_62_c2pnb304w1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12, /* [4756] OBJ_X9_62_c2tnb359v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13, /* [4764] OBJ_X9_62_c2pnb368w1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14, /* [4772] OBJ_X9_62_c2tnb431r1 */ -0x2B,0x81,0x04,0x00,0x06, /* [4780] OBJ_secp112r1 */ -0x2B,0x81,0x04,0x00,0x07, /* [4785] OBJ_secp112r2 */ -0x2B,0x81,0x04,0x00,0x1C, /* [4790] OBJ_secp128r1 */ -0x2B,0x81,0x04,0x00,0x1D, /* [4795] OBJ_secp128r2 */ -0x2B,0x81,0x04,0x00,0x09, /* [4800] OBJ_secp160k1 */ -0x2B,0x81,0x04,0x00,0x08, /* [4805] OBJ_secp160r1 */ -0x2B,0x81,0x04,0x00,0x1E, /* [4810] OBJ_secp160r2 */ -0x2B,0x81,0x04,0x00,0x1F, /* [4815] OBJ_secp192k1 */ -0x2B,0x81,0x04,0x00,0x20, /* [4820] OBJ_secp224k1 */ -0x2B,0x81,0x04,0x00,0x21, /* [4825] OBJ_secp224r1 */ -0x2B,0x81,0x04,0x00,0x0A, /* [4830] OBJ_secp256k1 */ -0x2B,0x81,0x04,0x00,0x22, /* [4835] OBJ_secp384r1 */ -0x2B,0x81,0x04,0x00,0x23, /* [4840] OBJ_secp521r1 */ -0x2B,0x81,0x04,0x00,0x04, /* [4845] OBJ_sect113r1 */ -0x2B,0x81,0x04,0x00,0x05, /* [4850] OBJ_sect113r2 */ -0x2B,0x81,0x04,0x00,0x16, /* [4855] OBJ_sect131r1 */ -0x2B,0x81,0x04,0x00,0x17, /* [4860] OBJ_sect131r2 */ -0x2B,0x81,0x04,0x00,0x01, /* [4865] OBJ_sect163k1 */ -0x2B,0x81,0x04,0x00,0x02, /* [4870] OBJ_sect163r1 */ -0x2B,0x81,0x04,0x00,0x0F, /* [4875] OBJ_sect163r2 */ -0x2B,0x81,0x04,0x00,0x18, /* [4880] OBJ_sect193r1 */ -0x2B,0x81,0x04,0x00,0x19, /* [4885] OBJ_sect193r2 */ -0x2B,0x81,0x04,0x00,0x1A, /* [4890] OBJ_sect233k1 */ -0x2B,0x81,0x04,0x00,0x1B, /* [4895] OBJ_sect233r1 */ -0x2B,0x81,0x04,0x00,0x03, /* [4900] OBJ_sect239k1 */ -0x2B,0x81,0x04,0x00,0x10, /* [4905] OBJ_sect283k1 */ -0x2B,0x81,0x04,0x00,0x11, /* [4910] OBJ_sect283r1 */ -0x2B,0x81,0x04,0x00,0x24, /* [4915] OBJ_sect409k1 */ -0x2B,0x81,0x04,0x00,0x25, /* [4920] OBJ_sect409r1 */ -0x2B,0x81,0x04,0x00,0x26, /* [4925] OBJ_sect571k1 */ -0x2B,0x81,0x04,0x00,0x27, /* [4930] OBJ_sect571r1 */ -0x67,0x2B,0x01,0x04,0x01, /* [4935] OBJ_wap_wsg_idm_ecid_wtls1 */ -0x67,0x2B,0x01,0x04,0x03, /* [4940] OBJ_wap_wsg_idm_ecid_wtls3 */ -0x67,0x2B,0x01,0x04,0x04, /* [4945] OBJ_wap_wsg_idm_ecid_wtls4 */ -0x67,0x2B,0x01,0x04,0x05, /* [4950] OBJ_wap_wsg_idm_ecid_wtls5 */ -0x67,0x2B,0x01,0x04,0x06, /* [4955] OBJ_wap_wsg_idm_ecid_wtls6 */ -0x67,0x2B,0x01,0x04,0x07, /* [4960] OBJ_wap_wsg_idm_ecid_wtls7 */ -0x67,0x2B,0x01,0x04,0x08, /* [4965] OBJ_wap_wsg_idm_ecid_wtls8 */ -0x67,0x2B,0x01,0x04,0x09, /* [4970] OBJ_wap_wsg_idm_ecid_wtls9 */ -0x67,0x2B,0x01,0x04,0x0A, /* [4975] OBJ_wap_wsg_idm_ecid_wtls10 */ -0x67,0x2B,0x01,0x04,0x0B, /* [4980] OBJ_wap_wsg_idm_ecid_wtls11 */ -0x67,0x2B,0x01,0x04,0x0C, /* [4985] OBJ_wap_wsg_idm_ecid_wtls12 */ -0x55,0x1D,0x20,0x00, /* [4990] OBJ_any_policy */ -0x55,0x1D,0x21, /* [4994] OBJ_policy_mappings */ -0x55,0x1D,0x36, /* [4997] OBJ_inhibit_any_policy */ -0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x02,/* [5000] OBJ_camellia_128_cbc */ -0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x03,/* [5011] OBJ_camellia_192_cbc */ -0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x04,/* [5022] OBJ_camellia_256_cbc */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x01, /* [5033] OBJ_camellia_128_ecb */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x15, /* [5041] OBJ_camellia_192_ecb */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x29, /* [5049] OBJ_camellia_256_ecb */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x04, /* [5057] OBJ_camellia_128_cfb128 */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x18, /* [5065] OBJ_camellia_192_cfb128 */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2C, /* [5073] OBJ_camellia_256_cfb128 */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x03, /* [5081] OBJ_camellia_128_ofb128 */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x17, /* [5089] OBJ_camellia_192_ofb128 */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2B, /* [5097] OBJ_camellia_256_ofb128 */ -0x55,0x1D,0x09, /* [5105] OBJ_subject_directory_attributes */ -0x55,0x1D,0x1C, /* [5108] OBJ_issuing_distribution_point */ -0x55,0x1D,0x1D, /* [5111] OBJ_certificate_issuer */ -0x2A,0x83,0x1A,0x8C,0x9A,0x44, /* [5114] OBJ_kisa */ -0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x03, /* [5120] OBJ_seed_ecb */ -0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x04, /* [5128] OBJ_seed_cbc */ -0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x06, /* [5136] OBJ_seed_ofb128 */ -0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x05, /* [5144] OBJ_seed_cfb128 */ -0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x01, /* [5152] OBJ_hmac_md5 */ -0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x02, /* [5160] OBJ_hmac_sha1 */ -0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0D,/* [5168] OBJ_id_PasswordBasedMAC */ -0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x1E,/* [5177] OBJ_id_DHBasedMac */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x10, /* [5186] OBJ_id_it_suppLangTags */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x05, /* [5194] OBJ_caRepository */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x09,/* [5202] OBJ_id_smime_ct_compressedData */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1B,/* [5213] OBJ_id_ct_asciiTextWithCRLF */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x05,/* [5224] OBJ_id_aes128_wrap */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x19,/* [5233] OBJ_id_aes192_wrap */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2D,/* [5242] OBJ_id_aes256_wrap */ -0x2A,0x86,0x48,0xCE,0x3D,0x04,0x02, /* [5251] OBJ_ecdsa_with_Recommended */ -0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03, /* [5258] OBJ_ecdsa_with_Specified */ -0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x01, /* [5265] OBJ_ecdsa_with_SHA224 */ -0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x02, /* [5273] OBJ_ecdsa_with_SHA256 */ -0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x03, /* [5281] OBJ_ecdsa_with_SHA384 */ -0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x04, /* [5289] OBJ_ecdsa_with_SHA512 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x06, /* [5297] OBJ_hmacWithMD5 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x08, /* [5305] OBJ_hmacWithSHA224 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x09, /* [5313] OBJ_hmacWithSHA256 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0A, /* [5321] OBJ_hmacWithSHA384 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0B, /* [5329] OBJ_hmacWithSHA512 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x01,/* [5337] OBJ_dsa_with_SHA224 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x02,/* [5346] OBJ_dsa_with_SHA256 */ -0x28,0xCF,0x06,0x03,0x00,0x37, /* [5355] OBJ_whirlpool */ -0x2A,0x85,0x03,0x02,0x02, /* [5361] OBJ_cryptopro */ -0x2A,0x85,0x03,0x02,0x09, /* [5366] OBJ_cryptocom */ -0x2A,0x85,0x03,0x02,0x02,0x03, /* [5371] OBJ_id_GostR3411_94_with_GostR3410_2001 */ -0x2A,0x85,0x03,0x02,0x02,0x04, /* [5377] OBJ_id_GostR3411_94_with_GostR3410_94 */ -0x2A,0x85,0x03,0x02,0x02,0x09, /* [5383] OBJ_id_GostR3411_94 */ -0x2A,0x85,0x03,0x02,0x02,0x0A, /* [5389] OBJ_id_HMACGostR3411_94 */ -0x2A,0x85,0x03,0x02,0x02,0x13, /* [5395] OBJ_id_GostR3410_2001 */ -0x2A,0x85,0x03,0x02,0x02,0x14, /* [5401] OBJ_id_GostR3410_94 */ -0x2A,0x85,0x03,0x02,0x02,0x15, /* [5407] OBJ_id_Gost28147_89 */ -0x2A,0x85,0x03,0x02,0x02,0x16, /* [5413] OBJ_id_Gost28147_89_MAC */ -0x2A,0x85,0x03,0x02,0x02,0x17, /* [5419] OBJ_id_GostR3411_94_prf */ -0x2A,0x85,0x03,0x02,0x02,0x62, /* [5425] OBJ_id_GostR3410_2001DH */ -0x2A,0x85,0x03,0x02,0x02,0x63, /* [5431] OBJ_id_GostR3410_94DH */ -0x2A,0x85,0x03,0x02,0x02,0x0E,0x01, /* [5437] OBJ_id_Gost28147_89_CryptoPro_KeyMeshing */ -0x2A,0x85,0x03,0x02,0x02,0x0E,0x00, /* [5444] OBJ_id_Gost28147_89_None_KeyMeshing */ -0x2A,0x85,0x03,0x02,0x02,0x1E,0x00, /* [5451] OBJ_id_GostR3411_94_TestParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x1E,0x01, /* [5458] OBJ_id_GostR3411_94_CryptoProParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x1F,0x00, /* [5465] OBJ_id_Gost28147_89_TestParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x1F,0x01, /* [5472] OBJ_id_Gost28147_89_CryptoPro_A_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x1F,0x02, /* [5479] OBJ_id_Gost28147_89_CryptoPro_B_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x1F,0x03, /* [5486] OBJ_id_Gost28147_89_CryptoPro_C_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x1F,0x04, /* [5493] OBJ_id_Gost28147_89_CryptoPro_D_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x1F,0x05, /* [5500] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x1F,0x06, /* [5507] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x1F,0x07, /* [5514] OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x20,0x00, /* [5521] OBJ_id_GostR3410_94_TestParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x20,0x02, /* [5528] OBJ_id_GostR3410_94_CryptoPro_A_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x20,0x03, /* [5535] OBJ_id_GostR3410_94_CryptoPro_B_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x20,0x04, /* [5542] OBJ_id_GostR3410_94_CryptoPro_C_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x20,0x05, /* [5549] OBJ_id_GostR3410_94_CryptoPro_D_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x21,0x01, /* [5556] OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x21,0x02, /* [5563] OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x21,0x03, /* [5570] OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x23,0x00, /* [5577] OBJ_id_GostR3410_2001_TestParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x23,0x01, /* [5584] OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x23,0x02, /* [5591] OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x23,0x03, /* [5598] OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x24,0x00, /* [5605] OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x24,0x01, /* [5612] OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x14,0x01, /* [5619] OBJ_id_GostR3410_94_a */ -0x2A,0x85,0x03,0x02,0x02,0x14,0x02, /* [5626] OBJ_id_GostR3410_94_aBis */ -0x2A,0x85,0x03,0x02,0x02,0x14,0x03, /* [5633] OBJ_id_GostR3410_94_b */ -0x2A,0x85,0x03,0x02,0x02,0x14,0x04, /* [5640] OBJ_id_GostR3410_94_bBis */ -0x2A,0x85,0x03,0x02,0x09,0x01,0x06,0x01, /* [5647] OBJ_id_Gost28147_89_cc */ -0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x03, /* [5655] OBJ_id_GostR3410_94_cc */ -0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x04, /* [5663] OBJ_id_GostR3410_2001_cc */ -0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x03, /* [5671] OBJ_id_GostR3411_94_with_GostR3410_94_cc */ -0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x04, /* [5679] OBJ_id_GostR3411_94_with_GostR3410_2001_cc */ -0x2A,0x85,0x03,0x02,0x09,0x01,0x08,0x01, /* [5687] OBJ_id_GostR3410_2001_ParamSet_cc */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x02,/* [5695] OBJ_LocalKeySet */ -0x55,0x1D,0x2E, /* [5704] OBJ_freshest_crl */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x03, /* [5707] OBJ_id_on_permanentIdentifier */ -0x55,0x04,0x0E, /* [5715] OBJ_searchGuide */ -0x55,0x04,0x0F, /* [5718] OBJ_businessCategory */ -0x55,0x04,0x10, /* [5721] OBJ_postalAddress */ -0x55,0x04,0x12, /* [5724] OBJ_postOfficeBox */ -0x55,0x04,0x13, /* [5727] OBJ_physicalDeliveryOfficeName */ -0x55,0x04,0x14, /* [5730] OBJ_telephoneNumber */ -0x55,0x04,0x15, /* [5733] OBJ_telexNumber */ -0x55,0x04,0x16, /* [5736] OBJ_teletexTerminalIdentifier */ -0x55,0x04,0x17, /* [5739] OBJ_facsimileTelephoneNumber */ -0x55,0x04,0x18, /* [5742] OBJ_x121Address */ -0x55,0x04,0x19, /* [5745] OBJ_internationaliSDNNumber */ -0x55,0x04,0x1A, /* [5748] OBJ_registeredAddress */ -0x55,0x04,0x1B, /* [5751] OBJ_destinationIndicator */ -0x55,0x04,0x1C, /* [5754] OBJ_preferredDeliveryMethod */ -0x55,0x04,0x1D, /* [5757] OBJ_presentationAddress */ -0x55,0x04,0x1E, /* [5760] OBJ_supportedApplicationContext */ -0x55,0x04,0x1F, /* [5763] OBJ_member */ -0x55,0x04,0x20, /* [5766] OBJ_owner */ -0x55,0x04,0x21, /* [5769] OBJ_roleOccupant */ -0x55,0x04,0x22, /* [5772] OBJ_seeAlso */ -0x55,0x04,0x23, /* [5775] OBJ_userPassword */ -0x55,0x04,0x24, /* [5778] OBJ_userCertificate */ -0x55,0x04,0x25, /* [5781] OBJ_cACertificate */ -0x55,0x04,0x26, /* [5784] OBJ_authorityRevocationList */ -0x55,0x04,0x27, /* [5787] OBJ_certificateRevocationList */ -0x55,0x04,0x28, /* [5790] OBJ_crossCertificatePair */ -0x55,0x04,0x2F, /* [5793] OBJ_enhancedSearchGuide */ -0x55,0x04,0x30, /* [5796] OBJ_protocolInformation */ -0x55,0x04,0x31, /* [5799] OBJ_distinguishedName */ -0x55,0x04,0x32, /* [5802] OBJ_uniqueMember */ -0x55,0x04,0x33, /* [5805] OBJ_houseIdentifier */ -0x55,0x04,0x34, /* [5808] OBJ_supportedAlgorithms */ -0x55,0x04,0x35, /* [5811] OBJ_deltaRevocationList */ -0x55,0x04,0x36, /* [5814] OBJ_dmdName */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x09,/* [5817] OBJ_id_alg_PWRI_KEK */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x06,/* [5828] OBJ_aes_128_gcm */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x07,/* [5837] OBJ_aes_128_ccm */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x08,/* [5846] OBJ_id_aes128_wrap_pad */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1A,/* [5855] OBJ_aes_192_gcm */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1B,/* [5864] OBJ_aes_192_ccm */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1C,/* [5873] OBJ_id_aes192_wrap_pad */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2E,/* [5882] OBJ_aes_256_gcm */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2F,/* [5891] OBJ_aes_256_ccm */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x30,/* [5900] OBJ_id_aes256_wrap_pad */ -0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x02,/* [5909] OBJ_id_camellia128_wrap */ -0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x03,/* [5920] OBJ_id_camellia192_wrap */ -0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x04,/* [5931] OBJ_id_camellia256_wrap */ -0x55,0x1D,0x25,0x00, /* [5942] OBJ_anyExtendedKeyUsage */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x08,/* [5946] OBJ_mgf1 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0A,/* [5955] OBJ_rsassaPss */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x07,/* [5964] OBJ_rsaesOaep */ -0x2A,0x86,0x48,0xCE,0x3E,0x02,0x01, /* [5973] OBJ_dhpublicnumber */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x01,/* [5980] OBJ_brainpoolP160r1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x02,/* [5989] OBJ_brainpoolP160t1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x03,/* [5998] OBJ_brainpoolP192r1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x04,/* [6007] OBJ_brainpoolP192t1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x05,/* [6016] OBJ_brainpoolP224r1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x06,/* [6025] OBJ_brainpoolP224t1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07,/* [6034] OBJ_brainpoolP256r1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x08,/* [6043] OBJ_brainpoolP256t1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x09,/* [6052] OBJ_brainpoolP320r1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0A,/* [6061] OBJ_brainpoolP320t1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0B,/* [6070] OBJ_brainpoolP384r1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0C,/* [6079] OBJ_brainpoolP384t1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0D,/* [6088] OBJ_brainpoolP512r1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0E,/* [6097] OBJ_brainpoolP512t1 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x09,/* [6106] OBJ_pSpecified */ -0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x02,/* [6115] OBJ_dhSinglePass_stdDH_sha1kdf_scheme */ -0x2B,0x81,0x04,0x01,0x0B,0x00, /* [6124] OBJ_dhSinglePass_stdDH_sha224kdf_scheme */ -0x2B,0x81,0x04,0x01,0x0B,0x01, /* [6130] OBJ_dhSinglePass_stdDH_sha256kdf_scheme */ -0x2B,0x81,0x04,0x01,0x0B,0x02, /* [6136] OBJ_dhSinglePass_stdDH_sha384kdf_scheme */ -0x2B,0x81,0x04,0x01,0x0B,0x03, /* [6142] OBJ_dhSinglePass_stdDH_sha512kdf_scheme */ -0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x03,/* [6148] OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme */ -0x2B,0x81,0x04,0x01,0x0E,0x00, /* [6157] OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme */ -0x2B,0x81,0x04,0x01,0x0E,0x01, /* [6163] OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme */ -0x2B,0x81,0x04,0x01,0x0E,0x02, /* [6169] OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme */ -0x2B,0x81,0x04,0x01,0x0E,0x03, /* [6175] OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme */ -0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x02,/* [6181] OBJ_ct_precert_scts */ -0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x03,/* [6191] OBJ_ct_precert_poison */ -0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x04,/* [6201] OBJ_ct_precert_signer */ -0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x05,/* [6211] OBJ_ct_cert_scts */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x01,/* [6221] OBJ_jurisdictionLocalityName */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x02,/* [6232] OBJ_jurisdictionStateOrProvinceName */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x03,/* [6243] OBJ_jurisdictionCountryName */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x06, /* [6254] OBJ_camellia_128_gcm */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x07, /* [6262] OBJ_camellia_128_ccm */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x09, /* [6270] OBJ_camellia_128_ctr */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x0A, /* [6278] OBJ_camellia_128_cmac */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1A, /* [6286] OBJ_camellia_192_gcm */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1B, /* [6294] OBJ_camellia_192_ccm */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1D, /* [6302] OBJ_camellia_192_ctr */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1E, /* [6310] OBJ_camellia_192_cmac */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2E, /* [6318] OBJ_camellia_256_gcm */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2F, /* [6326] OBJ_camellia_256_ccm */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x31, /* [6334] OBJ_camellia_256_ctr */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x32, /* [6342] OBJ_camellia_256_cmac */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2C,/* [543] OBJ_uniqueIdentifier */ +0x55,0x1D,0x1F, /* [553] OBJ_crl_distribution_points */ +0x2B,0x0E,0x03,0x02,0x03, /* [556] OBJ_md5WithRSA */ +0x55,0x04,0x05, /* [561] OBJ_serialNumber */ +0x55,0x04,0x0C, /* [564] OBJ_title */ +0x55,0x04,0x0D, /* [567] OBJ_description */ +0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0A,/* [570] OBJ_cast5_cbc */ +0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0C,/* [579] OBJ_pbeWithMD5AndCast5_CBC */ +0x2A,0x86,0x48,0xCE,0x38,0x04,0x03, /* [588] OBJ_dsaWithSHA1 */ +0x2B,0x0E,0x03,0x02,0x1D, /* [595] OBJ_sha1WithRSA */ +0x2A,0x86,0x48,0xCE,0x38,0x04,0x01, /* [600] OBJ_dsa */ +0x2B,0x24,0x03,0x02,0x01, /* [607] OBJ_ripemd160 */ +0x2B,0x24,0x03,0x03,0x01,0x02, /* [612] OBJ_ripemd160WithRSA */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08, /* [618] OBJ_rc5_cbc */ +0x29,0x01,0x01,0x85,0x1A,0x01, /* [626] OBJ_rle_compression */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x08,/* [632] OBJ_zlib_compression */ +0x55,0x1D,0x25, /* [643] OBJ_ext_key_usage */ +0x2B,0x06,0x01,0x05,0x05,0x07, /* [646] OBJ_id_pkix */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03, /* [652] OBJ_id_kp */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01, /* [659] OBJ_server_auth */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02, /* [667] OBJ_client_auth */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03, /* [675] OBJ_code_sign */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04, /* [683] OBJ_email_protect */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08, /* [691] OBJ_time_stamp */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,/* [699] OBJ_ms_code_ind */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,/* [709] OBJ_ms_code_com */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,/* [719] OBJ_ms_ctl_sign */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [729] OBJ_ms_sgc */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [739] OBJ_ms_efs */ +0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [749] OBJ_ns_sgc */ +0x55,0x1D,0x1B, /* [758] OBJ_delta_crl */ +0x55,0x1D,0x15, /* [761] OBJ_crl_reason */ +0x55,0x1D,0x18, /* [764] OBJ_invalidity_date */ +0x2B,0x65,0x01,0x04,0x01, /* [767] OBJ_sxnet */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01,/* [772] OBJ_pbe_WithSHA1And128BitRC4 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02,/* [782] OBJ_pbe_WithSHA1And40BitRC4 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03,/* [792] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04,/* [802] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05,/* [812] OBJ_pbe_WithSHA1And128BitRC2_CBC */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06,/* [822] OBJ_pbe_WithSHA1And40BitRC2_CBC */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01,/* [832] OBJ_keyBag */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02,/* [843] OBJ_pkcs8ShroudedKeyBag */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03,/* [854] OBJ_certBag */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04,/* [865] OBJ_crlBag */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05,/* [876] OBJ_secretBag */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06,/* [887] OBJ_safeContentsBag */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14,/* [898] OBJ_friendlyName */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15,/* [907] OBJ_localKeyID */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01,/* [916] OBJ_x509Certificate */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02,/* [926] OBJ_sdsiCertificate */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01,/* [936] OBJ_x509Crl */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D,/* [946] OBJ_pbes2 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E,/* [955] OBJ_pbmac1 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07, /* [964] OBJ_hmacWithSHA1 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01, /* [972] OBJ_id_qt_cps */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02, /* [980] OBJ_id_qt_unotice */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F,/* [988] OBJ_SMIMECapabilities */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04,/* [997] OBJ_pbeWithMD2AndRC2_CBC */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06,/* [1006] OBJ_pbeWithMD5AndRC2_CBC */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A,/* [1015] OBJ_pbeWithSHA1AndDES_CBC */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E,/* [1024] OBJ_ms_ext_req */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E,/* [1034] OBJ_ext_req */ +0x55,0x04,0x29, /* [1043] OBJ_name */ +0x55,0x04,0x2E, /* [1046] OBJ_dnQualifier */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01, /* [1049] OBJ_id_pe */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30, /* [1056] OBJ_id_ad */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01, /* [1063] OBJ_info_access */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01, /* [1071] OBJ_ad_OCSP */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02, /* [1079] OBJ_ad_ca_issuers */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09, /* [1087] OBJ_OCSP_sign */ +0x2A, /* [1095] OBJ_member_body */ +0x2A,0x86,0x48, /* [1096] OBJ_ISO_US */ +0x2A,0x86,0x48,0xCE,0x38, /* [1099] OBJ_X9_57 */ +0x2A,0x86,0x48,0xCE,0x38,0x04, /* [1104] OBJ_X9cm */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01, /* [1110] OBJ_pkcs1 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05, /* [1118] OBJ_pkcs5 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,/* [1126] OBJ_SMIME */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,/* [1135] OBJ_id_smime_mod */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,/* [1145] OBJ_id_smime_ct */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,/* [1155] OBJ_id_smime_aa */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,/* [1165] OBJ_id_smime_alg */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,/* [1175] OBJ_id_smime_cd */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,/* [1185] OBJ_id_smime_spq */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,/* [1195] OBJ_id_smime_cti */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01,/* [1205] OBJ_id_smime_mod_cms */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02,/* [1216] OBJ_id_smime_mod_ess */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03,/* [1227] OBJ_id_smime_mod_oid */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04,/* [1238] OBJ_id_smime_mod_msg_v3 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05,/* [1249] OBJ_id_smime_mod_ets_eSignature_88 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06,/* [1260] OBJ_id_smime_mod_ets_eSignature_97 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07,/* [1271] OBJ_id_smime_mod_ets_eSigPolicy_88 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08,/* [1282] OBJ_id_smime_mod_ets_eSigPolicy_97 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01,/* [1293] OBJ_id_smime_ct_receipt */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02,/* [1304] OBJ_id_smime_ct_authData */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03,/* [1315] OBJ_id_smime_ct_publishCert */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04,/* [1326] OBJ_id_smime_ct_TSTInfo */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05,/* [1337] OBJ_id_smime_ct_TDTInfo */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06,/* [1348] OBJ_id_smime_ct_contentInfo */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07,/* [1359] OBJ_id_smime_ct_DVCSRequestData */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08,/* [1370] OBJ_id_smime_ct_DVCSResponseData */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01,/* [1381] OBJ_id_smime_aa_receiptRequest */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02,/* [1392] OBJ_id_smime_aa_securityLabel */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03,/* [1403] OBJ_id_smime_aa_mlExpandHistory */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04,/* [1414] OBJ_id_smime_aa_contentHint */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05,/* [1425] OBJ_id_smime_aa_msgSigDigest */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06,/* [1436] OBJ_id_smime_aa_encapContentType */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07,/* [1447] OBJ_id_smime_aa_contentIdentifier */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08,/* [1458] OBJ_id_smime_aa_macValue */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09,/* [1469] OBJ_id_smime_aa_equivalentLabels */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A,/* [1480] OBJ_id_smime_aa_contentReference */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B,/* [1491] OBJ_id_smime_aa_encrypKeyPref */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C,/* [1502] OBJ_id_smime_aa_signingCertificate */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D,/* [1513] OBJ_id_smime_aa_smimeEncryptCerts */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E,/* [1524] OBJ_id_smime_aa_timeStampToken */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F,/* [1535] OBJ_id_smime_aa_ets_sigPolicyId */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10,/* [1546] OBJ_id_smime_aa_ets_commitmentType */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11,/* [1557] OBJ_id_smime_aa_ets_signerLocation */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12,/* [1568] OBJ_id_smime_aa_ets_signerAttr */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13,/* [1579] OBJ_id_smime_aa_ets_otherSigCert */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14,/* [1590] OBJ_id_smime_aa_ets_contentTimestamp */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15,/* [1601] OBJ_id_smime_aa_ets_CertificateRefs */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16,/* [1612] OBJ_id_smime_aa_ets_RevocationRefs */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17,/* [1623] OBJ_id_smime_aa_ets_certValues */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18,/* [1634] OBJ_id_smime_aa_ets_revocationValues */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19,/* [1645] OBJ_id_smime_aa_ets_escTimeStamp */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A,/* [1656] OBJ_id_smime_aa_ets_certCRLTimestamp */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B,/* [1667] OBJ_id_smime_aa_ets_archiveTimeStamp */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C,/* [1678] OBJ_id_smime_aa_signatureType */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D,/* [1689] OBJ_id_smime_aa_dvcs_dvc */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01,/* [1700] OBJ_id_smime_alg_ESDHwith3DES */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02,/* [1711] OBJ_id_smime_alg_ESDHwithRC2 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03,/* [1722] OBJ_id_smime_alg_3DESwrap */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04,/* [1733] OBJ_id_smime_alg_RC2wrap */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05,/* [1744] OBJ_id_smime_alg_ESDH */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06,/* [1755] OBJ_id_smime_alg_CMS3DESwrap */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07,/* [1766] OBJ_id_smime_alg_CMSRC2wrap */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01,/* [1777] OBJ_id_smime_cd_ldap */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01,/* [1788] OBJ_id_smime_spq_ets_sqt_uri */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02,/* [1799] OBJ_id_smime_spq_ets_sqt_unotice */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01,/* [1810] OBJ_id_smime_cti_ets_proofOfOrigin */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02,/* [1821] OBJ_id_smime_cti_ets_proofOfReceipt */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03,/* [1832] OBJ_id_smime_cti_ets_proofOfDelivery */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04,/* [1843] OBJ_id_smime_cti_ets_proofOfSender */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05,/* [1854] OBJ_id_smime_cti_ets_proofOfApproval */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06,/* [1865] OBJ_id_smime_cti_ets_proofOfCreation */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04, /* [1876] OBJ_md4 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00, /* [1884] OBJ_id_pkix_mod */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x02, /* [1891] OBJ_id_qt */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04, /* [1898] OBJ_id_it */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05, /* [1905] OBJ_id_pkip */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x06, /* [1912] OBJ_id_alg */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07, /* [1919] OBJ_id_cmc */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x08, /* [1926] OBJ_id_on */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x09, /* [1933] OBJ_id_pda */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A, /* [1940] OBJ_id_aca */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0B, /* [1947] OBJ_id_qcs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0C, /* [1954] OBJ_id_cct */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01, /* [1961] OBJ_id_pkix1_explicit_88 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02, /* [1969] OBJ_id_pkix1_implicit_88 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03, /* [1977] OBJ_id_pkix1_explicit_93 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04, /* [1985] OBJ_id_pkix1_implicit_93 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05, /* [1993] OBJ_id_mod_crmf */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06, /* [2001] OBJ_id_mod_cmc */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07, /* [2009] OBJ_id_mod_kea_profile_88 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08, /* [2017] OBJ_id_mod_kea_profile_93 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09, /* [2025] OBJ_id_mod_cmp */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A, /* [2033] OBJ_id_mod_qualified_cert_88 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B, /* [2041] OBJ_id_mod_qualified_cert_93 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C, /* [2049] OBJ_id_mod_attribute_cert */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D, /* [2057] OBJ_id_mod_timestamp_protocol */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E, /* [2065] OBJ_id_mod_ocsp */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F, /* [2073] OBJ_id_mod_dvcs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10, /* [2081] OBJ_id_mod_cmp2000 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02, /* [2089] OBJ_biometricInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03, /* [2097] OBJ_qcStatements */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04, /* [2105] OBJ_ac_auditEntity */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05, /* [2113] OBJ_ac_targeting */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06, /* [2121] OBJ_aaControls */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07, /* [2129] OBJ_sbgp_ipAddrBlock */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08, /* [2137] OBJ_sbgp_autonomousSysNum */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09, /* [2145] OBJ_sbgp_routerIdentifier */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03, /* [2153] OBJ_textNotice */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05, /* [2161] OBJ_ipsecEndSystem */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06, /* [2169] OBJ_ipsecTunnel */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07, /* [2177] OBJ_ipsecUser */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A, /* [2185] OBJ_dvcs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01, /* [2193] OBJ_id_it_caProtEncCert */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02, /* [2201] OBJ_id_it_signKeyPairTypes */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03, /* [2209] OBJ_id_it_encKeyPairTypes */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04, /* [2217] OBJ_id_it_preferredSymmAlg */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05, /* [2225] OBJ_id_it_caKeyUpdateInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06, /* [2233] OBJ_id_it_currentCRL */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07, /* [2241] OBJ_id_it_unsupportedOIDs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08, /* [2249] OBJ_id_it_subscriptionRequest */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09, /* [2257] OBJ_id_it_subscriptionResponse */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A, /* [2265] OBJ_id_it_keyPairParamReq */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B, /* [2273] OBJ_id_it_keyPairParamRep */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C, /* [2281] OBJ_id_it_revPassphrase */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D, /* [2289] OBJ_id_it_implicitConfirm */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E, /* [2297] OBJ_id_it_confirmWaitTime */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F, /* [2305] OBJ_id_it_origPKIMessage */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01, /* [2313] OBJ_id_regCtrl */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02, /* [2321] OBJ_id_regInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01,/* [2329] OBJ_id_regCtrl_regToken */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02,/* [2338] OBJ_id_regCtrl_authenticator */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03,/* [2347] OBJ_id_regCtrl_pkiPublicationInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04,/* [2356] OBJ_id_regCtrl_pkiArchiveOptions */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05,/* [2365] OBJ_id_regCtrl_oldCertID */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06,/* [2374] OBJ_id_regCtrl_protocolEncrKey */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01,/* [2383] OBJ_id_regInfo_utf8Pairs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02,/* [2392] OBJ_id_regInfo_certReq */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01, /* [2401] OBJ_id_alg_des40 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02, /* [2409] OBJ_id_alg_noSignature */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03, /* [2417] OBJ_id_alg_dh_sig_hmac_sha1 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04, /* [2425] OBJ_id_alg_dh_pop */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01, /* [2433] OBJ_id_cmc_statusInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02, /* [2441] OBJ_id_cmc_identification */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03, /* [2449] OBJ_id_cmc_identityProof */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04, /* [2457] OBJ_id_cmc_dataReturn */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05, /* [2465] OBJ_id_cmc_transactionId */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06, /* [2473] OBJ_id_cmc_senderNonce */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07, /* [2481] OBJ_id_cmc_recipientNonce */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08, /* [2489] OBJ_id_cmc_addExtensions */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09, /* [2497] OBJ_id_cmc_encryptedPOP */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A, /* [2505] OBJ_id_cmc_decryptedPOP */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B, /* [2513] OBJ_id_cmc_lraPOPWitness */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F, /* [2521] OBJ_id_cmc_getCert */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10, /* [2529] OBJ_id_cmc_getCRL */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11, /* [2537] OBJ_id_cmc_revokeRequest */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12, /* [2545] OBJ_id_cmc_regInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13, /* [2553] OBJ_id_cmc_responseInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15, /* [2561] OBJ_id_cmc_queryPending */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16, /* [2569] OBJ_id_cmc_popLinkRandom */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17, /* [2577] OBJ_id_cmc_popLinkWitness */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18, /* [2585] OBJ_id_cmc_confirmCertAcceptance */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01, /* [2593] OBJ_id_on_personalData */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01, /* [2601] OBJ_id_pda_dateOfBirth */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02, /* [2609] OBJ_id_pda_placeOfBirth */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03, /* [2617] OBJ_id_pda_gender */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04, /* [2625] OBJ_id_pda_countryOfCitizenship */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05, /* [2633] OBJ_id_pda_countryOfResidence */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01, /* [2641] OBJ_id_aca_authenticationInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02, /* [2649] OBJ_id_aca_accessIdentity */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03, /* [2657] OBJ_id_aca_chargingIdentity */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04, /* [2665] OBJ_id_aca_group */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05, /* [2673] OBJ_id_aca_role */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01, /* [2681] OBJ_id_qcs_pkixQCSyntax_v1 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01, /* [2689] OBJ_id_cct_crs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02, /* [2697] OBJ_id_cct_PKIData */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03, /* [2705] OBJ_id_cct_PKIResponse */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03, /* [2713] OBJ_ad_timeStamping */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04, /* [2721] OBJ_ad_dvcs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2729] OBJ_id_pkix_OCSP_basic */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2738] OBJ_id_pkix_OCSP_Nonce */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2747] OBJ_id_pkix_OCSP_CrlID */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2756] OBJ_id_pkix_OCSP_acceptableResponses */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2765] OBJ_id_pkix_OCSP_noCheck */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2774] OBJ_id_pkix_OCSP_archiveCutoff */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2783] OBJ_id_pkix_OCSP_serviceLocator */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2792] OBJ_id_pkix_OCSP_extendedStatus */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2801] OBJ_id_pkix_OCSP_valid */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2810] OBJ_id_pkix_OCSP_path */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2819] OBJ_id_pkix_OCSP_trustRoot */ +0x2B,0x0E,0x03,0x02, /* [2828] OBJ_algorithm */ +0x2B,0x0E,0x03,0x02,0x0B, /* [2832] OBJ_rsaSignature */ +0x55,0x08, /* [2837] OBJ_X500algorithms */ +0x2B, /* [2839] OBJ_org */ +0x2B,0x06, /* [2840] OBJ_dod */ +0x2B,0x06,0x01, /* [2842] OBJ_iana */ +0x2B,0x06,0x01,0x01, /* [2845] OBJ_Directory */ +0x2B,0x06,0x01,0x02, /* [2849] OBJ_Management */ +0x2B,0x06,0x01,0x03, /* [2853] OBJ_Experimental */ +0x2B,0x06,0x01,0x04, /* [2857] OBJ_Private */ +0x2B,0x06,0x01,0x05, /* [2861] OBJ_Security */ +0x2B,0x06,0x01,0x06, /* [2865] OBJ_SNMPv2 */ +0x2B,0x06,0x01,0x07, /* [2869] OBJ_Mail */ +0x2B,0x06,0x01,0x04,0x01, /* [2873] OBJ_Enterprises */ +0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,/* [2878] OBJ_dcObject */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2887] OBJ_domainComponent */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2897] OBJ_Domain */ +0x55,0x01,0x05, /* [2907] OBJ_selected_attribute_types */ +0x55,0x01,0x05,0x37, /* [2910] OBJ_clearance */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2914] OBJ_md4WithRSAEncryption */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A, /* [2923] OBJ_ac_proxying */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B, /* [2931] OBJ_sinfo_access */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06, /* [2939] OBJ_id_aca_encAttrs */ +0x55,0x04,0x48, /* [2947] OBJ_role */ +0x55,0x1D,0x24, /* [2950] OBJ_policy_constraints */ +0x55,0x1D,0x37, /* [2953] OBJ_target_information */ +0x55,0x1D,0x38, /* [2956] OBJ_no_rev_avail */ +0x2A,0x86,0x48,0xCE,0x3D, /* [2959] OBJ_ansi_X9_62 */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01, /* [2964] OBJ_X9_62_prime_field */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02, /* [2971] OBJ_X9_62_characteristic_two_field */ +0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01, /* [2978] OBJ_X9_62_id_ecPublicKey */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01, /* [2985] OBJ_X9_62_prime192v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02, /* [2993] OBJ_X9_62_prime192v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03, /* [3001] OBJ_X9_62_prime192v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04, /* [3009] OBJ_X9_62_prime239v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05, /* [3017] OBJ_X9_62_prime239v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06, /* [3025] OBJ_X9_62_prime239v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07, /* [3033] OBJ_X9_62_prime256v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01, /* [3041] OBJ_ecdsa_with_SHA1 */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01,/* [3048] OBJ_ms_csp_name */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01,/* [3057] OBJ_aes_128_ecb */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02,/* [3066] OBJ_aes_128_cbc */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03,/* [3075] OBJ_aes_128_ofb128 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04,/* [3084] OBJ_aes_128_cfb128 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15,/* [3093] OBJ_aes_192_ecb */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16,/* [3102] OBJ_aes_192_cbc */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17,/* [3111] OBJ_aes_192_ofb128 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18,/* [3120] OBJ_aes_192_cfb128 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29,/* [3129] OBJ_aes_256_ecb */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A,/* [3138] OBJ_aes_256_cbc */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B,/* [3147] OBJ_aes_256_ofb128 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C,/* [3156] OBJ_aes_256_cfb128 */ +0x55,0x1D,0x17, /* [3165] OBJ_hold_instruction_code */ +0x2A,0x86,0x48,0xCE,0x38,0x02,0x01, /* [3168] OBJ_hold_instruction_none */ +0x2A,0x86,0x48,0xCE,0x38,0x02,0x02, /* [3175] OBJ_hold_instruction_call_issuer */ +0x2A,0x86,0x48,0xCE,0x38,0x02,0x03, /* [3182] OBJ_hold_instruction_reject */ +0x09, /* [3189] OBJ_data */ +0x09,0x92,0x26, /* [3190] OBJ_pss */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C, /* [3193] OBJ_ucl */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64, /* [3200] OBJ_pilot */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,/* [3208] OBJ_pilotAttributeType */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,/* [3217] OBJ_pilotAttributeSyntax */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,/* [3226] OBJ_pilotObjectClass */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A,/* [3235] OBJ_pilotGroups */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04,/* [3244] OBJ_iA5StringSyntax */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05,/* [3254] OBJ_caseIgnoreIA5StringSyntax */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03,/* [3264] OBJ_pilotObject */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04,/* [3274] OBJ_pilotPerson */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05,/* [3284] OBJ_account */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06,/* [3294] OBJ_document */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07,/* [3304] OBJ_room */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09,/* [3314] OBJ_documentSeries */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E,/* [3324] OBJ_rFC822localPart */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F,/* [3334] OBJ_dNSDomain */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11,/* [3344] OBJ_domainRelatedObject */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12,/* [3354] OBJ_friendlyCountry */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13,/* [3364] OBJ_simpleSecurityObject */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14,/* [3374] OBJ_pilotOrganization */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15,/* [3384] OBJ_pilotDSA */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16,/* [3394] OBJ_qualityLabelledData */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01,/* [3404] OBJ_userId */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02,/* [3414] OBJ_textEncodedORAddress */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03,/* [3424] OBJ_rfc822Mailbox */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04,/* [3434] OBJ_info */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05,/* [3444] OBJ_favouriteDrink */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06,/* [3454] OBJ_roomNumber */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07,/* [3464] OBJ_photo */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08,/* [3474] OBJ_userClass */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09,/* [3484] OBJ_host */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A,/* [3494] OBJ_manager */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B,/* [3504] OBJ_documentIdentifier */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C,/* [3514] OBJ_documentTitle */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D,/* [3524] OBJ_documentVersion */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E,/* [3534] OBJ_documentAuthor */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F,/* [3544] OBJ_documentLocation */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14,/* [3554] OBJ_homeTelephoneNumber */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15,/* [3564] OBJ_secretary */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16,/* [3574] OBJ_otherMailbox */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17,/* [3584] OBJ_lastModifiedTime */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18,/* [3594] OBJ_lastModifiedBy */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A,/* [3604] OBJ_aRecord */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B,/* [3614] OBJ_pilotAttributeType27 */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C,/* [3624] OBJ_mXRecord */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D,/* [3634] OBJ_nSRecord */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E,/* [3644] OBJ_sOARecord */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F,/* [3654] OBJ_cNAMERecord */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25,/* [3664] OBJ_associatedDomain */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26,/* [3674] OBJ_associatedName */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27,/* [3684] OBJ_homePostalAddress */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28,/* [3694] OBJ_personalTitle */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29,/* [3704] OBJ_mobileTelephoneNumber */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A,/* [3714] OBJ_pagerTelephoneNumber */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B,/* [3724] OBJ_friendlyCountryName */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D,/* [3734] OBJ_organizationalStatus */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E,/* [3744] OBJ_janetMailbox */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F,/* [3754] OBJ_mailPreferenceOption */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30,/* [3764] OBJ_buildingName */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31,/* [3774] OBJ_dSAQuality */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32,/* [3784] OBJ_singleLevelQuality */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33,/* [3794] OBJ_subtreeMinimumQuality */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34,/* [3804] OBJ_subtreeMaximumQuality */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35,/* [3814] OBJ_personalSignature */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36,/* [3824] OBJ_dITRedirect */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37,/* [3834] OBJ_audio */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38,/* [3844] OBJ_documentPublisher */ +0x55,0x04,0x2D, /* [3854] OBJ_x500UniqueIdentifier */ +0x2B,0x06,0x01,0x07,0x01, /* [3857] OBJ_mime_mhs */ +0x2B,0x06,0x01,0x07,0x01,0x01, /* [3862] OBJ_mime_mhs_headings */ +0x2B,0x06,0x01,0x07,0x01,0x02, /* [3868] OBJ_mime_mhs_bodies */ +0x2B,0x06,0x01,0x07,0x01,0x01,0x01, /* [3874] OBJ_id_hex_partial_message */ +0x2B,0x06,0x01,0x07,0x01,0x01,0x02, /* [3881] OBJ_id_hex_multipart_message */ +0x55,0x04,0x2C, /* [3888] OBJ_generationQualifier */ +0x55,0x04,0x41, /* [3891] OBJ_pseudonym */ +0x67,0x2A, /* [3894] OBJ_id_set */ +0x67,0x2A,0x00, /* [3896] OBJ_set_ctype */ +0x67,0x2A,0x01, /* [3899] OBJ_set_msgExt */ +0x67,0x2A,0x03, /* [3902] OBJ_set_attr */ +0x67,0x2A,0x05, /* [3905] OBJ_set_policy */ +0x67,0x2A,0x07, /* [3908] OBJ_set_certExt */ +0x67,0x2A,0x08, /* [3911] OBJ_set_brand */ +0x67,0x2A,0x00,0x00, /* [3914] OBJ_setct_PANData */ +0x67,0x2A,0x00,0x01, /* [3918] OBJ_setct_PANToken */ +0x67,0x2A,0x00,0x02, /* [3922] OBJ_setct_PANOnly */ +0x67,0x2A,0x00,0x03, /* [3926] OBJ_setct_OIData */ +0x67,0x2A,0x00,0x04, /* [3930] OBJ_setct_PI */ +0x67,0x2A,0x00,0x05, /* [3934] OBJ_setct_PIData */ +0x67,0x2A,0x00,0x06, /* [3938] OBJ_setct_PIDataUnsigned */ +0x67,0x2A,0x00,0x07, /* [3942] OBJ_setct_HODInput */ +0x67,0x2A,0x00,0x08, /* [3946] OBJ_setct_AuthResBaggage */ +0x67,0x2A,0x00,0x09, /* [3950] OBJ_setct_AuthRevReqBaggage */ +0x67,0x2A,0x00,0x0A, /* [3954] OBJ_setct_AuthRevResBaggage */ +0x67,0x2A,0x00,0x0B, /* [3958] OBJ_setct_CapTokenSeq */ +0x67,0x2A,0x00,0x0C, /* [3962] OBJ_setct_PInitResData */ +0x67,0x2A,0x00,0x0D, /* [3966] OBJ_setct_PI_TBS */ +0x67,0x2A,0x00,0x0E, /* [3970] OBJ_setct_PResData */ +0x67,0x2A,0x00,0x10, /* [3974] OBJ_setct_AuthReqTBS */ +0x67,0x2A,0x00,0x11, /* [3978] OBJ_setct_AuthResTBS */ +0x67,0x2A,0x00,0x12, /* [3982] OBJ_setct_AuthResTBSX */ +0x67,0x2A,0x00,0x13, /* [3986] OBJ_setct_AuthTokenTBS */ +0x67,0x2A,0x00,0x14, /* [3990] OBJ_setct_CapTokenData */ +0x67,0x2A,0x00,0x15, /* [3994] OBJ_setct_CapTokenTBS */ +0x67,0x2A,0x00,0x16, /* [3998] OBJ_setct_AcqCardCodeMsg */ +0x67,0x2A,0x00,0x17, /* [4002] OBJ_setct_AuthRevReqTBS */ +0x67,0x2A,0x00,0x18, /* [4006] OBJ_setct_AuthRevResData */ +0x67,0x2A,0x00,0x19, /* [4010] OBJ_setct_AuthRevResTBS */ +0x67,0x2A,0x00,0x1A, /* [4014] OBJ_setct_CapReqTBS */ +0x67,0x2A,0x00,0x1B, /* [4018] OBJ_setct_CapReqTBSX */ +0x67,0x2A,0x00,0x1C, /* [4022] OBJ_setct_CapResData */ +0x67,0x2A,0x00,0x1D, /* [4026] OBJ_setct_CapRevReqTBS */ +0x67,0x2A,0x00,0x1E, /* [4030] OBJ_setct_CapRevReqTBSX */ +0x67,0x2A,0x00,0x1F, /* [4034] OBJ_setct_CapRevResData */ +0x67,0x2A,0x00,0x20, /* [4038] OBJ_setct_CredReqTBS */ +0x67,0x2A,0x00,0x21, /* [4042] OBJ_setct_CredReqTBSX */ +0x67,0x2A,0x00,0x22, /* [4046] OBJ_setct_CredResData */ +0x67,0x2A,0x00,0x23, /* [4050] OBJ_setct_CredRevReqTBS */ +0x67,0x2A,0x00,0x24, /* [4054] OBJ_setct_CredRevReqTBSX */ +0x67,0x2A,0x00,0x25, /* [4058] OBJ_setct_CredRevResData */ +0x67,0x2A,0x00,0x26, /* [4062] OBJ_setct_PCertReqData */ +0x67,0x2A,0x00,0x27, /* [4066] OBJ_setct_PCertResTBS */ +0x67,0x2A,0x00,0x28, /* [4070] OBJ_setct_BatchAdminReqData */ +0x67,0x2A,0x00,0x29, /* [4074] OBJ_setct_BatchAdminResData */ +0x67,0x2A,0x00,0x2A, /* [4078] OBJ_setct_CardCInitResTBS */ +0x67,0x2A,0x00,0x2B, /* [4082] OBJ_setct_MeAqCInitResTBS */ +0x67,0x2A,0x00,0x2C, /* [4086] OBJ_setct_RegFormResTBS */ +0x67,0x2A,0x00,0x2D, /* [4090] OBJ_setct_CertReqData */ +0x67,0x2A,0x00,0x2E, /* [4094] OBJ_setct_CertReqTBS */ +0x67,0x2A,0x00,0x2F, /* [4098] OBJ_setct_CertResData */ +0x67,0x2A,0x00,0x30, /* [4102] OBJ_setct_CertInqReqTBS */ +0x67,0x2A,0x00,0x31, /* [4106] OBJ_setct_ErrorTBS */ +0x67,0x2A,0x00,0x32, /* [4110] OBJ_setct_PIDualSignedTBE */ +0x67,0x2A,0x00,0x33, /* [4114] OBJ_setct_PIUnsignedTBE */ +0x67,0x2A,0x00,0x34, /* [4118] OBJ_setct_AuthReqTBE */ +0x67,0x2A,0x00,0x35, /* [4122] OBJ_setct_AuthResTBE */ +0x67,0x2A,0x00,0x36, /* [4126] OBJ_setct_AuthResTBEX */ +0x67,0x2A,0x00,0x37, /* [4130] OBJ_setct_AuthTokenTBE */ +0x67,0x2A,0x00,0x38, /* [4134] OBJ_setct_CapTokenTBE */ +0x67,0x2A,0x00,0x39, /* [4138] OBJ_setct_CapTokenTBEX */ +0x67,0x2A,0x00,0x3A, /* [4142] OBJ_setct_AcqCardCodeMsgTBE */ +0x67,0x2A,0x00,0x3B, /* [4146] OBJ_setct_AuthRevReqTBE */ +0x67,0x2A,0x00,0x3C, /* [4150] OBJ_setct_AuthRevResTBE */ +0x67,0x2A,0x00,0x3D, /* [4154] OBJ_setct_AuthRevResTBEB */ +0x67,0x2A,0x00,0x3E, /* [4158] OBJ_setct_CapReqTBE */ +0x67,0x2A,0x00,0x3F, /* [4162] OBJ_setct_CapReqTBEX */ +0x67,0x2A,0x00,0x40, /* [4166] OBJ_setct_CapResTBE */ +0x67,0x2A,0x00,0x41, /* [4170] OBJ_setct_CapRevReqTBE */ +0x67,0x2A,0x00,0x42, /* [4174] OBJ_setct_CapRevReqTBEX */ +0x67,0x2A,0x00,0x43, /* [4178] OBJ_setct_CapRevResTBE */ +0x67,0x2A,0x00,0x44, /* [4182] OBJ_setct_CredReqTBE */ +0x67,0x2A,0x00,0x45, /* [4186] OBJ_setct_CredReqTBEX */ +0x67,0x2A,0x00,0x46, /* [4190] OBJ_setct_CredResTBE */ +0x67,0x2A,0x00,0x47, /* [4194] OBJ_setct_CredRevReqTBE */ +0x67,0x2A,0x00,0x48, /* [4198] OBJ_setct_CredRevReqTBEX */ +0x67,0x2A,0x00,0x49, /* [4202] OBJ_setct_CredRevResTBE */ +0x67,0x2A,0x00,0x4A, /* [4206] OBJ_setct_BatchAdminReqTBE */ +0x67,0x2A,0x00,0x4B, /* [4210] OBJ_setct_BatchAdminResTBE */ +0x67,0x2A,0x00,0x4C, /* [4214] OBJ_setct_RegFormReqTBE */ +0x67,0x2A,0x00,0x4D, /* [4218] OBJ_setct_CertReqTBE */ +0x67,0x2A,0x00,0x4E, /* [4222] OBJ_setct_CertReqTBEX */ +0x67,0x2A,0x00,0x4F, /* [4226] OBJ_setct_CertResTBE */ +0x67,0x2A,0x00,0x50, /* [4230] OBJ_setct_CRLNotificationTBS */ +0x67,0x2A,0x00,0x51, /* [4234] OBJ_setct_CRLNotificationResTBS */ +0x67,0x2A,0x00,0x52, /* [4238] OBJ_setct_BCIDistributionTBS */ +0x67,0x2A,0x01,0x01, /* [4242] OBJ_setext_genCrypt */ +0x67,0x2A,0x01,0x03, /* [4246] OBJ_setext_miAuth */ +0x67,0x2A,0x01,0x04, /* [4250] OBJ_setext_pinSecure */ +0x67,0x2A,0x01,0x05, /* [4254] OBJ_setext_pinAny */ +0x67,0x2A,0x01,0x07, /* [4258] OBJ_setext_track2 */ +0x67,0x2A,0x01,0x08, /* [4262] OBJ_setext_cv */ +0x67,0x2A,0x05,0x00, /* [4266] OBJ_set_policy_root */ +0x67,0x2A,0x07,0x00, /* [4270] OBJ_setCext_hashedRoot */ +0x67,0x2A,0x07,0x01, /* [4274] OBJ_setCext_certType */ +0x67,0x2A,0x07,0x02, /* [4278] OBJ_setCext_merchData */ +0x67,0x2A,0x07,0x03, /* [4282] OBJ_setCext_cCertRequired */ +0x67,0x2A,0x07,0x04, /* [4286] OBJ_setCext_tunneling */ +0x67,0x2A,0x07,0x05, /* [4290] OBJ_setCext_setExt */ +0x67,0x2A,0x07,0x06, /* [4294] OBJ_setCext_setQualf */ +0x67,0x2A,0x07,0x07, /* [4298] OBJ_setCext_PGWYcapabilities */ +0x67,0x2A,0x07,0x08, /* [4302] OBJ_setCext_TokenIdentifier */ +0x67,0x2A,0x07,0x09, /* [4306] OBJ_setCext_Track2Data */ +0x67,0x2A,0x07,0x0A, /* [4310] OBJ_setCext_TokenType */ +0x67,0x2A,0x07,0x0B, /* [4314] OBJ_setCext_IssuerCapabilities */ +0x67,0x2A,0x03,0x00, /* [4318] OBJ_setAttr_Cert */ +0x67,0x2A,0x03,0x01, /* [4322] OBJ_setAttr_PGWYcap */ +0x67,0x2A,0x03,0x02, /* [4326] OBJ_setAttr_TokenType */ +0x67,0x2A,0x03,0x03, /* [4330] OBJ_setAttr_IssCap */ +0x67,0x2A,0x03,0x00,0x00, /* [4334] OBJ_set_rootKeyThumb */ +0x67,0x2A,0x03,0x00,0x01, /* [4339] OBJ_set_addPolicy */ +0x67,0x2A,0x03,0x02,0x01, /* [4344] OBJ_setAttr_Token_EMV */ +0x67,0x2A,0x03,0x02,0x02, /* [4349] OBJ_setAttr_Token_B0Prime */ +0x67,0x2A,0x03,0x03,0x03, /* [4354] OBJ_setAttr_IssCap_CVM */ +0x67,0x2A,0x03,0x03,0x04, /* [4359] OBJ_setAttr_IssCap_T2 */ +0x67,0x2A,0x03,0x03,0x05, /* [4364] OBJ_setAttr_IssCap_Sig */ +0x67,0x2A,0x03,0x03,0x03,0x01, /* [4369] OBJ_setAttr_GenCryptgrm */ +0x67,0x2A,0x03,0x03,0x04,0x01, /* [4375] OBJ_setAttr_T2Enc */ +0x67,0x2A,0x03,0x03,0x04,0x02, /* [4381] OBJ_setAttr_T2cleartxt */ +0x67,0x2A,0x03,0x03,0x05,0x01, /* [4387] OBJ_setAttr_TokICCsig */ +0x67,0x2A,0x03,0x03,0x05,0x02, /* [4393] OBJ_setAttr_SecDevSig */ +0x67,0x2A,0x08,0x01, /* [4399] OBJ_set_brand_IATA_ATA */ +0x67,0x2A,0x08,0x1E, /* [4403] OBJ_set_brand_Diners */ +0x67,0x2A,0x08,0x22, /* [4407] OBJ_set_brand_AmericanExpress */ +0x67,0x2A,0x08,0x23, /* [4411] OBJ_set_brand_JCB */ +0x67,0x2A,0x08,0x04, /* [4415] OBJ_set_brand_Visa */ +0x67,0x2A,0x08,0x05, /* [4419] OBJ_set_brand_MasterCard */ +0x67,0x2A,0x08,0xAE,0x7B, /* [4423] OBJ_set_brand_Novus */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A, /* [4428] OBJ_des_cdmf */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06,/* [4436] OBJ_rsaOAEPEncryptionSET */ +0x67, /* [4445] OBJ_international_organizations */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [4446] OBJ_ms_smartcard_login */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [4456] OBJ_ms_upn */ +0x55,0x04,0x09, /* [4466] OBJ_streetAddress */ +0x55,0x04,0x11, /* [4469] OBJ_postalCode */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x15, /* [4472] OBJ_id_ppl */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0E, /* [4479] OBJ_proxyCertInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00, /* [4487] OBJ_id_ppl_anyLanguage */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01, /* [4495] OBJ_id_ppl_inheritAll */ +0x55,0x1D,0x1E, /* [4503] OBJ_name_constraints */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02, /* [4506] OBJ_Independent */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,/* [4514] OBJ_sha256WithRSAEncryption */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C,/* [4523] OBJ_sha384WithRSAEncryption */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D,/* [4532] OBJ_sha512WithRSAEncryption */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E,/* [4541] OBJ_sha224WithRSAEncryption */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,/* [4550] OBJ_sha256 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,/* [4559] OBJ_sha384 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,/* [4568] OBJ_sha512 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,/* [4577] OBJ_sha224 */ +0x2B, /* [4586] OBJ_identified_organization */ +0x2B,0x81,0x04, /* [4587] OBJ_certicom_arc */ +0x67,0x2B, /* [4590] OBJ_wap */ +0x67,0x2B,0x01, /* [4592] OBJ_wap_wsg */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03, /* [4595] OBJ_X9_62_id_characteristic_two_basis */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,/* [4603] OBJ_X9_62_onBasis */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,/* [4612] OBJ_X9_62_tpBasis */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x03,/* [4621] OBJ_X9_62_ppBasis */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x01, /* [4630] OBJ_X9_62_c2pnb163v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x02, /* [4638] OBJ_X9_62_c2pnb163v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x03, /* [4646] OBJ_X9_62_c2pnb163v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x04, /* [4654] OBJ_X9_62_c2pnb176v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x05, /* [4662] OBJ_X9_62_c2tnb191v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x06, /* [4670] OBJ_X9_62_c2tnb191v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x07, /* [4678] OBJ_X9_62_c2tnb191v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x08, /* [4686] OBJ_X9_62_c2onb191v4 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x09, /* [4694] OBJ_X9_62_c2onb191v5 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0A, /* [4702] OBJ_X9_62_c2pnb208w1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0B, /* [4710] OBJ_X9_62_c2tnb239v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0C, /* [4718] OBJ_X9_62_c2tnb239v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0D, /* [4726] OBJ_X9_62_c2tnb239v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0E, /* [4734] OBJ_X9_62_c2onb239v4 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0F, /* [4742] OBJ_X9_62_c2onb239v5 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x10, /* [4750] OBJ_X9_62_c2pnb272w1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x11, /* [4758] OBJ_X9_62_c2pnb304w1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12, /* [4766] OBJ_X9_62_c2tnb359v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13, /* [4774] OBJ_X9_62_c2pnb368w1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14, /* [4782] OBJ_X9_62_c2tnb431r1 */ +0x2B,0x81,0x04,0x00,0x06, /* [4790] OBJ_secp112r1 */ +0x2B,0x81,0x04,0x00,0x07, /* [4795] OBJ_secp112r2 */ +0x2B,0x81,0x04,0x00,0x1C, /* [4800] OBJ_secp128r1 */ +0x2B,0x81,0x04,0x00,0x1D, /* [4805] OBJ_secp128r2 */ +0x2B,0x81,0x04,0x00,0x09, /* [4810] OBJ_secp160k1 */ +0x2B,0x81,0x04,0x00,0x08, /* [4815] OBJ_secp160r1 */ +0x2B,0x81,0x04,0x00,0x1E, /* [4820] OBJ_secp160r2 */ +0x2B,0x81,0x04,0x00,0x1F, /* [4825] OBJ_secp192k1 */ +0x2B,0x81,0x04,0x00,0x20, /* [4830] OBJ_secp224k1 */ +0x2B,0x81,0x04,0x00,0x21, /* [4835] OBJ_secp224r1 */ +0x2B,0x81,0x04,0x00,0x0A, /* [4840] OBJ_secp256k1 */ +0x2B,0x81,0x04,0x00,0x22, /* [4845] OBJ_secp384r1 */ +0x2B,0x81,0x04,0x00,0x23, /* [4850] OBJ_secp521r1 */ +0x2B,0x81,0x04,0x00,0x04, /* [4855] OBJ_sect113r1 */ +0x2B,0x81,0x04,0x00,0x05, /* [4860] OBJ_sect113r2 */ +0x2B,0x81,0x04,0x00,0x16, /* [4865] OBJ_sect131r1 */ +0x2B,0x81,0x04,0x00,0x17, /* [4870] OBJ_sect131r2 */ +0x2B,0x81,0x04,0x00,0x01, /* [4875] OBJ_sect163k1 */ +0x2B,0x81,0x04,0x00,0x02, /* [4880] OBJ_sect163r1 */ +0x2B,0x81,0x04,0x00,0x0F, /* [4885] OBJ_sect163r2 */ +0x2B,0x81,0x04,0x00,0x18, /* [4890] OBJ_sect193r1 */ +0x2B,0x81,0x04,0x00,0x19, /* [4895] OBJ_sect193r2 */ +0x2B,0x81,0x04,0x00,0x1A, /* [4900] OBJ_sect233k1 */ +0x2B,0x81,0x04,0x00,0x1B, /* [4905] OBJ_sect233r1 */ +0x2B,0x81,0x04,0x00,0x03, /* [4910] OBJ_sect239k1 */ +0x2B,0x81,0x04,0x00,0x10, /* [4915] OBJ_sect283k1 */ +0x2B,0x81,0x04,0x00,0x11, /* [4920] OBJ_sect283r1 */ +0x2B,0x81,0x04,0x00,0x24, /* [4925] OBJ_sect409k1 */ +0x2B,0x81,0x04,0x00,0x25, /* [4930] OBJ_sect409r1 */ +0x2B,0x81,0x04,0x00,0x26, /* [4935] OBJ_sect571k1 */ +0x2B,0x81,0x04,0x00,0x27, /* [4940] OBJ_sect571r1 */ +0x67,0x2B,0x01,0x04,0x01, /* [4945] OBJ_wap_wsg_idm_ecid_wtls1 */ +0x67,0x2B,0x01,0x04,0x03, /* [4950] OBJ_wap_wsg_idm_ecid_wtls3 */ +0x67,0x2B,0x01,0x04,0x04, /* [4955] OBJ_wap_wsg_idm_ecid_wtls4 */ +0x67,0x2B,0x01,0x04,0x05, /* [4960] OBJ_wap_wsg_idm_ecid_wtls5 */ +0x67,0x2B,0x01,0x04,0x06, /* [4965] OBJ_wap_wsg_idm_ecid_wtls6 */ +0x67,0x2B,0x01,0x04,0x07, /* [4970] OBJ_wap_wsg_idm_ecid_wtls7 */ +0x67,0x2B,0x01,0x04,0x08, /* [4975] OBJ_wap_wsg_idm_ecid_wtls8 */ +0x67,0x2B,0x01,0x04,0x09, /* [4980] OBJ_wap_wsg_idm_ecid_wtls9 */ +0x67,0x2B,0x01,0x04,0x0A, /* [4985] OBJ_wap_wsg_idm_ecid_wtls10 */ +0x67,0x2B,0x01,0x04,0x0B, /* [4990] OBJ_wap_wsg_idm_ecid_wtls11 */ +0x67,0x2B,0x01,0x04,0x0C, /* [4995] OBJ_wap_wsg_idm_ecid_wtls12 */ +0x55,0x1D,0x20,0x00, /* [5000] OBJ_any_policy */ +0x55,0x1D,0x21, /* [5004] OBJ_policy_mappings */ +0x55,0x1D,0x36, /* [5007] OBJ_inhibit_any_policy */ +0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x02,/* [5010] OBJ_camellia_128_cbc */ +0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x03,/* [5021] OBJ_camellia_192_cbc */ +0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x04,/* [5032] OBJ_camellia_256_cbc */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x01, /* [5043] OBJ_camellia_128_ecb */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x15, /* [5051] OBJ_camellia_192_ecb */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x29, /* [5059] OBJ_camellia_256_ecb */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x04, /* [5067] OBJ_camellia_128_cfb128 */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x18, /* [5075] OBJ_camellia_192_cfb128 */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2C, /* [5083] OBJ_camellia_256_cfb128 */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x03, /* [5091] OBJ_camellia_128_ofb128 */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x17, /* [5099] OBJ_camellia_192_ofb128 */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2B, /* [5107] OBJ_camellia_256_ofb128 */ +0x55,0x1D,0x09, /* [5115] OBJ_subject_directory_attributes */ +0x55,0x1D,0x1C, /* [5118] OBJ_issuing_distribution_point */ +0x55,0x1D,0x1D, /* [5121] OBJ_certificate_issuer */ +0x2A,0x83,0x1A,0x8C,0x9A,0x44, /* [5124] OBJ_kisa */ +0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x03, /* [5130] OBJ_seed_ecb */ +0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x04, /* [5138] OBJ_seed_cbc */ +0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x06, /* [5146] OBJ_seed_ofb128 */ +0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x05, /* [5154] OBJ_seed_cfb128 */ +0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x01, /* [5162] OBJ_hmac_md5 */ +0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x02, /* [5170] OBJ_hmac_sha1 */ +0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0D,/* [5178] OBJ_id_PasswordBasedMAC */ +0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x1E,/* [5187] OBJ_id_DHBasedMac */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x10, /* [5196] OBJ_id_it_suppLangTags */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x05, /* [5204] OBJ_caRepository */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x09,/* [5212] OBJ_id_smime_ct_compressedData */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1B,/* [5223] OBJ_id_ct_asciiTextWithCRLF */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x05,/* [5234] OBJ_id_aes128_wrap */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x19,/* [5243] OBJ_id_aes192_wrap */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2D,/* [5252] OBJ_id_aes256_wrap */ +0x2A,0x86,0x48,0xCE,0x3D,0x04,0x02, /* [5261] OBJ_ecdsa_with_Recommended */ +0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03, /* [5268] OBJ_ecdsa_with_Specified */ +0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x01, /* [5275] OBJ_ecdsa_with_SHA224 */ +0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x02, /* [5283] OBJ_ecdsa_with_SHA256 */ +0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x03, /* [5291] OBJ_ecdsa_with_SHA384 */ +0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x04, /* [5299] OBJ_ecdsa_with_SHA512 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x06, /* [5307] OBJ_hmacWithMD5 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x08, /* [5315] OBJ_hmacWithSHA224 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x09, /* [5323] OBJ_hmacWithSHA256 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0A, /* [5331] OBJ_hmacWithSHA384 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0B, /* [5339] OBJ_hmacWithSHA512 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x01,/* [5347] OBJ_dsa_with_SHA224 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x02,/* [5356] OBJ_dsa_with_SHA256 */ +0x28,0xCF,0x06,0x03,0x00,0x37, /* [5365] OBJ_whirlpool */ +0x2A,0x85,0x03,0x02,0x02, /* [5371] OBJ_cryptopro */ +0x2A,0x85,0x03,0x02,0x09, /* [5376] OBJ_cryptocom */ +0x2A,0x85,0x03,0x02,0x02,0x03, /* [5381] OBJ_id_GostR3411_94_with_GostR3410_2001 */ +0x2A,0x85,0x03,0x02,0x02,0x04, /* [5387] OBJ_id_GostR3411_94_with_GostR3410_94 */ +0x2A,0x85,0x03,0x02,0x02,0x09, /* [5393] OBJ_id_GostR3411_94 */ +0x2A,0x85,0x03,0x02,0x02,0x0A, /* [5399] OBJ_id_HMACGostR3411_94 */ +0x2A,0x85,0x03,0x02,0x02,0x13, /* [5405] OBJ_id_GostR3410_2001 */ +0x2A,0x85,0x03,0x02,0x02,0x14, /* [5411] OBJ_id_GostR3410_94 */ +0x2A,0x85,0x03,0x02,0x02,0x15, /* [5417] OBJ_id_Gost28147_89 */ +0x2A,0x85,0x03,0x02,0x02,0x16, /* [5423] OBJ_id_Gost28147_89_MAC */ +0x2A,0x85,0x03,0x02,0x02,0x17, /* [5429] OBJ_id_GostR3411_94_prf */ +0x2A,0x85,0x03,0x02,0x02,0x62, /* [5435] OBJ_id_GostR3410_2001DH */ +0x2A,0x85,0x03,0x02,0x02,0x63, /* [5441] OBJ_id_GostR3410_94DH */ +0x2A,0x85,0x03,0x02,0x02,0x0E,0x01, /* [5447] OBJ_id_Gost28147_89_CryptoPro_KeyMeshing */ +0x2A,0x85,0x03,0x02,0x02,0x0E,0x00, /* [5454] OBJ_id_Gost28147_89_None_KeyMeshing */ +0x2A,0x85,0x03,0x02,0x02,0x1E,0x00, /* [5461] OBJ_id_GostR3411_94_TestParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x1E,0x01, /* [5468] OBJ_id_GostR3411_94_CryptoProParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x1F,0x00, /* [5475] OBJ_id_Gost28147_89_TestParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x1F,0x01, /* [5482] OBJ_id_Gost28147_89_CryptoPro_A_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x1F,0x02, /* [5489] OBJ_id_Gost28147_89_CryptoPro_B_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x1F,0x03, /* [5496] OBJ_id_Gost28147_89_CryptoPro_C_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x1F,0x04, /* [5503] OBJ_id_Gost28147_89_CryptoPro_D_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x1F,0x05, /* [5510] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x1F,0x06, /* [5517] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x1F,0x07, /* [5524] OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x20,0x00, /* [5531] OBJ_id_GostR3410_94_TestParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x20,0x02, /* [5538] OBJ_id_GostR3410_94_CryptoPro_A_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x20,0x03, /* [5545] OBJ_id_GostR3410_94_CryptoPro_B_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x20,0x04, /* [5552] OBJ_id_GostR3410_94_CryptoPro_C_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x20,0x05, /* [5559] OBJ_id_GostR3410_94_CryptoPro_D_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x21,0x01, /* [5566] OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x21,0x02, /* [5573] OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x21,0x03, /* [5580] OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x23,0x00, /* [5587] OBJ_id_GostR3410_2001_TestParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x23,0x01, /* [5594] OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x23,0x02, /* [5601] OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x23,0x03, /* [5608] OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x24,0x00, /* [5615] OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x24,0x01, /* [5622] OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x14,0x01, /* [5629] OBJ_id_GostR3410_94_a */ +0x2A,0x85,0x03,0x02,0x02,0x14,0x02, /* [5636] OBJ_id_GostR3410_94_aBis */ +0x2A,0x85,0x03,0x02,0x02,0x14,0x03, /* [5643] OBJ_id_GostR3410_94_b */ +0x2A,0x85,0x03,0x02,0x02,0x14,0x04, /* [5650] OBJ_id_GostR3410_94_bBis */ +0x2A,0x85,0x03,0x02,0x09,0x01,0x06,0x01, /* [5657] OBJ_id_Gost28147_89_cc */ +0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x03, /* [5665] OBJ_id_GostR3410_94_cc */ +0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x04, /* [5673] OBJ_id_GostR3410_2001_cc */ +0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x03, /* [5681] OBJ_id_GostR3411_94_with_GostR3410_94_cc */ +0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x04, /* [5689] OBJ_id_GostR3411_94_with_GostR3410_2001_cc */ +0x2A,0x85,0x03,0x02,0x09,0x01,0x08,0x01, /* [5697] OBJ_id_GostR3410_2001_ParamSet_cc */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x02,/* [5705] OBJ_LocalKeySet */ +0x55,0x1D,0x2E, /* [5714] OBJ_freshest_crl */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x03, /* [5717] OBJ_id_on_permanentIdentifier */ +0x55,0x04,0x0E, /* [5725] OBJ_searchGuide */ +0x55,0x04,0x0F, /* [5728] OBJ_businessCategory */ +0x55,0x04,0x10, /* [5731] OBJ_postalAddress */ +0x55,0x04,0x12, /* [5734] OBJ_postOfficeBox */ +0x55,0x04,0x13, /* [5737] OBJ_physicalDeliveryOfficeName */ +0x55,0x04,0x14, /* [5740] OBJ_telephoneNumber */ +0x55,0x04,0x15, /* [5743] OBJ_telexNumber */ +0x55,0x04,0x16, /* [5746] OBJ_teletexTerminalIdentifier */ +0x55,0x04,0x17, /* [5749] OBJ_facsimileTelephoneNumber */ +0x55,0x04,0x18, /* [5752] OBJ_x121Address */ +0x55,0x04,0x19, /* [5755] OBJ_internationaliSDNNumber */ +0x55,0x04,0x1A, /* [5758] OBJ_registeredAddress */ +0x55,0x04,0x1B, /* [5761] OBJ_destinationIndicator */ +0x55,0x04,0x1C, /* [5764] OBJ_preferredDeliveryMethod */ +0x55,0x04,0x1D, /* [5767] OBJ_presentationAddress */ +0x55,0x04,0x1E, /* [5770] OBJ_supportedApplicationContext */ +0x55,0x04,0x1F, /* [5773] OBJ_member */ +0x55,0x04,0x20, /* [5776] OBJ_owner */ +0x55,0x04,0x21, /* [5779] OBJ_roleOccupant */ +0x55,0x04,0x22, /* [5782] OBJ_seeAlso */ +0x55,0x04,0x23, /* [5785] OBJ_userPassword */ +0x55,0x04,0x24, /* [5788] OBJ_userCertificate */ +0x55,0x04,0x25, /* [5791] OBJ_cACertificate */ +0x55,0x04,0x26, /* [5794] OBJ_authorityRevocationList */ +0x55,0x04,0x27, /* [5797] OBJ_certificateRevocationList */ +0x55,0x04,0x28, /* [5800] OBJ_crossCertificatePair */ +0x55,0x04,0x2F, /* [5803] OBJ_enhancedSearchGuide */ +0x55,0x04,0x30, /* [5806] OBJ_protocolInformation */ +0x55,0x04,0x31, /* [5809] OBJ_distinguishedName */ +0x55,0x04,0x32, /* [5812] OBJ_uniqueMember */ +0x55,0x04,0x33, /* [5815] OBJ_houseIdentifier */ +0x55,0x04,0x34, /* [5818] OBJ_supportedAlgorithms */ +0x55,0x04,0x35, /* [5821] OBJ_deltaRevocationList */ +0x55,0x04,0x36, /* [5824] OBJ_dmdName */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x09,/* [5827] OBJ_id_alg_PWRI_KEK */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x06,/* [5838] OBJ_aes_128_gcm */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x07,/* [5847] OBJ_aes_128_ccm */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x08,/* [5856] OBJ_id_aes128_wrap_pad */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1A,/* [5865] OBJ_aes_192_gcm */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1B,/* [5874] OBJ_aes_192_ccm */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1C,/* [5883] OBJ_id_aes192_wrap_pad */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2E,/* [5892] OBJ_aes_256_gcm */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2F,/* [5901] OBJ_aes_256_ccm */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x30,/* [5910] OBJ_id_aes256_wrap_pad */ +0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x02,/* [5919] OBJ_id_camellia128_wrap */ +0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x03,/* [5930] OBJ_id_camellia192_wrap */ +0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x04,/* [5941] OBJ_id_camellia256_wrap */ +0x55,0x1D,0x25,0x00, /* [5952] OBJ_anyExtendedKeyUsage */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x08,/* [5956] OBJ_mgf1 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0A,/* [5965] OBJ_rsassaPss */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x07,/* [5974] OBJ_rsaesOaep */ +0x2A,0x86,0x48,0xCE,0x3E,0x02,0x01, /* [5983] OBJ_dhpublicnumber */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x01,/* [5990] OBJ_brainpoolP160r1 */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x02,/* [5999] OBJ_brainpoolP160t1 */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x03,/* [6008] OBJ_brainpoolP192r1 */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x04,/* [6017] OBJ_brainpoolP192t1 */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x05,/* [6026] OBJ_brainpoolP224r1 */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x06,/* [6035] OBJ_brainpoolP224t1 */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07,/* [6044] OBJ_brainpoolP256r1 */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x08,/* [6053] OBJ_brainpoolP256t1 */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x09,/* [6062] OBJ_brainpoolP320r1 */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0A,/* [6071] OBJ_brainpoolP320t1 */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0B,/* [6080] OBJ_brainpoolP384r1 */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0C,/* [6089] OBJ_brainpoolP384t1 */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0D,/* [6098] OBJ_brainpoolP512r1 */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0E,/* [6107] OBJ_brainpoolP512t1 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x09,/* [6116] OBJ_pSpecified */ +0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x02,/* [6125] OBJ_dhSinglePass_stdDH_sha1kdf_scheme */ +0x2B,0x81,0x04,0x01,0x0B,0x00, /* [6134] OBJ_dhSinglePass_stdDH_sha224kdf_scheme */ +0x2B,0x81,0x04,0x01,0x0B,0x01, /* [6140] OBJ_dhSinglePass_stdDH_sha256kdf_scheme */ +0x2B,0x81,0x04,0x01,0x0B,0x02, /* [6146] OBJ_dhSinglePass_stdDH_sha384kdf_scheme */ +0x2B,0x81,0x04,0x01,0x0B,0x03, /* [6152] OBJ_dhSinglePass_stdDH_sha512kdf_scheme */ +0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x03,/* [6158] OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme */ +0x2B,0x81,0x04,0x01,0x0E,0x00, /* [6167] OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme */ +0x2B,0x81,0x04,0x01,0x0E,0x01, /* [6173] OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme */ +0x2B,0x81,0x04,0x01,0x0E,0x02, /* [6179] OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme */ +0x2B,0x81,0x04,0x01,0x0E,0x03, /* [6185] OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme */ +0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x02,/* [6191] OBJ_ct_precert_scts */ +0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x03,/* [6201] OBJ_ct_precert_poison */ +0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x04,/* [6211] OBJ_ct_precert_signer */ +0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x05,/* [6221] OBJ_ct_cert_scts */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x01,/* [6231] OBJ_jurisdictionLocalityName */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x02,/* [6242] OBJ_jurisdictionStateOrProvinceName */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x03,/* [6253] OBJ_jurisdictionCountryName */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x06, /* [6264] OBJ_camellia_128_gcm */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x07, /* [6272] OBJ_camellia_128_ccm */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x09, /* [6280] OBJ_camellia_128_ctr */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x0A, /* [6288] OBJ_camellia_128_cmac */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1A, /* [6296] OBJ_camellia_192_gcm */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1B, /* [6304] OBJ_camellia_192_ccm */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1D, /* [6312] OBJ_camellia_192_ctr */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1E, /* [6320] OBJ_camellia_192_cmac */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2E, /* [6328] OBJ_camellia_256_gcm */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2F, /* [6336] OBJ_camellia_256_ccm */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x31, /* [6344] OBJ_camellia_256_ctr */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x32, /* [6352] OBJ_camellia_256_cmac */ }; static const ASN1_OBJECT nid_objs[NUM_NID]={ @@ -1108,905 +1109,905 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ {"GN","givenName",NID_givenName,3,&(lvalues[534]),0}, {"SN","surname",NID_surname,3,&(lvalues[537]),0}, {"initials","initials",NID_initials,3,&(lvalues[540]),0}, -{NULL,NULL,NID_undef,0,NULL,0}, +{"uid","uniqueIdentifier",NID_uniqueIdentifier,10,&(lvalues[543]),0}, {"crlDistributionPoints","X509v3 CRL Distribution Points", - NID_crl_distribution_points,3,&(lvalues[543]),0}, -{"RSA-NP-MD5","md5WithRSA",NID_md5WithRSA,5,&(lvalues[546]),0}, -{"serialNumber","serialNumber",NID_serialNumber,3,&(lvalues[551]),0}, -{"title","title",NID_title,3,&(lvalues[554]),0}, -{"description","description",NID_description,3,&(lvalues[557]),0}, -{"CAST5-CBC","cast5-cbc",NID_cast5_cbc,9,&(lvalues[560]),0}, + NID_crl_distribution_points,3,&(lvalues[553]),0}, +{"RSA-NP-MD5","md5WithRSA",NID_md5WithRSA,5,&(lvalues[556]),0}, +{"serialNumber","serialNumber",NID_serialNumber,3,&(lvalues[561]),0}, +{"title","title",NID_title,3,&(lvalues[564]),0}, +{"description","description",NID_description,3,&(lvalues[567]),0}, +{"CAST5-CBC","cast5-cbc",NID_cast5_cbc,9,&(lvalues[570]),0}, {"CAST5-ECB","cast5-ecb",NID_cast5_ecb,0,NULL,0}, {"CAST5-CFB","cast5-cfb",NID_cast5_cfb64,0,NULL,0}, {"CAST5-OFB","cast5-ofb",NID_cast5_ofb64,0,NULL,0}, {"pbeWithMD5AndCast5CBC","pbeWithMD5AndCast5CBC", - NID_pbeWithMD5AndCast5_CBC,9,&(lvalues[569]),0}, -{"DSA-SHA1","dsaWithSHA1",NID_dsaWithSHA1,7,&(lvalues[578]),0}, + NID_pbeWithMD5AndCast5_CBC,9,&(lvalues[579]),0}, +{"DSA-SHA1","dsaWithSHA1",NID_dsaWithSHA1,7,&(lvalues[588]),0}, {"MD5-SHA1","md5-sha1",NID_md5_sha1,0,NULL,0}, -{"RSA-SHA1-2","sha1WithRSA",NID_sha1WithRSA,5,&(lvalues[585]),0}, -{"DSA","dsaEncryption",NID_dsa,7,&(lvalues[590]),0}, -{"RIPEMD160","ripemd160",NID_ripemd160,5,&(lvalues[597]),0}, +{"RSA-SHA1-2","sha1WithRSA",NID_sha1WithRSA,5,&(lvalues[595]),0}, +{"DSA","dsaEncryption",NID_dsa,7,&(lvalues[600]),0}, +{"RIPEMD160","ripemd160",NID_ripemd160,5,&(lvalues[607]),0}, {NULL,NULL,NID_undef,0,NULL,0}, {"RSA-RIPEMD160","ripemd160WithRSA",NID_ripemd160WithRSA,6, - &(lvalues[602]),0}, -{"RC5-CBC","rc5-cbc",NID_rc5_cbc,8,&(lvalues[608]),0}, + &(lvalues[612]),0}, +{"RC5-CBC","rc5-cbc",NID_rc5_cbc,8,&(lvalues[618]),0}, {"RC5-ECB","rc5-ecb",NID_rc5_ecb,0,NULL,0}, {"RC5-CFB","rc5-cfb",NID_rc5_cfb64,0,NULL,0}, {"RC5-OFB","rc5-ofb",NID_rc5_ofb64,0,NULL,0}, -{"RLE","run length compression",NID_rle_compression,6,&(lvalues[616]),0}, -{"ZLIB","zlib compression",NID_zlib_compression,11,&(lvalues[622]),0}, +{"RLE","run length compression",NID_rle_compression,6,&(lvalues[626]),0}, +{"ZLIB","zlib compression",NID_zlib_compression,11,&(lvalues[632]),0}, {"extendedKeyUsage","X509v3 Extended Key Usage",NID_ext_key_usage,3, - &(lvalues[633]),0}, -{"PKIX","PKIX",NID_id_pkix,6,&(lvalues[636]),0}, -{"id-kp","id-kp",NID_id_kp,7,&(lvalues[642]),0}, + &(lvalues[643]),0}, +{"PKIX","PKIX",NID_id_pkix,6,&(lvalues[646]),0}, +{"id-kp","id-kp",NID_id_kp,7,&(lvalues[652]),0}, {"serverAuth","TLS Web Server Authentication",NID_server_auth,8, - &(lvalues[649]),0}, + &(lvalues[659]),0}, {"clientAuth","TLS Web Client Authentication",NID_client_auth,8, - &(lvalues[657]),0}, -{"codeSigning","Code Signing",NID_code_sign,8,&(lvalues[665]),0}, + &(lvalues[667]),0}, +{"codeSigning","Code Signing",NID_code_sign,8,&(lvalues[675]),0}, {"emailProtection","E-mail Protection",NID_email_protect,8, - &(lvalues[673]),0}, -{"timeStamping","Time Stamping",NID_time_stamp,8,&(lvalues[681]),0}, + &(lvalues[683]),0}, +{"timeStamping","Time Stamping",NID_time_stamp,8,&(lvalues[691]),0}, {"msCodeInd","Microsoft Individual Code Signing",NID_ms_code_ind,10, - &(lvalues[689]),0}, -{"msCodeCom","Microsoft Commercial Code Signing",NID_ms_code_com,10, &(lvalues[699]),0}, -{"msCTLSign","Microsoft Trust List Signing",NID_ms_ctl_sign,10, +{"msCodeCom","Microsoft Commercial Code Signing",NID_ms_code_com,10, &(lvalues[709]),0}, -{"msSGC","Microsoft Server Gated Crypto",NID_ms_sgc,10,&(lvalues[719]),0}, +{"msCTLSign","Microsoft Trust List Signing",NID_ms_ctl_sign,10, + &(lvalues[719]),0}, +{"msSGC","Microsoft Server Gated Crypto",NID_ms_sgc,10,&(lvalues[729]),0}, {"msEFS","Microsoft Encrypted File System",NID_ms_efs,10, - &(lvalues[729]),0}, -{"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[739]),0}, + &(lvalues[739]),0}, +{"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[749]),0}, {"deltaCRL","X509v3 Delta CRL Indicator",NID_delta_crl,3, - &(lvalues[748]),0}, -{"CRLReason","X509v3 CRL Reason Code",NID_crl_reason,3,&(lvalues[751]),0}, + &(lvalues[758]),0}, +{"CRLReason","X509v3 CRL Reason Code",NID_crl_reason,3,&(lvalues[761]),0}, {"invalidityDate","Invalidity Date",NID_invalidity_date,3, - &(lvalues[754]),0}, -{"SXNetID","Strong Extranet ID",NID_sxnet,5,&(lvalues[757]),0}, + &(lvalues[764]),0}, +{"SXNetID","Strong Extranet ID",NID_sxnet,5,&(lvalues[767]),0}, {"PBE-SHA1-RC4-128","pbeWithSHA1And128BitRC4", - NID_pbe_WithSHA1And128BitRC4,10,&(lvalues[762]),0}, + NID_pbe_WithSHA1And128BitRC4,10,&(lvalues[772]),0}, {"PBE-SHA1-RC4-40","pbeWithSHA1And40BitRC4", - NID_pbe_WithSHA1And40BitRC4,10,&(lvalues[772]),0}, + NID_pbe_WithSHA1And40BitRC4,10,&(lvalues[782]),0}, {"PBE-SHA1-3DES","pbeWithSHA1And3-KeyTripleDES-CBC", - NID_pbe_WithSHA1And3_Key_TripleDES_CBC,10,&(lvalues[782]),0}, + NID_pbe_WithSHA1And3_Key_TripleDES_CBC,10,&(lvalues[792]),0}, {"PBE-SHA1-2DES","pbeWithSHA1And2-KeyTripleDES-CBC", - NID_pbe_WithSHA1And2_Key_TripleDES_CBC,10,&(lvalues[792]),0}, + NID_pbe_WithSHA1And2_Key_TripleDES_CBC,10,&(lvalues[802]),0}, {"PBE-SHA1-RC2-128","pbeWithSHA1And128BitRC2-CBC", - NID_pbe_WithSHA1And128BitRC2_CBC,10,&(lvalues[802]),0}, + NID_pbe_WithSHA1And128BitRC2_CBC,10,&(lvalues[812]),0}, {"PBE-SHA1-RC2-40","pbeWithSHA1And40BitRC2-CBC", - NID_pbe_WithSHA1And40BitRC2_CBC,10,&(lvalues[812]),0}, -{"keyBag","keyBag",NID_keyBag,11,&(lvalues[822]),0}, + NID_pbe_WithSHA1And40BitRC2_CBC,10,&(lvalues[822]),0}, +{"keyBag","keyBag",NID_keyBag,11,&(lvalues[832]),0}, {"pkcs8ShroudedKeyBag","pkcs8ShroudedKeyBag",NID_pkcs8ShroudedKeyBag, - 11,&(lvalues[833]),0}, -{"certBag","certBag",NID_certBag,11,&(lvalues[844]),0}, -{"crlBag","crlBag",NID_crlBag,11,&(lvalues[855]),0}, -{"secretBag","secretBag",NID_secretBag,11,&(lvalues[866]),0}, + 11,&(lvalues[843]),0}, +{"certBag","certBag",NID_certBag,11,&(lvalues[854]),0}, +{"crlBag","crlBag",NID_crlBag,11,&(lvalues[865]),0}, +{"secretBag","secretBag",NID_secretBag,11,&(lvalues[876]),0}, {"safeContentsBag","safeContentsBag",NID_safeContentsBag,11, - &(lvalues[877]),0}, -{"friendlyName","friendlyName",NID_friendlyName,9,&(lvalues[888]),0}, -{"localKeyID","localKeyID",NID_localKeyID,9,&(lvalues[897]),0}, + &(lvalues[887]),0}, +{"friendlyName","friendlyName",NID_friendlyName,9,&(lvalues[898]),0}, +{"localKeyID","localKeyID",NID_localKeyID,9,&(lvalues[907]),0}, {"x509Certificate","x509Certificate",NID_x509Certificate,10, - &(lvalues[906]),0}, -{"sdsiCertificate","sdsiCertificate",NID_sdsiCertificate,10, &(lvalues[916]),0}, -{"x509Crl","x509Crl",NID_x509Crl,10,&(lvalues[926]),0}, -{"PBES2","PBES2",NID_pbes2,9,&(lvalues[936]),0}, -{"PBMAC1","PBMAC1",NID_pbmac1,9,&(lvalues[945]),0}, -{"hmacWithSHA1","hmacWithSHA1",NID_hmacWithSHA1,8,&(lvalues[954]),0}, -{"id-qt-cps","Policy Qualifier CPS",NID_id_qt_cps,8,&(lvalues[962]),0}, +{"sdsiCertificate","sdsiCertificate",NID_sdsiCertificate,10, + &(lvalues[926]),0}, +{"x509Crl","x509Crl",NID_x509Crl,10,&(lvalues[936]),0}, +{"PBES2","PBES2",NID_pbes2,9,&(lvalues[946]),0}, +{"PBMAC1","PBMAC1",NID_pbmac1,9,&(lvalues[955]),0}, +{"hmacWithSHA1","hmacWithSHA1",NID_hmacWithSHA1,8,&(lvalues[964]),0}, +{"id-qt-cps","Policy Qualifier CPS",NID_id_qt_cps,8,&(lvalues[972]),0}, {"id-qt-unotice","Policy Qualifier User Notice",NID_id_qt_unotice,8, - &(lvalues[970]),0}, + &(lvalues[980]),0}, {"RC2-64-CBC","rc2-64-cbc",NID_rc2_64_cbc,0,NULL,0}, {"SMIME-CAPS","S/MIME Capabilities",NID_SMIMECapabilities,9, - &(lvalues[978]),0}, + &(lvalues[988]),0}, {"PBE-MD2-RC2-64","pbeWithMD2AndRC2-CBC",NID_pbeWithMD2AndRC2_CBC,9, - &(lvalues[987]),0}, + &(lvalues[997]),0}, {"PBE-MD5-RC2-64","pbeWithMD5AndRC2-CBC",NID_pbeWithMD5AndRC2_CBC,9, - &(lvalues[996]),0}, + &(lvalues[1006]),0}, {"PBE-SHA1-DES","pbeWithSHA1AndDES-CBC",NID_pbeWithSHA1AndDES_CBC,9, - &(lvalues[1005]),0}, + &(lvalues[1015]),0}, {"msExtReq","Microsoft Extension Request",NID_ms_ext_req,10, - &(lvalues[1014]),0}, -{"extReq","Extension Request",NID_ext_req,9,&(lvalues[1024]),0}, -{"name","name",NID_name,3,&(lvalues[1033]),0}, -{"dnQualifier","dnQualifier",NID_dnQualifier,3,&(lvalues[1036]),0}, -{"id-pe","id-pe",NID_id_pe,7,&(lvalues[1039]),0}, -{"id-ad","id-ad",NID_id_ad,7,&(lvalues[1046]),0}, + &(lvalues[1024]),0}, +{"extReq","Extension Request",NID_ext_req,9,&(lvalues[1034]),0}, +{"name","name",NID_name,3,&(lvalues[1043]),0}, +{"dnQualifier","dnQualifier",NID_dnQualifier,3,&(lvalues[1046]),0}, +{"id-pe","id-pe",NID_id_pe,7,&(lvalues[1049]),0}, +{"id-ad","id-ad",NID_id_ad,7,&(lvalues[1056]),0}, {"authorityInfoAccess","Authority Information Access",NID_info_access, - 8,&(lvalues[1053]),0}, -{"OCSP","OCSP",NID_ad_OCSP,8,&(lvalues[1061]),0}, -{"caIssuers","CA Issuers",NID_ad_ca_issuers,8,&(lvalues[1069]),0}, -{"OCSPSigning","OCSP Signing",NID_OCSP_sign,8,&(lvalues[1077]),0}, + 8,&(lvalues[1063]),0}, +{"OCSP","OCSP",NID_ad_OCSP,8,&(lvalues[1071]),0}, +{"caIssuers","CA Issuers",NID_ad_ca_issuers,8,&(lvalues[1079]),0}, +{"OCSPSigning","OCSP Signing",NID_OCSP_sign,8,&(lvalues[1087]),0}, {"ISO","iso",NID_iso,0,NULL,0}, -{"member-body","ISO Member Body",NID_member_body,1,&(lvalues[1085]),0}, -{"ISO-US","ISO US Member Body",NID_ISO_US,3,&(lvalues[1086]),0}, -{"X9-57","X9.57",NID_X9_57,5,&(lvalues[1089]),0}, -{"X9cm","X9.57 CM ?",NID_X9cm,6,&(lvalues[1094]),0}, -{"pkcs1","pkcs1",NID_pkcs1,8,&(lvalues[1100]),0}, -{"pkcs5","pkcs5",NID_pkcs5,8,&(lvalues[1108]),0}, -{"SMIME","S/MIME",NID_SMIME,9,&(lvalues[1116]),0}, -{"id-smime-mod","id-smime-mod",NID_id_smime_mod,10,&(lvalues[1125]),0}, -{"id-smime-ct","id-smime-ct",NID_id_smime_ct,10,&(lvalues[1135]),0}, -{"id-smime-aa","id-smime-aa",NID_id_smime_aa,10,&(lvalues[1145]),0}, -{"id-smime-alg","id-smime-alg",NID_id_smime_alg,10,&(lvalues[1155]),0}, -{"id-smime-cd","id-smime-cd",NID_id_smime_cd,10,&(lvalues[1165]),0}, -{"id-smime-spq","id-smime-spq",NID_id_smime_spq,10,&(lvalues[1175]),0}, -{"id-smime-cti","id-smime-cti",NID_id_smime_cti,10,&(lvalues[1185]),0}, +{"member-body","ISO Member Body",NID_member_body,1,&(lvalues[1095]),0}, +{"ISO-US","ISO US Member Body",NID_ISO_US,3,&(lvalues[1096]),0}, +{"X9-57","X9.57",NID_X9_57,5,&(lvalues[1099]),0}, +{"X9cm","X9.57 CM ?",NID_X9cm,6,&(lvalues[1104]),0}, +{"pkcs1","pkcs1",NID_pkcs1,8,&(lvalues[1110]),0}, +{"pkcs5","pkcs5",NID_pkcs5,8,&(lvalues[1118]),0}, +{"SMIME","S/MIME",NID_SMIME,9,&(lvalues[1126]),0}, +{"id-smime-mod","id-smime-mod",NID_id_smime_mod,10,&(lvalues[1135]),0}, +{"id-smime-ct","id-smime-ct",NID_id_smime_ct,10,&(lvalues[1145]),0}, +{"id-smime-aa","id-smime-aa",NID_id_smime_aa,10,&(lvalues[1155]),0}, +{"id-smime-alg","id-smime-alg",NID_id_smime_alg,10,&(lvalues[1165]),0}, +{"id-smime-cd","id-smime-cd",NID_id_smime_cd,10,&(lvalues[1175]),0}, +{"id-smime-spq","id-smime-spq",NID_id_smime_spq,10,&(lvalues[1185]),0}, +{"id-smime-cti","id-smime-cti",NID_id_smime_cti,10,&(lvalues[1195]),0}, {"id-smime-mod-cms","id-smime-mod-cms",NID_id_smime_mod_cms,11, - &(lvalues[1195]),0}, + &(lvalues[1205]),0}, {"id-smime-mod-ess","id-smime-mod-ess",NID_id_smime_mod_ess,11, - &(lvalues[1206]),0}, + &(lvalues[1216]),0}, {"id-smime-mod-oid","id-smime-mod-oid",NID_id_smime_mod_oid,11, - &(lvalues[1217]),0}, + &(lvalues[1227]),0}, {"id-smime-mod-msg-v3","id-smime-mod-msg-v3",NID_id_smime_mod_msg_v3, - 11,&(lvalues[1228]),0}, + 11,&(lvalues[1238]),0}, {"id-smime-mod-ets-eSignature-88","id-smime-mod-ets-eSignature-88", - NID_id_smime_mod_ets_eSignature_88,11,&(lvalues[1239]),0}, + NID_id_smime_mod_ets_eSignature_88,11,&(lvalues[1249]),0}, {"id-smime-mod-ets-eSignature-97","id-smime-mod-ets-eSignature-97", - NID_id_smime_mod_ets_eSignature_97,11,&(lvalues[1250]),0}, + NID_id_smime_mod_ets_eSignature_97,11,&(lvalues[1260]),0}, {"id-smime-mod-ets-eSigPolicy-88","id-smime-mod-ets-eSigPolicy-88", - NID_id_smime_mod_ets_eSigPolicy_88,11,&(lvalues[1261]),0}, + NID_id_smime_mod_ets_eSigPolicy_88,11,&(lvalues[1271]),0}, {"id-smime-mod-ets-eSigPolicy-97","id-smime-mod-ets-eSigPolicy-97", - NID_id_smime_mod_ets_eSigPolicy_97,11,&(lvalues[1272]),0}, + NID_id_smime_mod_ets_eSigPolicy_97,11,&(lvalues[1282]),0}, {"id-smime-ct-receipt","id-smime-ct-receipt",NID_id_smime_ct_receipt, - 11,&(lvalues[1283]),0}, + 11,&(lvalues[1293]),0}, {"id-smime-ct-authData","id-smime-ct-authData", - NID_id_smime_ct_authData,11,&(lvalues[1294]),0}, + NID_id_smime_ct_authData,11,&(lvalues[1304]),0}, {"id-smime-ct-publishCert","id-smime-ct-publishCert", - NID_id_smime_ct_publishCert,11,&(lvalues[1305]),0}, + NID_id_smime_ct_publishCert,11,&(lvalues[1315]),0}, {"id-smime-ct-TSTInfo","id-smime-ct-TSTInfo",NID_id_smime_ct_TSTInfo, - 11,&(lvalues[1316]),0}, + 11,&(lvalues[1326]),0}, {"id-smime-ct-TDTInfo","id-smime-ct-TDTInfo",NID_id_smime_ct_TDTInfo, - 11,&(lvalues[1327]),0}, + 11,&(lvalues[1337]),0}, {"id-smime-ct-contentInfo","id-smime-ct-contentInfo", - NID_id_smime_ct_contentInfo,11,&(lvalues[1338]),0}, + NID_id_smime_ct_contentInfo,11,&(lvalues[1348]),0}, {"id-smime-ct-DVCSRequestData","id-smime-ct-DVCSRequestData", - NID_id_smime_ct_DVCSRequestData,11,&(lvalues[1349]),0}, + NID_id_smime_ct_DVCSRequestData,11,&(lvalues[1359]),0}, {"id-smime-ct-DVCSResponseData","id-smime-ct-DVCSResponseData", - NID_id_smime_ct_DVCSResponseData,11,&(lvalues[1360]),0}, + NID_id_smime_ct_DVCSResponseData,11,&(lvalues[1370]),0}, {"id-smime-aa-receiptRequest","id-smime-aa-receiptRequest", - NID_id_smime_aa_receiptRequest,11,&(lvalues[1371]),0}, + NID_id_smime_aa_receiptRequest,11,&(lvalues[1381]),0}, {"id-smime-aa-securityLabel","id-smime-aa-securityLabel", - NID_id_smime_aa_securityLabel,11,&(lvalues[1382]),0}, + NID_id_smime_aa_securityLabel,11,&(lvalues[1392]),0}, {"id-smime-aa-mlExpandHistory","id-smime-aa-mlExpandHistory", - NID_id_smime_aa_mlExpandHistory,11,&(lvalues[1393]),0}, + NID_id_smime_aa_mlExpandHistory,11,&(lvalues[1403]),0}, {"id-smime-aa-contentHint","id-smime-aa-contentHint", - NID_id_smime_aa_contentHint,11,&(lvalues[1404]),0}, + NID_id_smime_aa_contentHint,11,&(lvalues[1414]),0}, {"id-smime-aa-msgSigDigest","id-smime-aa-msgSigDigest", - NID_id_smime_aa_msgSigDigest,11,&(lvalues[1415]),0}, + NID_id_smime_aa_msgSigDigest,11,&(lvalues[1425]),0}, {"id-smime-aa-encapContentType","id-smime-aa-encapContentType", - NID_id_smime_aa_encapContentType,11,&(lvalues[1426]),0}, + NID_id_smime_aa_encapContentType,11,&(lvalues[1436]),0}, {"id-smime-aa-contentIdentifier","id-smime-aa-contentIdentifier", - NID_id_smime_aa_contentIdentifier,11,&(lvalues[1437]),0}, + NID_id_smime_aa_contentIdentifier,11,&(lvalues[1447]),0}, {"id-smime-aa-macValue","id-smime-aa-macValue", - NID_id_smime_aa_macValue,11,&(lvalues[1448]),0}, + NID_id_smime_aa_macValue,11,&(lvalues[1458]),0}, {"id-smime-aa-equivalentLabels","id-smime-aa-equivalentLabels", - NID_id_smime_aa_equivalentLabels,11,&(lvalues[1459]),0}, + NID_id_smime_aa_equivalentLabels,11,&(lvalues[1469]),0}, {"id-smime-aa-contentReference","id-smime-aa-contentReference", - NID_id_smime_aa_contentReference,11,&(lvalues[1470]),0}, + NID_id_smime_aa_contentReference,11,&(lvalues[1480]),0}, {"id-smime-aa-encrypKeyPref","id-smime-aa-encrypKeyPref", - NID_id_smime_aa_encrypKeyPref,11,&(lvalues[1481]),0}, + NID_id_smime_aa_encrypKeyPref,11,&(lvalues[1491]),0}, {"id-smime-aa-signingCertificate","id-smime-aa-signingCertificate", - NID_id_smime_aa_signingCertificate,11,&(lvalues[1492]),0}, + NID_id_smime_aa_signingCertificate,11,&(lvalues[1502]),0}, {"id-smime-aa-smimeEncryptCerts","id-smime-aa-smimeEncryptCerts", - NID_id_smime_aa_smimeEncryptCerts,11,&(lvalues[1503]),0}, + NID_id_smime_aa_smimeEncryptCerts,11,&(lvalues[1513]),0}, {"id-smime-aa-timeStampToken","id-smime-aa-timeStampToken", - NID_id_smime_aa_timeStampToken,11,&(lvalues[1514]),0}, + NID_id_smime_aa_timeStampToken,11,&(lvalues[1524]),0}, {"id-smime-aa-ets-sigPolicyId","id-smime-aa-ets-sigPolicyId", - NID_id_smime_aa_ets_sigPolicyId,11,&(lvalues[1525]),0}, + NID_id_smime_aa_ets_sigPolicyId,11,&(lvalues[1535]),0}, {"id-smime-aa-ets-commitmentType","id-smime-aa-ets-commitmentType", - NID_id_smime_aa_ets_commitmentType,11,&(lvalues[1536]),0}, + NID_id_smime_aa_ets_commitmentType,11,&(lvalues[1546]),0}, {"id-smime-aa-ets-signerLocation","id-smime-aa-ets-signerLocation", - NID_id_smime_aa_ets_signerLocation,11,&(lvalues[1547]),0}, + NID_id_smime_aa_ets_signerLocation,11,&(lvalues[1557]),0}, {"id-smime-aa-ets-signerAttr","id-smime-aa-ets-signerAttr", - NID_id_smime_aa_ets_signerAttr,11,&(lvalues[1558]),0}, + NID_id_smime_aa_ets_signerAttr,11,&(lvalues[1568]),0}, {"id-smime-aa-ets-otherSigCert","id-smime-aa-ets-otherSigCert", - NID_id_smime_aa_ets_otherSigCert,11,&(lvalues[1569]),0}, + NID_id_smime_aa_ets_otherSigCert,11,&(lvalues[1579]),0}, {"id-smime-aa-ets-contentTimestamp", "id-smime-aa-ets-contentTimestamp", - NID_id_smime_aa_ets_contentTimestamp,11,&(lvalues[1580]),0}, + NID_id_smime_aa_ets_contentTimestamp,11,&(lvalues[1590]),0}, {"id-smime-aa-ets-CertificateRefs","id-smime-aa-ets-CertificateRefs", - NID_id_smime_aa_ets_CertificateRefs,11,&(lvalues[1591]),0}, + NID_id_smime_aa_ets_CertificateRefs,11,&(lvalues[1601]),0}, {"id-smime-aa-ets-RevocationRefs","id-smime-aa-ets-RevocationRefs", - NID_id_smime_aa_ets_RevocationRefs,11,&(lvalues[1602]),0}, + NID_id_smime_aa_ets_RevocationRefs,11,&(lvalues[1612]),0}, {"id-smime-aa-ets-certValues","id-smime-aa-ets-certValues", - NID_id_smime_aa_ets_certValues,11,&(lvalues[1613]),0}, + NID_id_smime_aa_ets_certValues,11,&(lvalues[1623]),0}, {"id-smime-aa-ets-revocationValues", "id-smime-aa-ets-revocationValues", - NID_id_smime_aa_ets_revocationValues,11,&(lvalues[1624]),0}, + NID_id_smime_aa_ets_revocationValues,11,&(lvalues[1634]),0}, {"id-smime-aa-ets-escTimeStamp","id-smime-aa-ets-escTimeStamp", - NID_id_smime_aa_ets_escTimeStamp,11,&(lvalues[1635]),0}, + NID_id_smime_aa_ets_escTimeStamp,11,&(lvalues[1645]),0}, {"id-smime-aa-ets-certCRLTimestamp", "id-smime-aa-ets-certCRLTimestamp", - NID_id_smime_aa_ets_certCRLTimestamp,11,&(lvalues[1646]),0}, + NID_id_smime_aa_ets_certCRLTimestamp,11,&(lvalues[1656]),0}, {"id-smime-aa-ets-archiveTimeStamp", "id-smime-aa-ets-archiveTimeStamp", - NID_id_smime_aa_ets_archiveTimeStamp,11,&(lvalues[1657]),0}, + NID_id_smime_aa_ets_archiveTimeStamp,11,&(lvalues[1667]),0}, {"id-smime-aa-signatureType","id-smime-aa-signatureType", - NID_id_smime_aa_signatureType,11,&(lvalues[1668]),0}, + NID_id_smime_aa_signatureType,11,&(lvalues[1678]),0}, {"id-smime-aa-dvcs-dvc","id-smime-aa-dvcs-dvc", - NID_id_smime_aa_dvcs_dvc,11,&(lvalues[1679]),0}, + NID_id_smime_aa_dvcs_dvc,11,&(lvalues[1689]),0}, {"id-smime-alg-ESDHwith3DES","id-smime-alg-ESDHwith3DES", - NID_id_smime_alg_ESDHwith3DES,11,&(lvalues[1690]),0}, + NID_id_smime_alg_ESDHwith3DES,11,&(lvalues[1700]),0}, {"id-smime-alg-ESDHwithRC2","id-smime-alg-ESDHwithRC2", - NID_id_smime_alg_ESDHwithRC2,11,&(lvalues[1701]),0}, + NID_id_smime_alg_ESDHwithRC2,11,&(lvalues[1711]),0}, {"id-smime-alg-3DESwrap","id-smime-alg-3DESwrap", - NID_id_smime_alg_3DESwrap,11,&(lvalues[1712]),0}, + NID_id_smime_alg_3DESwrap,11,&(lvalues[1722]),0}, {"id-smime-alg-RC2wrap","id-smime-alg-RC2wrap", - NID_id_smime_alg_RC2wrap,11,&(lvalues[1723]),0}, + NID_id_smime_alg_RC2wrap,11,&(lvalues[1733]),0}, {"id-smime-alg-ESDH","id-smime-alg-ESDH",NID_id_smime_alg_ESDH,11, - &(lvalues[1734]),0}, + &(lvalues[1744]),0}, {"id-smime-alg-CMS3DESwrap","id-smime-alg-CMS3DESwrap", - NID_id_smime_alg_CMS3DESwrap,11,&(lvalues[1745]),0}, + NID_id_smime_alg_CMS3DESwrap,11,&(lvalues[1755]),0}, {"id-smime-alg-CMSRC2wrap","id-smime-alg-CMSRC2wrap", - NID_id_smime_alg_CMSRC2wrap,11,&(lvalues[1756]),0}, + NID_id_smime_alg_CMSRC2wrap,11,&(lvalues[1766]),0}, {"id-smime-cd-ldap","id-smime-cd-ldap",NID_id_smime_cd_ldap,11, - &(lvalues[1767]),0}, + &(lvalues[1777]),0}, {"id-smime-spq-ets-sqt-uri","id-smime-spq-ets-sqt-uri", - NID_id_smime_spq_ets_sqt_uri,11,&(lvalues[1778]),0}, + NID_id_smime_spq_ets_sqt_uri,11,&(lvalues[1788]),0}, {"id-smime-spq-ets-sqt-unotice","id-smime-spq-ets-sqt-unotice", - NID_id_smime_spq_ets_sqt_unotice,11,&(lvalues[1789]),0}, + NID_id_smime_spq_ets_sqt_unotice,11,&(lvalues[1799]),0}, {"id-smime-cti-ets-proofOfOrigin","id-smime-cti-ets-proofOfOrigin", - NID_id_smime_cti_ets_proofOfOrigin,11,&(lvalues[1800]),0}, + NID_id_smime_cti_ets_proofOfOrigin,11,&(lvalues[1810]),0}, {"id-smime-cti-ets-proofOfReceipt","id-smime-cti-ets-proofOfReceipt", - NID_id_smime_cti_ets_proofOfReceipt,11,&(lvalues[1811]),0}, + NID_id_smime_cti_ets_proofOfReceipt,11,&(lvalues[1821]),0}, {"id-smime-cti-ets-proofOfDelivery", "id-smime-cti-ets-proofOfDelivery", - NID_id_smime_cti_ets_proofOfDelivery,11,&(lvalues[1822]),0}, + NID_id_smime_cti_ets_proofOfDelivery,11,&(lvalues[1832]),0}, {"id-smime-cti-ets-proofOfSender","id-smime-cti-ets-proofOfSender", - NID_id_smime_cti_ets_proofOfSender,11,&(lvalues[1833]),0}, + NID_id_smime_cti_ets_proofOfSender,11,&(lvalues[1843]),0}, {"id-smime-cti-ets-proofOfApproval", "id-smime-cti-ets-proofOfApproval", - NID_id_smime_cti_ets_proofOfApproval,11,&(lvalues[1844]),0}, + NID_id_smime_cti_ets_proofOfApproval,11,&(lvalues[1854]),0}, {"id-smime-cti-ets-proofOfCreation", "id-smime-cti-ets-proofOfCreation", - NID_id_smime_cti_ets_proofOfCreation,11,&(lvalues[1855]),0}, -{"MD4","md4",NID_md4,8,&(lvalues[1866]),0}, -{"id-pkix-mod","id-pkix-mod",NID_id_pkix_mod,7,&(lvalues[1874]),0}, -{"id-qt","id-qt",NID_id_qt,7,&(lvalues[1881]),0}, -{"id-it","id-it",NID_id_it,7,&(lvalues[1888]),0}, -{"id-pkip","id-pkip",NID_id_pkip,7,&(lvalues[1895]),0}, -{"id-alg","id-alg",NID_id_alg,7,&(lvalues[1902]),0}, -{"id-cmc","id-cmc",NID_id_cmc,7,&(lvalues[1909]),0}, -{"id-on","id-on",NID_id_on,7,&(lvalues[1916]),0}, -{"id-pda","id-pda",NID_id_pda,7,&(lvalues[1923]),0}, -{"id-aca","id-aca",NID_id_aca,7,&(lvalues[1930]),0}, -{"id-qcs","id-qcs",NID_id_qcs,7,&(lvalues[1937]),0}, -{"id-cct","id-cct",NID_id_cct,7,&(lvalues[1944]),0}, + NID_id_smime_cti_ets_proofOfCreation,11,&(lvalues[1865]),0}, +{"MD4","md4",NID_md4,8,&(lvalues[1876]),0}, +{"id-pkix-mod","id-pkix-mod",NID_id_pkix_mod,7,&(lvalues[1884]),0}, +{"id-qt","id-qt",NID_id_qt,7,&(lvalues[1891]),0}, +{"id-it","id-it",NID_id_it,7,&(lvalues[1898]),0}, +{"id-pkip","id-pkip",NID_id_pkip,7,&(lvalues[1905]),0}, +{"id-alg","id-alg",NID_id_alg,7,&(lvalues[1912]),0}, +{"id-cmc","id-cmc",NID_id_cmc,7,&(lvalues[1919]),0}, +{"id-on","id-on",NID_id_on,7,&(lvalues[1926]),0}, +{"id-pda","id-pda",NID_id_pda,7,&(lvalues[1933]),0}, +{"id-aca","id-aca",NID_id_aca,7,&(lvalues[1940]),0}, +{"id-qcs","id-qcs",NID_id_qcs,7,&(lvalues[1947]),0}, +{"id-cct","id-cct",NID_id_cct,7,&(lvalues[1954]),0}, {"id-pkix1-explicit-88","id-pkix1-explicit-88", - NID_id_pkix1_explicit_88,8,&(lvalues[1951]),0}, + NID_id_pkix1_explicit_88,8,&(lvalues[1961]),0}, {"id-pkix1-implicit-88","id-pkix1-implicit-88", - NID_id_pkix1_implicit_88,8,&(lvalues[1959]),0}, + NID_id_pkix1_implicit_88,8,&(lvalues[1969]),0}, {"id-pkix1-explicit-93","id-pkix1-explicit-93", - NID_id_pkix1_explicit_93,8,&(lvalues[1967]),0}, + NID_id_pkix1_explicit_93,8,&(lvalues[1977]),0}, {"id-pkix1-implicit-93","id-pkix1-implicit-93", - NID_id_pkix1_implicit_93,8,&(lvalues[1975]),0}, -{"id-mod-crmf","id-mod-crmf",NID_id_mod_crmf,8,&(lvalues[1983]),0}, -{"id-mod-cmc","id-mod-cmc",NID_id_mod_cmc,8,&(lvalues[1991]),0}, + NID_id_pkix1_implicit_93,8,&(lvalues[1985]),0}, +{"id-mod-crmf","id-mod-crmf",NID_id_mod_crmf,8,&(lvalues[1993]),0}, +{"id-mod-cmc","id-mod-cmc",NID_id_mod_cmc,8,&(lvalues[2001]),0}, {"id-mod-kea-profile-88","id-mod-kea-profile-88", - NID_id_mod_kea_profile_88,8,&(lvalues[1999]),0}, + NID_id_mod_kea_profile_88,8,&(lvalues[2009]),0}, {"id-mod-kea-profile-93","id-mod-kea-profile-93", - NID_id_mod_kea_profile_93,8,&(lvalues[2007]),0}, -{"id-mod-cmp","id-mod-cmp",NID_id_mod_cmp,8,&(lvalues[2015]),0}, + NID_id_mod_kea_profile_93,8,&(lvalues[2017]),0}, +{"id-mod-cmp","id-mod-cmp",NID_id_mod_cmp,8,&(lvalues[2025]),0}, {"id-mod-qualified-cert-88","id-mod-qualified-cert-88", - NID_id_mod_qualified_cert_88,8,&(lvalues[2023]),0}, + NID_id_mod_qualified_cert_88,8,&(lvalues[2033]),0}, {"id-mod-qualified-cert-93","id-mod-qualified-cert-93", - NID_id_mod_qualified_cert_93,8,&(lvalues[2031]),0}, + NID_id_mod_qualified_cert_93,8,&(lvalues[2041]),0}, {"id-mod-attribute-cert","id-mod-attribute-cert", - NID_id_mod_attribute_cert,8,&(lvalues[2039]),0}, + NID_id_mod_attribute_cert,8,&(lvalues[2049]),0}, {"id-mod-timestamp-protocol","id-mod-timestamp-protocol", - NID_id_mod_timestamp_protocol,8,&(lvalues[2047]),0}, -{"id-mod-ocsp","id-mod-ocsp",NID_id_mod_ocsp,8,&(lvalues[2055]),0}, -{"id-mod-dvcs","id-mod-dvcs",NID_id_mod_dvcs,8,&(lvalues[2063]),0}, + NID_id_mod_timestamp_protocol,8,&(lvalues[2057]),0}, +{"id-mod-ocsp","id-mod-ocsp",NID_id_mod_ocsp,8,&(lvalues[2065]),0}, +{"id-mod-dvcs","id-mod-dvcs",NID_id_mod_dvcs,8,&(lvalues[2073]),0}, {"id-mod-cmp2000","id-mod-cmp2000",NID_id_mod_cmp2000,8, - &(lvalues[2071]),0}, -{"biometricInfo","Biometric Info",NID_biometricInfo,8,&(lvalues[2079]),0}, -{"qcStatements","qcStatements",NID_qcStatements,8,&(lvalues[2087]),0}, + &(lvalues[2081]),0}, +{"biometricInfo","Biometric Info",NID_biometricInfo,8,&(lvalues[2089]),0}, +{"qcStatements","qcStatements",NID_qcStatements,8,&(lvalues[2097]),0}, {"ac-auditEntity","ac-auditEntity",NID_ac_auditEntity,8, - &(lvalues[2095]),0}, -{"ac-targeting","ac-targeting",NID_ac_targeting,8,&(lvalues[2103]),0}, -{"aaControls","aaControls",NID_aaControls,8,&(lvalues[2111]),0}, + &(lvalues[2105]),0}, +{"ac-targeting","ac-targeting",NID_ac_targeting,8,&(lvalues[2113]),0}, +{"aaControls","aaControls",NID_aaControls,8,&(lvalues[2121]),0}, {"sbgp-ipAddrBlock","sbgp-ipAddrBlock",NID_sbgp_ipAddrBlock,8, - &(lvalues[2119]),0}, + &(lvalues[2129]),0}, {"sbgp-autonomousSysNum","sbgp-autonomousSysNum", - NID_sbgp_autonomousSysNum,8,&(lvalues[2127]),0}, + NID_sbgp_autonomousSysNum,8,&(lvalues[2137]),0}, {"sbgp-routerIdentifier","sbgp-routerIdentifier", - NID_sbgp_routerIdentifier,8,&(lvalues[2135]),0}, -{"textNotice","textNotice",NID_textNotice,8,&(lvalues[2143]),0}, + NID_sbgp_routerIdentifier,8,&(lvalues[2145]),0}, +{"textNotice","textNotice",NID_textNotice,8,&(lvalues[2153]),0}, {"ipsecEndSystem","IPSec End System",NID_ipsecEndSystem,8, - &(lvalues[2151]),0}, -{"ipsecTunnel","IPSec Tunnel",NID_ipsecTunnel,8,&(lvalues[2159]),0}, -{"ipsecUser","IPSec User",NID_ipsecUser,8,&(lvalues[2167]),0}, -{"DVCS","dvcs",NID_dvcs,8,&(lvalues[2175]),0}, + &(lvalues[2161]),0}, +{"ipsecTunnel","IPSec Tunnel",NID_ipsecTunnel,8,&(lvalues[2169]),0}, +{"ipsecUser","IPSec User",NID_ipsecUser,8,&(lvalues[2177]),0}, +{"DVCS","dvcs",NID_dvcs,8,&(lvalues[2185]),0}, {"id-it-caProtEncCert","id-it-caProtEncCert",NID_id_it_caProtEncCert, - 8,&(lvalues[2183]),0}, + 8,&(lvalues[2193]),0}, {"id-it-signKeyPairTypes","id-it-signKeyPairTypes", - NID_id_it_signKeyPairTypes,8,&(lvalues[2191]),0}, + NID_id_it_signKeyPairTypes,8,&(lvalues[2201]),0}, {"id-it-encKeyPairTypes","id-it-encKeyPairTypes", - NID_id_it_encKeyPairTypes,8,&(lvalues[2199]),0}, + NID_id_it_encKeyPairTypes,8,&(lvalues[2209]),0}, {"id-it-preferredSymmAlg","id-it-preferredSymmAlg", - NID_id_it_preferredSymmAlg,8,&(lvalues[2207]),0}, + NID_id_it_preferredSymmAlg,8,&(lvalues[2217]),0}, {"id-it-caKeyUpdateInfo","id-it-caKeyUpdateInfo", - NID_id_it_caKeyUpdateInfo,8,&(lvalues[2215]),0}, + NID_id_it_caKeyUpdateInfo,8,&(lvalues[2225]),0}, {"id-it-currentCRL","id-it-currentCRL",NID_id_it_currentCRL,8, - &(lvalues[2223]),0}, + &(lvalues[2233]),0}, {"id-it-unsupportedOIDs","id-it-unsupportedOIDs", - NID_id_it_unsupportedOIDs,8,&(lvalues[2231]),0}, + NID_id_it_unsupportedOIDs,8,&(lvalues[2241]),0}, {"id-it-subscriptionRequest","id-it-subscriptionRequest", - NID_id_it_subscriptionRequest,8,&(lvalues[2239]),0}, + NID_id_it_subscriptionRequest,8,&(lvalues[2249]),0}, {"id-it-subscriptionResponse","id-it-subscriptionResponse", - NID_id_it_subscriptionResponse,8,&(lvalues[2247]),0}, + NID_id_it_subscriptionResponse,8,&(lvalues[2257]),0}, {"id-it-keyPairParamReq","id-it-keyPairParamReq", - NID_id_it_keyPairParamReq,8,&(lvalues[2255]),0}, + NID_id_it_keyPairParamReq,8,&(lvalues[2265]),0}, {"id-it-keyPairParamRep","id-it-keyPairParamRep", - NID_id_it_keyPairParamRep,8,&(lvalues[2263]),0}, + NID_id_it_keyPairParamRep,8,&(lvalues[2273]),0}, {"id-it-revPassphrase","id-it-revPassphrase",NID_id_it_revPassphrase, - 8,&(lvalues[2271]),0}, + 8,&(lvalues[2281]),0}, {"id-it-implicitConfirm","id-it-implicitConfirm", - NID_id_it_implicitConfirm,8,&(lvalues[2279]),0}, + NID_id_it_implicitConfirm,8,&(lvalues[2289]),0}, {"id-it-confirmWaitTime","id-it-confirmWaitTime", - NID_id_it_confirmWaitTime,8,&(lvalues[2287]),0}, + NID_id_it_confirmWaitTime,8,&(lvalues[2297]),0}, {"id-it-origPKIMessage","id-it-origPKIMessage", - NID_id_it_origPKIMessage,8,&(lvalues[2295]),0}, -{"id-regCtrl","id-regCtrl",NID_id_regCtrl,8,&(lvalues[2303]),0}, -{"id-regInfo","id-regInfo",NID_id_regInfo,8,&(lvalues[2311]),0}, + NID_id_it_origPKIMessage,8,&(lvalues[2305]),0}, +{"id-regCtrl","id-regCtrl",NID_id_regCtrl,8,&(lvalues[2313]),0}, +{"id-regInfo","id-regInfo",NID_id_regInfo,8,&(lvalues[2321]),0}, {"id-regCtrl-regToken","id-regCtrl-regToken",NID_id_regCtrl_regToken, - 9,&(lvalues[2319]),0}, + 9,&(lvalues[2329]),0}, {"id-regCtrl-authenticator","id-regCtrl-authenticator", - NID_id_regCtrl_authenticator,9,&(lvalues[2328]),0}, + NID_id_regCtrl_authenticator,9,&(lvalues[2338]),0}, {"id-regCtrl-pkiPublicationInfo","id-regCtrl-pkiPublicationInfo", - NID_id_regCtrl_pkiPublicationInfo,9,&(lvalues[2337]),0}, + NID_id_regCtrl_pkiPublicationInfo,9,&(lvalues[2347]),0}, {"id-regCtrl-pkiArchiveOptions","id-regCtrl-pkiArchiveOptions", - NID_id_regCtrl_pkiArchiveOptions,9,&(lvalues[2346]),0}, + NID_id_regCtrl_pkiArchiveOptions,9,&(lvalues[2356]),0}, {"id-regCtrl-oldCertID","id-regCtrl-oldCertID", - NID_id_regCtrl_oldCertID,9,&(lvalues[2355]),0}, + NID_id_regCtrl_oldCertID,9,&(lvalues[2365]),0}, {"id-regCtrl-protocolEncrKey","id-regCtrl-protocolEncrKey", - NID_id_regCtrl_protocolEncrKey,9,&(lvalues[2364]),0}, + NID_id_regCtrl_protocolEncrKey,9,&(lvalues[2374]),0}, {"id-regInfo-utf8Pairs","id-regInfo-utf8Pairs", - NID_id_regInfo_utf8Pairs,9,&(lvalues[2373]),0}, + NID_id_regInfo_utf8Pairs,9,&(lvalues[2383]),0}, {"id-regInfo-certReq","id-regInfo-certReq",NID_id_regInfo_certReq,9, - &(lvalues[2382]),0}, -{"id-alg-des40","id-alg-des40",NID_id_alg_des40,8,&(lvalues[2391]),0}, + &(lvalues[2392]),0}, +{"id-alg-des40","id-alg-des40",NID_id_alg_des40,8,&(lvalues[2401]),0}, {"id-alg-noSignature","id-alg-noSignature",NID_id_alg_noSignature,8, - &(lvalues[2399]),0}, + &(lvalues[2409]),0}, {"id-alg-dh-sig-hmac-sha1","id-alg-dh-sig-hmac-sha1", - NID_id_alg_dh_sig_hmac_sha1,8,&(lvalues[2407]),0}, -{"id-alg-dh-pop","id-alg-dh-pop",NID_id_alg_dh_pop,8,&(lvalues[2415]),0}, + NID_id_alg_dh_sig_hmac_sha1,8,&(lvalues[2417]),0}, +{"id-alg-dh-pop","id-alg-dh-pop",NID_id_alg_dh_pop,8,&(lvalues[2425]),0}, {"id-cmc-statusInfo","id-cmc-statusInfo",NID_id_cmc_statusInfo,8, - &(lvalues[2423]),0}, + &(lvalues[2433]),0}, {"id-cmc-identification","id-cmc-identification", - NID_id_cmc_identification,8,&(lvalues[2431]),0}, + NID_id_cmc_identification,8,&(lvalues[2441]),0}, {"id-cmc-identityProof","id-cmc-identityProof", - NID_id_cmc_identityProof,8,&(lvalues[2439]),0}, + NID_id_cmc_identityProof,8,&(lvalues[2449]),0}, {"id-cmc-dataReturn","id-cmc-dataReturn",NID_id_cmc_dataReturn,8, - &(lvalues[2447]),0}, + &(lvalues[2457]),0}, {"id-cmc-transactionId","id-cmc-transactionId", - NID_id_cmc_transactionId,8,&(lvalues[2455]),0}, + NID_id_cmc_transactionId,8,&(lvalues[2465]),0}, {"id-cmc-senderNonce","id-cmc-senderNonce",NID_id_cmc_senderNonce,8, - &(lvalues[2463]),0}, + &(lvalues[2473]),0}, {"id-cmc-recipientNonce","id-cmc-recipientNonce", - NID_id_cmc_recipientNonce,8,&(lvalues[2471]),0}, + NID_id_cmc_recipientNonce,8,&(lvalues[2481]),0}, {"id-cmc-addExtensions","id-cmc-addExtensions", - NID_id_cmc_addExtensions,8,&(lvalues[2479]),0}, + NID_id_cmc_addExtensions,8,&(lvalues[2489]),0}, {"id-cmc-encryptedPOP","id-cmc-encryptedPOP",NID_id_cmc_encryptedPOP, - 8,&(lvalues[2487]),0}, + 8,&(lvalues[2497]),0}, {"id-cmc-decryptedPOP","id-cmc-decryptedPOP",NID_id_cmc_decryptedPOP, - 8,&(lvalues[2495]),0}, + 8,&(lvalues[2505]),0}, {"id-cmc-lraPOPWitness","id-cmc-lraPOPWitness", - NID_id_cmc_lraPOPWitness,8,&(lvalues[2503]),0}, + NID_id_cmc_lraPOPWitness,8,&(lvalues[2513]),0}, {"id-cmc-getCert","id-cmc-getCert",NID_id_cmc_getCert,8, - &(lvalues[2511]),0}, -{"id-cmc-getCRL","id-cmc-getCRL",NID_id_cmc_getCRL,8,&(lvalues[2519]),0}, + &(lvalues[2521]),0}, +{"id-cmc-getCRL","id-cmc-getCRL",NID_id_cmc_getCRL,8,&(lvalues[2529]),0}, {"id-cmc-revokeRequest","id-cmc-revokeRequest", - NID_id_cmc_revokeRequest,8,&(lvalues[2527]),0}, + NID_id_cmc_revokeRequest,8,&(lvalues[2537]),0}, {"id-cmc-regInfo","id-cmc-regInfo",NID_id_cmc_regInfo,8, - &(lvalues[2535]),0}, + &(lvalues[2545]),0}, {"id-cmc-responseInfo","id-cmc-responseInfo",NID_id_cmc_responseInfo, - 8,&(lvalues[2543]),0}, + 8,&(lvalues[2553]),0}, {"id-cmc-queryPending","id-cmc-queryPending",NID_id_cmc_queryPending, - 8,&(lvalues[2551]),0}, + 8,&(lvalues[2561]),0}, {"id-cmc-popLinkRandom","id-cmc-popLinkRandom", - NID_id_cmc_popLinkRandom,8,&(lvalues[2559]),0}, + NID_id_cmc_popLinkRandom,8,&(lvalues[2569]),0}, {"id-cmc-popLinkWitness","id-cmc-popLinkWitness", - NID_id_cmc_popLinkWitness,8,&(lvalues[2567]),0}, + NID_id_cmc_popLinkWitness,8,&(lvalues[2577]),0}, {"id-cmc-confirmCertAcceptance","id-cmc-confirmCertAcceptance", - NID_id_cmc_confirmCertAcceptance,8,&(lvalues[2575]),0}, + NID_id_cmc_confirmCertAcceptance,8,&(lvalues[2585]),0}, {"id-on-personalData","id-on-personalData",NID_id_on_personalData,8, - &(lvalues[2583]),0}, + &(lvalues[2593]),0}, {"id-pda-dateOfBirth","id-pda-dateOfBirth",NID_id_pda_dateOfBirth,8, - &(lvalues[2591]),0}, + &(lvalues[2601]),0}, {"id-pda-placeOfBirth","id-pda-placeOfBirth",NID_id_pda_placeOfBirth, - 8,&(lvalues[2599]),0}, + 8,&(lvalues[2609]),0}, {NULL,NULL,NID_undef,0,NULL,0}, -{"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2607]),0}, +{"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2617]),0}, {"id-pda-countryOfCitizenship","id-pda-countryOfCitizenship", - NID_id_pda_countryOfCitizenship,8,&(lvalues[2615]),0}, + NID_id_pda_countryOfCitizenship,8,&(lvalues[2625]),0}, {"id-pda-countryOfResidence","id-pda-countryOfResidence", - NID_id_pda_countryOfResidence,8,&(lvalues[2623]),0}, + NID_id_pda_countryOfResidence,8,&(lvalues[2633]),0}, {"id-aca-authenticationInfo","id-aca-authenticationInfo", - NID_id_aca_authenticationInfo,8,&(lvalues[2631]),0}, + NID_id_aca_authenticationInfo,8,&(lvalues[2641]),0}, {"id-aca-accessIdentity","id-aca-accessIdentity", - NID_id_aca_accessIdentity,8,&(lvalues[2639]),0}, + NID_id_aca_accessIdentity,8,&(lvalues[2649]),0}, {"id-aca-chargingIdentity","id-aca-chargingIdentity", - NID_id_aca_chargingIdentity,8,&(lvalues[2647]),0}, -{"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2655]),0}, -{"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2663]),0}, + NID_id_aca_chargingIdentity,8,&(lvalues[2657]),0}, +{"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2665]),0}, +{"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2673]),0}, {"id-qcs-pkixQCSyntax-v1","id-qcs-pkixQCSyntax-v1", - NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2671]),0}, -{"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2679]),0}, + NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2681]),0}, +{"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2689]),0}, {"id-cct-PKIData","id-cct-PKIData",NID_id_cct_PKIData,8, - &(lvalues[2687]),0}, + &(lvalues[2697]),0}, {"id-cct-PKIResponse","id-cct-PKIResponse",NID_id_cct_PKIResponse,8, - &(lvalues[2695]),0}, + &(lvalues[2705]),0}, {"ad_timestamping","AD Time Stamping",NID_ad_timeStamping,8, - &(lvalues[2703]),0}, -{"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2711]),0}, + &(lvalues[2713]),0}, +{"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2721]),0}, {"basicOCSPResponse","Basic OCSP Response",NID_id_pkix_OCSP_basic,9, - &(lvalues[2719]),0}, -{"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2728]),0}, -{"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2737]),0}, + &(lvalues[2729]),0}, +{"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2738]),0}, +{"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2747]),0}, {"acceptableResponses","Acceptable OCSP Responses", - NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2746]),0}, -{"noCheck","OCSP No Check",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2755]),0}, + NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2756]),0}, +{"noCheck","OCSP No Check",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2765]),0}, {"archiveCutoff","OCSP Archive Cutoff",NID_id_pkix_OCSP_archiveCutoff, - 9,&(lvalues[2764]),0}, + 9,&(lvalues[2774]),0}, {"serviceLocator","OCSP Service Locator", - NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2773]),0}, + NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2783]),0}, {"extendedStatus","Extended OCSP Status", - NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2782]),0}, -{"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2791]),0}, -{"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2800]),0}, + NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2792]),0}, +{"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2801]),0}, +{"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2810]),0}, {"trustRoot","Trust Root",NID_id_pkix_OCSP_trustRoot,9, - &(lvalues[2809]),0}, -{"algorithm","algorithm",NID_algorithm,4,&(lvalues[2818]),0}, -{"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2822]),0}, + &(lvalues[2819]),0}, +{"algorithm","algorithm",NID_algorithm,4,&(lvalues[2828]),0}, +{"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2832]),0}, {"X500algorithms","directory services - algorithms", - NID_X500algorithms,2,&(lvalues[2827]),0}, -{"ORG","org",NID_org,1,&(lvalues[2829]),0}, -{"DOD","dod",NID_dod,2,&(lvalues[2830]),0}, -{"IANA","iana",NID_iana,3,&(lvalues[2832]),0}, -{"directory","Directory",NID_Directory,4,&(lvalues[2835]),0}, -{"mgmt","Management",NID_Management,4,&(lvalues[2839]),0}, -{"experimental","Experimental",NID_Experimental,4,&(lvalues[2843]),0}, -{"private","Private",NID_Private,4,&(lvalues[2847]),0}, -{"security","Security",NID_Security,4,&(lvalues[2851]),0}, -{"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2855]),0}, -{"Mail","Mail",NID_Mail,4,&(lvalues[2859]),0}, -{"enterprises","Enterprises",NID_Enterprises,5,&(lvalues[2863]),0}, -{"dcobject","dcObject",NID_dcObject,9,&(lvalues[2868]),0}, -{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2877]),0}, -{"domain","Domain",NID_Domain,10,&(lvalues[2887]),0}, + NID_X500algorithms,2,&(lvalues[2837]),0}, +{"ORG","org",NID_org,1,&(lvalues[2839]),0}, +{"DOD","dod",NID_dod,2,&(lvalues[2840]),0}, +{"IANA","iana",NID_iana,3,&(lvalues[2842]),0}, +{"directory","Directory",NID_Directory,4,&(lvalues[2845]),0}, +{"mgmt","Management",NID_Management,4,&(lvalues[2849]),0}, +{"experimental","Experimental",NID_Experimental,4,&(lvalues[2853]),0}, +{"private","Private",NID_Private,4,&(lvalues[2857]),0}, +{"security","Security",NID_Security,4,&(lvalues[2861]),0}, +{"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2865]),0}, +{"Mail","Mail",NID_Mail,4,&(lvalues[2869]),0}, +{"enterprises","Enterprises",NID_Enterprises,5,&(lvalues[2873]),0}, +{"dcobject","dcObject",NID_dcObject,9,&(lvalues[2878]),0}, +{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2887]),0}, +{"domain","Domain",NID_Domain,10,&(lvalues[2897]),0}, {"NULL","NULL",NID_joint_iso_ccitt,0,NULL,0}, {"selected-attribute-types","Selected Attribute Types", - NID_selected_attribute_types,3,&(lvalues[2897]),0}, -{"clearance","clearance",NID_clearance,4,&(lvalues[2900]),0}, + NID_selected_attribute_types,3,&(lvalues[2907]),0}, +{"clearance","clearance",NID_clearance,4,&(lvalues[2910]),0}, {"RSA-MD4","md4WithRSAEncryption",NID_md4WithRSAEncryption,9, - &(lvalues[2904]),0}, -{"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2913]),0}, + &(lvalues[2914]),0}, +{"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2923]),0}, {"subjectInfoAccess","Subject Information Access",NID_sinfo_access,8, - &(lvalues[2921]),0}, + &(lvalues[2931]),0}, {"id-aca-encAttrs","id-aca-encAttrs",NID_id_aca_encAttrs,8, - &(lvalues[2929]),0}, -{"role","role",NID_role,3,&(lvalues[2937]),0}, + &(lvalues[2939]),0}, +{"role","role",NID_role,3,&(lvalues[2947]),0}, {"policyConstraints","X509v3 Policy Constraints", - NID_policy_constraints,3,&(lvalues[2940]),0}, + NID_policy_constraints,3,&(lvalues[2950]),0}, {"targetInformation","X509v3 AC Targeting",NID_target_information,3, - &(lvalues[2943]),0}, + &(lvalues[2953]),0}, {"noRevAvail","X509v3 No Revocation Available",NID_no_rev_avail,3, - &(lvalues[2946]),0}, + &(lvalues[2956]),0}, {"NULL","NULL",NID_ccitt,0,NULL,0}, -{"ansi-X9-62","ANSI X9.62",NID_ansi_X9_62,5,&(lvalues[2949]),0}, -{"prime-field","prime-field",NID_X9_62_prime_field,7,&(lvalues[2954]),0}, +{"ansi-X9-62","ANSI X9.62",NID_ansi_X9_62,5,&(lvalues[2959]),0}, +{"prime-field","prime-field",NID_X9_62_prime_field,7,&(lvalues[2964]),0}, {"characteristic-two-field","characteristic-two-field", - NID_X9_62_characteristic_two_field,7,&(lvalues[2961]),0}, + NID_X9_62_characteristic_two_field,7,&(lvalues[2971]),0}, {"id-ecPublicKey","id-ecPublicKey",NID_X9_62_id_ecPublicKey,7, - &(lvalues[2968]),0}, -{"prime192v1","prime192v1",NID_X9_62_prime192v1,8,&(lvalues[2975]),0}, -{"prime192v2","prime192v2",NID_X9_62_prime192v2,8,&(lvalues[2983]),0}, -{"prime192v3","prime192v3",NID_X9_62_prime192v3,8,&(lvalues[2991]),0}, -{"prime239v1","prime239v1",NID_X9_62_prime239v1,8,&(lvalues[2999]),0}, -{"prime239v2","prime239v2",NID_X9_62_prime239v2,8,&(lvalues[3007]),0}, -{"prime239v3","prime239v3",NID_X9_62_prime239v3,8,&(lvalues[3015]),0}, -{"prime256v1","prime256v1",NID_X9_62_prime256v1,8,&(lvalues[3023]),0}, + &(lvalues[2978]),0}, +{"prime192v1","prime192v1",NID_X9_62_prime192v1,8,&(lvalues[2985]),0}, +{"prime192v2","prime192v2",NID_X9_62_prime192v2,8,&(lvalues[2993]),0}, +{"prime192v3","prime192v3",NID_X9_62_prime192v3,8,&(lvalues[3001]),0}, +{"prime239v1","prime239v1",NID_X9_62_prime239v1,8,&(lvalues[3009]),0}, +{"prime239v2","prime239v2",NID_X9_62_prime239v2,8,&(lvalues[3017]),0}, +{"prime239v3","prime239v3",NID_X9_62_prime239v3,8,&(lvalues[3025]),0}, +{"prime256v1","prime256v1",NID_X9_62_prime256v1,8,&(lvalues[3033]),0}, {"ecdsa-with-SHA1","ecdsa-with-SHA1",NID_ecdsa_with_SHA1,7, - &(lvalues[3031]),0}, -{"CSPName","Microsoft CSP Name",NID_ms_csp_name,9,&(lvalues[3038]),0}, -{"AES-128-ECB","aes-128-ecb",NID_aes_128_ecb,9,&(lvalues[3047]),0}, -{"AES-128-CBC","aes-128-cbc",NID_aes_128_cbc,9,&(lvalues[3056]),0}, -{"AES-128-OFB","aes-128-ofb",NID_aes_128_ofb128,9,&(lvalues[3065]),0}, -{"AES-128-CFB","aes-128-cfb",NID_aes_128_cfb128,9,&(lvalues[3074]),0}, -{"AES-192-ECB","aes-192-ecb",NID_aes_192_ecb,9,&(lvalues[3083]),0}, -{"AES-192-CBC","aes-192-cbc",NID_aes_192_cbc,9,&(lvalues[3092]),0}, -{"AES-192-OFB","aes-192-ofb",NID_aes_192_ofb128,9,&(lvalues[3101]),0}, -{"AES-192-CFB","aes-192-cfb",NID_aes_192_cfb128,9,&(lvalues[3110]),0}, -{"AES-256-ECB","aes-256-ecb",NID_aes_256_ecb,9,&(lvalues[3119]),0}, -{"AES-256-CBC","aes-256-cbc",NID_aes_256_cbc,9,&(lvalues[3128]),0}, -{"AES-256-OFB","aes-256-ofb",NID_aes_256_ofb128,9,&(lvalues[3137]),0}, -{"AES-256-CFB","aes-256-cfb",NID_aes_256_cfb128,9,&(lvalues[3146]),0}, + &(lvalues[3041]),0}, +{"CSPName","Microsoft CSP Name",NID_ms_csp_name,9,&(lvalues[3048]),0}, +{"AES-128-ECB","aes-128-ecb",NID_aes_128_ecb,9,&(lvalues[3057]),0}, +{"AES-128-CBC","aes-128-cbc",NID_aes_128_cbc,9,&(lvalues[3066]),0}, +{"AES-128-OFB","aes-128-ofb",NID_aes_128_ofb128,9,&(lvalues[3075]),0}, +{"AES-128-CFB","aes-128-cfb",NID_aes_128_cfb128,9,&(lvalues[3084]),0}, +{"AES-192-ECB","aes-192-ecb",NID_aes_192_ecb,9,&(lvalues[3093]),0}, +{"AES-192-CBC","aes-192-cbc",NID_aes_192_cbc,9,&(lvalues[3102]),0}, +{"AES-192-OFB","aes-192-ofb",NID_aes_192_ofb128,9,&(lvalues[3111]),0}, +{"AES-192-CFB","aes-192-cfb",NID_aes_192_cfb128,9,&(lvalues[3120]),0}, +{"AES-256-ECB","aes-256-ecb",NID_aes_256_ecb,9,&(lvalues[3129]),0}, +{"AES-256-CBC","aes-256-cbc",NID_aes_256_cbc,9,&(lvalues[3138]),0}, +{"AES-256-OFB","aes-256-ofb",NID_aes_256_ofb128,9,&(lvalues[3147]),0}, +{"AES-256-CFB","aes-256-cfb",NID_aes_256_cfb128,9,&(lvalues[3156]),0}, {"holdInstructionCode","Hold Instruction Code", - NID_hold_instruction_code,3,&(lvalues[3155]),0}, + NID_hold_instruction_code,3,&(lvalues[3165]),0}, {"holdInstructionNone","Hold Instruction None", - NID_hold_instruction_none,7,&(lvalues[3158]),0}, + NID_hold_instruction_none,7,&(lvalues[3168]),0}, {"holdInstructionCallIssuer","Hold Instruction Call Issuer", - NID_hold_instruction_call_issuer,7,&(lvalues[3165]),0}, + NID_hold_instruction_call_issuer,7,&(lvalues[3175]),0}, {"holdInstructionReject","Hold Instruction Reject", - NID_hold_instruction_reject,7,&(lvalues[3172]),0}, -{"data","data",NID_data,1,&(lvalues[3179]),0}, -{"pss","pss",NID_pss,3,&(lvalues[3180]),0}, -{"ucl","ucl",NID_ucl,7,&(lvalues[3183]),0}, -{"pilot","pilot",NID_pilot,8,&(lvalues[3190]),0}, + NID_hold_instruction_reject,7,&(lvalues[3182]),0}, +{"data","data",NID_data,1,&(lvalues[3189]),0}, +{"pss","pss",NID_pss,3,&(lvalues[3190]),0}, +{"ucl","ucl",NID_ucl,7,&(lvalues[3193]),0}, +{"pilot","pilot",NID_pilot,8,&(lvalues[3200]),0}, {"pilotAttributeType","pilotAttributeType",NID_pilotAttributeType,9, - &(lvalues[3198]),0}, + &(lvalues[3208]),0}, {"pilotAttributeSyntax","pilotAttributeSyntax", - NID_pilotAttributeSyntax,9,&(lvalues[3207]),0}, + NID_pilotAttributeSyntax,9,&(lvalues[3217]),0}, {"pilotObjectClass","pilotObjectClass",NID_pilotObjectClass,9, - &(lvalues[3216]),0}, -{"pilotGroups","pilotGroups",NID_pilotGroups,9,&(lvalues[3225]),0}, + &(lvalues[3226]),0}, +{"pilotGroups","pilotGroups",NID_pilotGroups,9,&(lvalues[3235]),0}, {"iA5StringSyntax","iA5StringSyntax",NID_iA5StringSyntax,10, - &(lvalues[3234]),0}, + &(lvalues[3244]),0}, {"caseIgnoreIA5StringSyntax","caseIgnoreIA5StringSyntax", - NID_caseIgnoreIA5StringSyntax,10,&(lvalues[3244]),0}, -{"pilotObject","pilotObject",NID_pilotObject,10,&(lvalues[3254]),0}, -{"pilotPerson","pilotPerson",NID_pilotPerson,10,&(lvalues[3264]),0}, -{"account","account",NID_account,10,&(lvalues[3274]),0}, -{"document","document",NID_document,10,&(lvalues[3284]),0}, -{"room","room",NID_room,10,&(lvalues[3294]),0}, + NID_caseIgnoreIA5StringSyntax,10,&(lvalues[3254]),0}, +{"pilotObject","pilotObject",NID_pilotObject,10,&(lvalues[3264]),0}, +{"pilotPerson","pilotPerson",NID_pilotPerson,10,&(lvalues[3274]),0}, +{"account","account",NID_account,10,&(lvalues[3284]),0}, +{"document","document",NID_document,10,&(lvalues[3294]),0}, +{"room","room",NID_room,10,&(lvalues[3304]),0}, {"documentSeries","documentSeries",NID_documentSeries,10, - &(lvalues[3304]),0}, -{"rFC822localPart","rFC822localPart",NID_rFC822localPart,10, &(lvalues[3314]),0}, -{"dNSDomain","dNSDomain",NID_dNSDomain,10,&(lvalues[3324]),0}, +{"rFC822localPart","rFC822localPart",NID_rFC822localPart,10, + &(lvalues[3324]),0}, +{"dNSDomain","dNSDomain",NID_dNSDomain,10,&(lvalues[3334]),0}, {"domainRelatedObject","domainRelatedObject",NID_domainRelatedObject, - 10,&(lvalues[3334]),0}, + 10,&(lvalues[3344]),0}, {"friendlyCountry","friendlyCountry",NID_friendlyCountry,10, - &(lvalues[3344]),0}, + &(lvalues[3354]),0}, {"simpleSecurityObject","simpleSecurityObject", - NID_simpleSecurityObject,10,&(lvalues[3354]),0}, + NID_simpleSecurityObject,10,&(lvalues[3364]),0}, {"pilotOrganization","pilotOrganization",NID_pilotOrganization,10, - &(lvalues[3364]),0}, -{"pilotDSA","pilotDSA",NID_pilotDSA,10,&(lvalues[3374]),0}, + &(lvalues[3374]),0}, +{"pilotDSA","pilotDSA",NID_pilotDSA,10,&(lvalues[3384]),0}, {"qualityLabelledData","qualityLabelledData",NID_qualityLabelledData, - 10,&(lvalues[3384]),0}, -{"UID","userId",NID_userId,10,&(lvalues[3394]),0}, + 10,&(lvalues[3394]),0}, +{"UID","userId",NID_userId,10,&(lvalues[3404]),0}, {"textEncodedORAddress","textEncodedORAddress", - NID_textEncodedORAddress,10,&(lvalues[3404]),0}, -{"mail","rfc822Mailbox",NID_rfc822Mailbox,10,&(lvalues[3414]),0}, -{"info","info",NID_info,10,&(lvalues[3424]),0}, + NID_textEncodedORAddress,10,&(lvalues[3414]),0}, +{"mail","rfc822Mailbox",NID_rfc822Mailbox,10,&(lvalues[3424]),0}, +{"info","info",NID_info,10,&(lvalues[3434]),0}, {"favouriteDrink","favouriteDrink",NID_favouriteDrink,10, - &(lvalues[3434]),0}, -{"roomNumber","roomNumber",NID_roomNumber,10,&(lvalues[3444]),0}, -{"photo","photo",NID_photo,10,&(lvalues[3454]),0}, -{"userClass","userClass",NID_userClass,10,&(lvalues[3464]),0}, -{"host","host",NID_host,10,&(lvalues[3474]),0}, -{"manager","manager",NID_manager,10,&(lvalues[3484]),0}, + &(lvalues[3444]),0}, +{"roomNumber","roomNumber",NID_roomNumber,10,&(lvalues[3454]),0}, +{"photo","photo",NID_photo,10,&(lvalues[3464]),0}, +{"userClass","userClass",NID_userClass,10,&(lvalues[3474]),0}, +{"host","host",NID_host,10,&(lvalues[3484]),0}, +{"manager","manager",NID_manager,10,&(lvalues[3494]),0}, {"documentIdentifier","documentIdentifier",NID_documentIdentifier,10, - &(lvalues[3494]),0}, -{"documentTitle","documentTitle",NID_documentTitle,10,&(lvalues[3504]),0}, + &(lvalues[3504]),0}, +{"documentTitle","documentTitle",NID_documentTitle,10,&(lvalues[3514]),0}, {"documentVersion","documentVersion",NID_documentVersion,10, - &(lvalues[3514]),0}, -{"documentAuthor","documentAuthor",NID_documentAuthor,10, &(lvalues[3524]),0}, -{"documentLocation","documentLocation",NID_documentLocation,10, +{"documentAuthor","documentAuthor",NID_documentAuthor,10, &(lvalues[3534]),0}, +{"documentLocation","documentLocation",NID_documentLocation,10, + &(lvalues[3544]),0}, {"homeTelephoneNumber","homeTelephoneNumber",NID_homeTelephoneNumber, - 10,&(lvalues[3544]),0}, -{"secretary","secretary",NID_secretary,10,&(lvalues[3554]),0}, -{"otherMailbox","otherMailbox",NID_otherMailbox,10,&(lvalues[3564]),0}, + 10,&(lvalues[3554]),0}, +{"secretary","secretary",NID_secretary,10,&(lvalues[3564]),0}, +{"otherMailbox","otherMailbox",NID_otherMailbox,10,&(lvalues[3574]),0}, {"lastModifiedTime","lastModifiedTime",NID_lastModifiedTime,10, - &(lvalues[3574]),0}, -{"lastModifiedBy","lastModifiedBy",NID_lastModifiedBy,10, &(lvalues[3584]),0}, -{"aRecord","aRecord",NID_aRecord,10,&(lvalues[3594]),0}, +{"lastModifiedBy","lastModifiedBy",NID_lastModifiedBy,10, + &(lvalues[3594]),0}, +{"aRecord","aRecord",NID_aRecord,10,&(lvalues[3604]),0}, {"pilotAttributeType27","pilotAttributeType27", - NID_pilotAttributeType27,10,&(lvalues[3604]),0}, -{"mXRecord","mXRecord",NID_mXRecord,10,&(lvalues[3614]),0}, -{"nSRecord","nSRecord",NID_nSRecord,10,&(lvalues[3624]),0}, -{"sOARecord","sOARecord",NID_sOARecord,10,&(lvalues[3634]),0}, -{"cNAMERecord","cNAMERecord",NID_cNAMERecord,10,&(lvalues[3644]),0}, + NID_pilotAttributeType27,10,&(lvalues[3614]),0}, +{"mXRecord","mXRecord",NID_mXRecord,10,&(lvalues[3624]),0}, +{"nSRecord","nSRecord",NID_nSRecord,10,&(lvalues[3634]),0}, +{"sOARecord","sOARecord",NID_sOARecord,10,&(lvalues[3644]),0}, +{"cNAMERecord","cNAMERecord",NID_cNAMERecord,10,&(lvalues[3654]),0}, {"associatedDomain","associatedDomain",NID_associatedDomain,10, - &(lvalues[3654]),0}, -{"associatedName","associatedName",NID_associatedName,10, &(lvalues[3664]),0}, -{"homePostalAddress","homePostalAddress",NID_homePostalAddress,10, +{"associatedName","associatedName",NID_associatedName,10, &(lvalues[3674]),0}, -{"personalTitle","personalTitle",NID_personalTitle,10,&(lvalues[3684]),0}, +{"homePostalAddress","homePostalAddress",NID_homePostalAddress,10, + &(lvalues[3684]),0}, +{"personalTitle","personalTitle",NID_personalTitle,10,&(lvalues[3694]),0}, {"mobileTelephoneNumber","mobileTelephoneNumber", - NID_mobileTelephoneNumber,10,&(lvalues[3694]),0}, + NID_mobileTelephoneNumber,10,&(lvalues[3704]),0}, {"pagerTelephoneNumber","pagerTelephoneNumber", - NID_pagerTelephoneNumber,10,&(lvalues[3704]),0}, + NID_pagerTelephoneNumber,10,&(lvalues[3714]),0}, {"friendlyCountryName","friendlyCountryName",NID_friendlyCountryName, - 10,&(lvalues[3714]),0}, + 10,&(lvalues[3724]),0}, {"organizationalStatus","organizationalStatus", - NID_organizationalStatus,10,&(lvalues[3724]),0}, -{"janetMailbox","janetMailbox",NID_janetMailbox,10,&(lvalues[3734]),0}, + NID_organizationalStatus,10,&(lvalues[3734]),0}, +{"janetMailbox","janetMailbox",NID_janetMailbox,10,&(lvalues[3744]),0}, {"mailPreferenceOption","mailPreferenceOption", - NID_mailPreferenceOption,10,&(lvalues[3744]),0}, -{"buildingName","buildingName",NID_buildingName,10,&(lvalues[3754]),0}, -{"dSAQuality","dSAQuality",NID_dSAQuality,10,&(lvalues[3764]),0}, + NID_mailPreferenceOption,10,&(lvalues[3754]),0}, +{"buildingName","buildingName",NID_buildingName,10,&(lvalues[3764]),0}, +{"dSAQuality","dSAQuality",NID_dSAQuality,10,&(lvalues[3774]),0}, {"singleLevelQuality","singleLevelQuality",NID_singleLevelQuality,10, - &(lvalues[3774]),0}, + &(lvalues[3784]),0}, {"subtreeMinimumQuality","subtreeMinimumQuality", - NID_subtreeMinimumQuality,10,&(lvalues[3784]),0}, + NID_subtreeMinimumQuality,10,&(lvalues[3794]),0}, {"subtreeMaximumQuality","subtreeMaximumQuality", - NID_subtreeMaximumQuality,10,&(lvalues[3794]),0}, + NID_subtreeMaximumQuality,10,&(lvalues[3804]),0}, {"personalSignature","personalSignature",NID_personalSignature,10, - &(lvalues[3804]),0}, -{"dITRedirect","dITRedirect",NID_dITRedirect,10,&(lvalues[3814]),0}, -{"audio","audio",NID_audio,10,&(lvalues[3824]),0}, + &(lvalues[3814]),0}, +{"dITRedirect","dITRedirect",NID_dITRedirect,10,&(lvalues[3824]),0}, +{"audio","audio",NID_audio,10,&(lvalues[3834]),0}, {"documentPublisher","documentPublisher",NID_documentPublisher,10, - &(lvalues[3834]),0}, + &(lvalues[3844]),0}, {"x500UniqueIdentifier","x500UniqueIdentifier", - NID_x500UniqueIdentifier,3,&(lvalues[3844]),0}, -{"mime-mhs","MIME MHS",NID_mime_mhs,5,&(lvalues[3847]),0}, + NID_x500UniqueIdentifier,3,&(lvalues[3854]),0}, +{"mime-mhs","MIME MHS",NID_mime_mhs,5,&(lvalues[3857]),0}, {"mime-mhs-headings","mime-mhs-headings",NID_mime_mhs_headings,6, - &(lvalues[3852]),0}, + &(lvalues[3862]),0}, {"mime-mhs-bodies","mime-mhs-bodies",NID_mime_mhs_bodies,6, - &(lvalues[3858]),0}, + &(lvalues[3868]),0}, {"id-hex-partial-message","id-hex-partial-message", - NID_id_hex_partial_message,7,&(lvalues[3864]),0}, + NID_id_hex_partial_message,7,&(lvalues[3874]),0}, {"id-hex-multipart-message","id-hex-multipart-message", - NID_id_hex_multipart_message,7,&(lvalues[3871]),0}, + NID_id_hex_multipart_message,7,&(lvalues[3881]),0}, {"generationQualifier","generationQualifier",NID_generationQualifier, - 3,&(lvalues[3878]),0}, -{"pseudonym","pseudonym",NID_pseudonym,3,&(lvalues[3881]),0}, + 3,&(lvalues[3888]),0}, +{"pseudonym","pseudonym",NID_pseudonym,3,&(lvalues[3891]),0}, {NULL,NULL,NID_undef,0,NULL,0}, {"id-set","Secure Electronic Transactions",NID_id_set,2, - &(lvalues[3884]),0}, -{"set-ctype","content types",NID_set_ctype,3,&(lvalues[3886]),0}, -{"set-msgExt","message extensions",NID_set_msgExt,3,&(lvalues[3889]),0}, -{"set-attr","set-attr",NID_set_attr,3,&(lvalues[3892]),0}, -{"set-policy","set-policy",NID_set_policy,3,&(lvalues[3895]),0}, + &(lvalues[3894]),0}, +{"set-ctype","content types",NID_set_ctype,3,&(lvalues[3896]),0}, +{"set-msgExt","message extensions",NID_set_msgExt,3,&(lvalues[3899]),0}, +{"set-attr","set-attr",NID_set_attr,3,&(lvalues[3902]),0}, +{"set-policy","set-policy",NID_set_policy,3,&(lvalues[3905]),0}, {"set-certExt","certificate extensions",NID_set_certExt,3, - &(lvalues[3898]),0}, -{"set-brand","set-brand",NID_set_brand,3,&(lvalues[3901]),0}, -{"setct-PANData","setct-PANData",NID_setct_PANData,4,&(lvalues[3904]),0}, -{"setct-PANToken","setct-PANToken",NID_setct_PANToken,4, &(lvalues[3908]),0}, -{"setct-PANOnly","setct-PANOnly",NID_setct_PANOnly,4,&(lvalues[3912]),0}, -{"setct-OIData","setct-OIData",NID_setct_OIData,4,&(lvalues[3916]),0}, -{"setct-PI","setct-PI",NID_setct_PI,4,&(lvalues[3920]),0}, -{"setct-PIData","setct-PIData",NID_setct_PIData,4,&(lvalues[3924]),0}, +{"set-brand","set-brand",NID_set_brand,3,&(lvalues[3911]),0}, +{"setct-PANData","setct-PANData",NID_setct_PANData,4,&(lvalues[3914]),0}, +{"setct-PANToken","setct-PANToken",NID_setct_PANToken,4, + &(lvalues[3918]),0}, +{"setct-PANOnly","setct-PANOnly",NID_setct_PANOnly,4,&(lvalues[3922]),0}, +{"setct-OIData","setct-OIData",NID_setct_OIData,4,&(lvalues[3926]),0}, +{"setct-PI","setct-PI",NID_setct_PI,4,&(lvalues[3930]),0}, +{"setct-PIData","setct-PIData",NID_setct_PIData,4,&(lvalues[3934]),0}, {"setct-PIDataUnsigned","setct-PIDataUnsigned", - NID_setct_PIDataUnsigned,4,&(lvalues[3928]),0}, + NID_setct_PIDataUnsigned,4,&(lvalues[3938]),0}, {"setct-HODInput","setct-HODInput",NID_setct_HODInput,4, - &(lvalues[3932]),0}, + &(lvalues[3942]),0}, {"setct-AuthResBaggage","setct-AuthResBaggage", - NID_setct_AuthResBaggage,4,&(lvalues[3936]),0}, + NID_setct_AuthResBaggage,4,&(lvalues[3946]),0}, {"setct-AuthRevReqBaggage","setct-AuthRevReqBaggage", - NID_setct_AuthRevReqBaggage,4,&(lvalues[3940]),0}, + NID_setct_AuthRevReqBaggage,4,&(lvalues[3950]),0}, {"setct-AuthRevResBaggage","setct-AuthRevResBaggage", - NID_setct_AuthRevResBaggage,4,&(lvalues[3944]),0}, + NID_setct_AuthRevResBaggage,4,&(lvalues[3954]),0}, {"setct-CapTokenSeq","setct-CapTokenSeq",NID_setct_CapTokenSeq,4, - &(lvalues[3948]),0}, + &(lvalues[3958]),0}, {"setct-PInitResData","setct-PInitResData",NID_setct_PInitResData,4, - &(lvalues[3952]),0}, -{"setct-PI-TBS","setct-PI-TBS",NID_setct_PI_TBS,4,&(lvalues[3956]),0}, + &(lvalues[3962]),0}, +{"setct-PI-TBS","setct-PI-TBS",NID_setct_PI_TBS,4,&(lvalues[3966]),0}, {"setct-PResData","setct-PResData",NID_setct_PResData,4, - &(lvalues[3960]),0}, + &(lvalues[3970]),0}, {"setct-AuthReqTBS","setct-AuthReqTBS",NID_setct_AuthReqTBS,4, - &(lvalues[3964]),0}, + &(lvalues[3974]),0}, {"setct-AuthResTBS","setct-AuthResTBS",NID_setct_AuthResTBS,4, - &(lvalues[3968]),0}, + &(lvalues[3978]),0}, {"setct-AuthResTBSX","setct-AuthResTBSX",NID_setct_AuthResTBSX,4, - &(lvalues[3972]),0}, + &(lvalues[3982]),0}, {"setct-AuthTokenTBS","setct-AuthTokenTBS",NID_setct_AuthTokenTBS,4, - &(lvalues[3976]),0}, + &(lvalues[3986]),0}, {"setct-CapTokenData","setct-CapTokenData",NID_setct_CapTokenData,4, - &(lvalues[3980]),0}, + &(lvalues[3990]),0}, {"setct-CapTokenTBS","setct-CapTokenTBS",NID_setct_CapTokenTBS,4, - &(lvalues[3984]),0}, + &(lvalues[3994]),0}, {"setct-AcqCardCodeMsg","setct-AcqCardCodeMsg", - NID_setct_AcqCardCodeMsg,4,&(lvalues[3988]),0}, + NID_setct_AcqCardCodeMsg,4,&(lvalues[3998]),0}, {"setct-AuthRevReqTBS","setct-AuthRevReqTBS",NID_setct_AuthRevReqTBS, - 4,&(lvalues[3992]),0}, + 4,&(lvalues[4002]),0}, {"setct-AuthRevResData","setct-AuthRevResData", - NID_setct_AuthRevResData,4,&(lvalues[3996]),0}, + NID_setct_AuthRevResData,4,&(lvalues[4006]),0}, {"setct-AuthRevResTBS","setct-AuthRevResTBS",NID_setct_AuthRevResTBS, - 4,&(lvalues[4000]),0}, + 4,&(lvalues[4010]),0}, {"setct-CapReqTBS","setct-CapReqTBS",NID_setct_CapReqTBS,4, - &(lvalues[4004]),0}, + &(lvalues[4014]),0}, {"setct-CapReqTBSX","setct-CapReqTBSX",NID_setct_CapReqTBSX,4, - &(lvalues[4008]),0}, + &(lvalues[4018]),0}, {"setct-CapResData","setct-CapResData",NID_setct_CapResData,4, - &(lvalues[4012]),0}, + &(lvalues[4022]),0}, {"setct-CapRevReqTBS","setct-CapRevReqTBS",NID_setct_CapRevReqTBS,4, - &(lvalues[4016]),0}, + &(lvalues[4026]),0}, {"setct-CapRevReqTBSX","setct-CapRevReqTBSX",NID_setct_CapRevReqTBSX, - 4,&(lvalues[4020]),0}, + 4,&(lvalues[4030]),0}, {"setct-CapRevResData","setct-CapRevResData",NID_setct_CapRevResData, - 4,&(lvalues[4024]),0}, + 4,&(lvalues[4034]),0}, {"setct-CredReqTBS","setct-CredReqTBS",NID_setct_CredReqTBS,4, - &(lvalues[4028]),0}, + &(lvalues[4038]),0}, {"setct-CredReqTBSX","setct-CredReqTBSX",NID_setct_CredReqTBSX,4, - &(lvalues[4032]),0}, + &(lvalues[4042]),0}, {"setct-CredResData","setct-CredResData",NID_setct_CredResData,4, - &(lvalues[4036]),0}, + &(lvalues[4046]),0}, {"setct-CredRevReqTBS","setct-CredRevReqTBS",NID_setct_CredRevReqTBS, - 4,&(lvalues[4040]),0}, + 4,&(lvalues[4050]),0}, {"setct-CredRevReqTBSX","setct-CredRevReqTBSX", - NID_setct_CredRevReqTBSX,4,&(lvalues[4044]),0}, + NID_setct_CredRevReqTBSX,4,&(lvalues[4054]),0}, {"setct-CredRevResData","setct-CredRevResData", - NID_setct_CredRevResData,4,&(lvalues[4048]),0}, + NID_setct_CredRevResData,4,&(lvalues[4058]),0}, {"setct-PCertReqData","setct-PCertReqData",NID_setct_PCertReqData,4, - &(lvalues[4052]),0}, + &(lvalues[4062]),0}, {"setct-PCertResTBS","setct-PCertResTBS",NID_setct_PCertResTBS,4, - &(lvalues[4056]),0}, + &(lvalues[4066]),0}, {"setct-BatchAdminReqData","setct-BatchAdminReqData", - NID_setct_BatchAdminReqData,4,&(lvalues[4060]),0}, + NID_setct_BatchAdminReqData,4,&(lvalues[4070]),0}, {"setct-BatchAdminResData","setct-BatchAdminResData", - NID_setct_BatchAdminResData,4,&(lvalues[4064]),0}, + NID_setct_BatchAdminResData,4,&(lvalues[4074]),0}, {"setct-CardCInitResTBS","setct-CardCInitResTBS", - NID_setct_CardCInitResTBS,4,&(lvalues[4068]),0}, + NID_setct_CardCInitResTBS,4,&(lvalues[4078]),0}, {"setct-MeAqCInitResTBS","setct-MeAqCInitResTBS", - NID_setct_MeAqCInitResTBS,4,&(lvalues[4072]),0}, + NID_setct_MeAqCInitResTBS,4,&(lvalues[4082]),0}, {"setct-RegFormResTBS","setct-RegFormResTBS",NID_setct_RegFormResTBS, - 4,&(lvalues[4076]),0}, + 4,&(lvalues[4086]),0}, {"setct-CertReqData","setct-CertReqData",NID_setct_CertReqData,4, - &(lvalues[4080]),0}, + &(lvalues[4090]),0}, {"setct-CertReqTBS","setct-CertReqTBS",NID_setct_CertReqTBS,4, - &(lvalues[4084]),0}, + &(lvalues[4094]),0}, {"setct-CertResData","setct-CertResData",NID_setct_CertResData,4, - &(lvalues[4088]),0}, + &(lvalues[4098]),0}, {"setct-CertInqReqTBS","setct-CertInqReqTBS",NID_setct_CertInqReqTBS, - 4,&(lvalues[4092]),0}, + 4,&(lvalues[4102]),0}, {"setct-ErrorTBS","setct-ErrorTBS",NID_setct_ErrorTBS,4, - &(lvalues[4096]),0}, + &(lvalues[4106]),0}, {"setct-PIDualSignedTBE","setct-PIDualSignedTBE", - NID_setct_PIDualSignedTBE,4,&(lvalues[4100]),0}, + NID_setct_PIDualSignedTBE,4,&(lvalues[4110]),0}, {"setct-PIUnsignedTBE","setct-PIUnsignedTBE",NID_setct_PIUnsignedTBE, - 4,&(lvalues[4104]),0}, + 4,&(lvalues[4114]),0}, {"setct-AuthReqTBE","setct-AuthReqTBE",NID_setct_AuthReqTBE,4, - &(lvalues[4108]),0}, + &(lvalues[4118]),0}, {"setct-AuthResTBE","setct-AuthResTBE",NID_setct_AuthResTBE,4, - &(lvalues[4112]),0}, + &(lvalues[4122]),0}, {"setct-AuthResTBEX","setct-AuthResTBEX",NID_setct_AuthResTBEX,4, - &(lvalues[4116]),0}, + &(lvalues[4126]),0}, {"setct-AuthTokenTBE","setct-AuthTokenTBE",NID_setct_AuthTokenTBE,4, - &(lvalues[4120]),0}, + &(lvalues[4130]),0}, {"setct-CapTokenTBE","setct-CapTokenTBE",NID_setct_CapTokenTBE,4, - &(lvalues[4124]),0}, + &(lvalues[4134]),0}, {"setct-CapTokenTBEX","setct-CapTokenTBEX",NID_setct_CapTokenTBEX,4, - &(lvalues[4128]),0}, + &(lvalues[4138]),0}, {"setct-AcqCardCodeMsgTBE","setct-AcqCardCodeMsgTBE", - NID_setct_AcqCardCodeMsgTBE,4,&(lvalues[4132]),0}, + NID_setct_AcqCardCodeMsgTBE,4,&(lvalues[4142]),0}, {"setct-AuthRevReqTBE","setct-AuthRevReqTBE",NID_setct_AuthRevReqTBE, - 4,&(lvalues[4136]),0}, + 4,&(lvalues[4146]),0}, {"setct-AuthRevResTBE","setct-AuthRevResTBE",NID_setct_AuthRevResTBE, - 4,&(lvalues[4140]),0}, + 4,&(lvalues[4150]),0}, {"setct-AuthRevResTBEB","setct-AuthRevResTBEB", - NID_setct_AuthRevResTBEB,4,&(lvalues[4144]),0}, + NID_setct_AuthRevResTBEB,4,&(lvalues[4154]),0}, {"setct-CapReqTBE","setct-CapReqTBE",NID_setct_CapReqTBE,4, - &(lvalues[4148]),0}, + &(lvalues[4158]),0}, {"setct-CapReqTBEX","setct-CapReqTBEX",NID_setct_CapReqTBEX,4, - &(lvalues[4152]),0}, + &(lvalues[4162]),0}, {"setct-CapResTBE","setct-CapResTBE",NID_setct_CapResTBE,4, - &(lvalues[4156]),0}, + &(lvalues[4166]),0}, {"setct-CapRevReqTBE","setct-CapRevReqTBE",NID_setct_CapRevReqTBE,4, - &(lvalues[4160]),0}, + &(lvalues[4170]),0}, {"setct-CapRevReqTBEX","setct-CapRevReqTBEX",NID_setct_CapRevReqTBEX, - 4,&(lvalues[4164]),0}, + 4,&(lvalues[4174]),0}, {"setct-CapRevResTBE","setct-CapRevResTBE",NID_setct_CapRevResTBE,4, - &(lvalues[4168]),0}, + &(lvalues[4178]),0}, {"setct-CredReqTBE","setct-CredReqTBE",NID_setct_CredReqTBE,4, - &(lvalues[4172]),0}, + &(lvalues[4182]),0}, {"setct-CredReqTBEX","setct-CredReqTBEX",NID_setct_CredReqTBEX,4, - &(lvalues[4176]),0}, + &(lvalues[4186]),0}, {"setct-CredResTBE","setct-CredResTBE",NID_setct_CredResTBE,4, - &(lvalues[4180]),0}, + &(lvalues[4190]),0}, {"setct-CredRevReqTBE","setct-CredRevReqTBE",NID_setct_CredRevReqTBE, - 4,&(lvalues[4184]),0}, + 4,&(lvalues[4194]),0}, {"setct-CredRevReqTBEX","setct-CredRevReqTBEX", - NID_setct_CredRevReqTBEX,4,&(lvalues[4188]),0}, + NID_setct_CredRevReqTBEX,4,&(lvalues[4198]),0}, {"setct-CredRevResTBE","setct-CredRevResTBE",NID_setct_CredRevResTBE, - 4,&(lvalues[4192]),0}, + 4,&(lvalues[4202]),0}, {"setct-BatchAdminReqTBE","setct-BatchAdminReqTBE", - NID_setct_BatchAdminReqTBE,4,&(lvalues[4196]),0}, + NID_setct_BatchAdminReqTBE,4,&(lvalues[4206]),0}, {"setct-BatchAdminResTBE","setct-BatchAdminResTBE", - NID_setct_BatchAdminResTBE,4,&(lvalues[4200]),0}, + NID_setct_BatchAdminResTBE,4,&(lvalues[4210]),0}, {"setct-RegFormReqTBE","setct-RegFormReqTBE",NID_setct_RegFormReqTBE, - 4,&(lvalues[4204]),0}, + 4,&(lvalues[4214]),0}, {"setct-CertReqTBE","setct-CertReqTBE",NID_setct_CertReqTBE,4, - &(lvalues[4208]),0}, + &(lvalues[4218]),0}, {"setct-CertReqTBEX","setct-CertReqTBEX",NID_setct_CertReqTBEX,4, - &(lvalues[4212]),0}, + &(lvalues[4222]),0}, {"setct-CertResTBE","setct-CertResTBE",NID_setct_CertResTBE,4, - &(lvalues[4216]),0}, + &(lvalues[4226]),0}, {"setct-CRLNotificationTBS","setct-CRLNotificationTBS", - NID_setct_CRLNotificationTBS,4,&(lvalues[4220]),0}, + NID_setct_CRLNotificationTBS,4,&(lvalues[4230]),0}, {"setct-CRLNotificationResTBS","setct-CRLNotificationResTBS", - NID_setct_CRLNotificationResTBS,4,&(lvalues[4224]),0}, + NID_setct_CRLNotificationResTBS,4,&(lvalues[4234]),0}, {"setct-BCIDistributionTBS","setct-BCIDistributionTBS", - NID_setct_BCIDistributionTBS,4,&(lvalues[4228]),0}, + NID_setct_BCIDistributionTBS,4,&(lvalues[4238]),0}, {"setext-genCrypt","generic cryptogram",NID_setext_genCrypt,4, - &(lvalues[4232]),0}, + &(lvalues[4242]),0}, {"setext-miAuth","merchant initiated auth",NID_setext_miAuth,4, - &(lvalues[4236]),0}, + &(lvalues[4246]),0}, {"setext-pinSecure","setext-pinSecure",NID_setext_pinSecure,4, - &(lvalues[4240]),0}, -{"setext-pinAny","setext-pinAny",NID_setext_pinAny,4,&(lvalues[4244]),0}, -{"setext-track2","setext-track2",NID_setext_track2,4,&(lvalues[4248]),0}, + &(lvalues[4250]),0}, +{"setext-pinAny","setext-pinAny",NID_setext_pinAny,4,&(lvalues[4254]),0}, +{"setext-track2","setext-track2",NID_setext_track2,4,&(lvalues[4258]),0}, {"setext-cv","additional verification",NID_setext_cv,4, - &(lvalues[4252]),0}, + &(lvalues[4262]),0}, {"set-policy-root","set-policy-root",NID_set_policy_root,4, - &(lvalues[4256]),0}, + &(lvalues[4266]),0}, {"setCext-hashedRoot","setCext-hashedRoot",NID_setCext_hashedRoot,4, - &(lvalues[4260]),0}, + &(lvalues[4270]),0}, {"setCext-certType","setCext-certType",NID_setCext_certType,4, - &(lvalues[4264]),0}, + &(lvalues[4274]),0}, {"setCext-merchData","setCext-merchData",NID_setCext_merchData,4, - &(lvalues[4268]),0}, + &(lvalues[4278]),0}, {"setCext-cCertRequired","setCext-cCertRequired", - NID_setCext_cCertRequired,4,&(lvalues[4272]),0}, + NID_setCext_cCertRequired,4,&(lvalues[4282]),0}, {"setCext-tunneling","setCext-tunneling",NID_setCext_tunneling,4, - &(lvalues[4276]),0}, + &(lvalues[4286]),0}, {"setCext-setExt","setCext-setExt",NID_setCext_setExt,4, - &(lvalues[4280]),0}, + &(lvalues[4290]),0}, {"setCext-setQualf","setCext-setQualf",NID_setCext_setQualf,4, - &(lvalues[4284]),0}, + &(lvalues[4294]),0}, {"setCext-PGWYcapabilities","setCext-PGWYcapabilities", - NID_setCext_PGWYcapabilities,4,&(lvalues[4288]),0}, + NID_setCext_PGWYcapabilities,4,&(lvalues[4298]),0}, {"setCext-TokenIdentifier","setCext-TokenIdentifier", - NID_setCext_TokenIdentifier,4,&(lvalues[4292]),0}, + NID_setCext_TokenIdentifier,4,&(lvalues[4302]),0}, {"setCext-Track2Data","setCext-Track2Data",NID_setCext_Track2Data,4, - &(lvalues[4296]),0}, + &(lvalues[4306]),0}, {"setCext-TokenType","setCext-TokenType",NID_setCext_TokenType,4, - &(lvalues[4300]),0}, + &(lvalues[4310]),0}, {"setCext-IssuerCapabilities","setCext-IssuerCapabilities", - NID_setCext_IssuerCapabilities,4,&(lvalues[4304]),0}, -{"setAttr-Cert","setAttr-Cert",NID_setAttr_Cert,4,&(lvalues[4308]),0}, + NID_setCext_IssuerCapabilities,4,&(lvalues[4314]),0}, +{"setAttr-Cert","setAttr-Cert",NID_setAttr_Cert,4,&(lvalues[4318]),0}, {"setAttr-PGWYcap","payment gateway capabilities",NID_setAttr_PGWYcap, - 4,&(lvalues[4312]),0}, + 4,&(lvalues[4322]),0}, {"setAttr-TokenType","setAttr-TokenType",NID_setAttr_TokenType,4, - &(lvalues[4316]),0}, + &(lvalues[4326]),0}, {"setAttr-IssCap","issuer capabilities",NID_setAttr_IssCap,4, - &(lvalues[4320]),0}, + &(lvalues[4330]),0}, {"set-rootKeyThumb","set-rootKeyThumb",NID_set_rootKeyThumb,5, - &(lvalues[4324]),0}, -{"set-addPolicy","set-addPolicy",NID_set_addPolicy,5,&(lvalues[4329]),0}, -{"setAttr-Token-EMV","setAttr-Token-EMV",NID_setAttr_Token_EMV,5, &(lvalues[4334]),0}, +{"set-addPolicy","set-addPolicy",NID_set_addPolicy,5,&(lvalues[4339]),0}, +{"setAttr-Token-EMV","setAttr-Token-EMV",NID_setAttr_Token_EMV,5, + &(lvalues[4344]),0}, {"setAttr-Token-B0Prime","setAttr-Token-B0Prime", - NID_setAttr_Token_B0Prime,5,&(lvalues[4339]),0}, + NID_setAttr_Token_B0Prime,5,&(lvalues[4349]),0}, {"setAttr-IssCap-CVM","setAttr-IssCap-CVM",NID_setAttr_IssCap_CVM,5, - &(lvalues[4344]),0}, + &(lvalues[4354]),0}, {"setAttr-IssCap-T2","setAttr-IssCap-T2",NID_setAttr_IssCap_T2,5, - &(lvalues[4349]),0}, + &(lvalues[4359]),0}, {"setAttr-IssCap-Sig","setAttr-IssCap-Sig",NID_setAttr_IssCap_Sig,5, - &(lvalues[4354]),0}, + &(lvalues[4364]),0}, {"setAttr-GenCryptgrm","generate cryptogram",NID_setAttr_GenCryptgrm, - 6,&(lvalues[4359]),0}, + 6,&(lvalues[4369]),0}, {"setAttr-T2Enc","encrypted track 2",NID_setAttr_T2Enc,6, - &(lvalues[4365]),0}, + &(lvalues[4375]),0}, {"setAttr-T2cleartxt","cleartext track 2",NID_setAttr_T2cleartxt,6, - &(lvalues[4371]),0}, + &(lvalues[4381]),0}, {"setAttr-TokICCsig","ICC or token signature",NID_setAttr_TokICCsig,6, - &(lvalues[4377]),0}, + &(lvalues[4387]),0}, {"setAttr-SecDevSig","secure device signature",NID_setAttr_SecDevSig, - 6,&(lvalues[4383]),0}, + 6,&(lvalues[4393]),0}, {"set-brand-IATA-ATA","set-brand-IATA-ATA",NID_set_brand_IATA_ATA,4, - &(lvalues[4389]),0}, + &(lvalues[4399]),0}, {"set-brand-Diners","set-brand-Diners",NID_set_brand_Diners,4, - &(lvalues[4393]),0}, + &(lvalues[4403]),0}, {"set-brand-AmericanExpress","set-brand-AmericanExpress", - NID_set_brand_AmericanExpress,4,&(lvalues[4397]),0}, -{"set-brand-JCB","set-brand-JCB",NID_set_brand_JCB,4,&(lvalues[4401]),0}, + NID_set_brand_AmericanExpress,4,&(lvalues[4407]),0}, +{"set-brand-JCB","set-brand-JCB",NID_set_brand_JCB,4,&(lvalues[4411]),0}, {"set-brand-Visa","set-brand-Visa",NID_set_brand_Visa,4, - &(lvalues[4405]),0}, + &(lvalues[4415]),0}, {"set-brand-MasterCard","set-brand-MasterCard", - NID_set_brand_MasterCard,4,&(lvalues[4409]),0}, + NID_set_brand_MasterCard,4,&(lvalues[4419]),0}, {"set-brand-Novus","set-brand-Novus",NID_set_brand_Novus,5, - &(lvalues[4413]),0}, -{"DES-CDMF","des-cdmf",NID_des_cdmf,8,&(lvalues[4418]),0}, + &(lvalues[4423]),0}, +{"DES-CDMF","des-cdmf",NID_des_cdmf,8,&(lvalues[4428]),0}, {"rsaOAEPEncryptionSET","rsaOAEPEncryptionSET", - NID_rsaOAEPEncryptionSET,9,&(lvalues[4426]),0}, + NID_rsaOAEPEncryptionSET,9,&(lvalues[4436]),0}, {"ITU-T","itu-t",NID_itu_t,0,NULL,0}, {"JOINT-ISO-ITU-T","joint-iso-itu-t",NID_joint_iso_itu_t,0,NULL,0}, {"international-organizations","International Organizations", - NID_international_organizations,1,&(lvalues[4435]),0}, + NID_international_organizations,1,&(lvalues[4445]),0}, {"msSmartcardLogin","Microsoft Smartcardlogin",NID_ms_smartcard_login, - 10,&(lvalues[4436]),0}, + 10,&(lvalues[4446]),0}, {"msUPN","Microsoft Universal Principal Name",NID_ms_upn,10, - &(lvalues[4446]),0}, + &(lvalues[4456]),0}, {"AES-128-CFB1","aes-128-cfb1",NID_aes_128_cfb1,0,NULL,0}, {"AES-192-CFB1","aes-192-cfb1",NID_aes_192_cfb1,0,NULL,0}, {"AES-256-CFB1","aes-256-cfb1",NID_aes_256_cfb1,0,NULL,0}, @@ -2017,138 +2018,138 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ {"DES-CFB8","des-cfb8",NID_des_cfb8,0,NULL,0}, {"DES-EDE3-CFB1","des-ede3-cfb1",NID_des_ede3_cfb1,0,NULL,0}, {"DES-EDE3-CFB8","des-ede3-cfb8",NID_des_ede3_cfb8,0,NULL,0}, -{"street","streetAddress",NID_streetAddress,3,&(lvalues[4456]),0}, -{"postalCode","postalCode",NID_postalCode,3,&(lvalues[4459]),0}, -{"id-ppl","id-ppl",NID_id_ppl,7,&(lvalues[4462]),0}, +{"street","streetAddress",NID_streetAddress,3,&(lvalues[4466]),0}, +{"postalCode","postalCode",NID_postalCode,3,&(lvalues[4469]),0}, +{"id-ppl","id-ppl",NID_id_ppl,7,&(lvalues[4472]),0}, {"proxyCertInfo","Proxy Certificate Information",NID_proxyCertInfo,8, - &(lvalues[4469]),0}, + &(lvalues[4479]),0}, {"id-ppl-anyLanguage","Any language",NID_id_ppl_anyLanguage,8, - &(lvalues[4477]),0}, + &(lvalues[4487]),0}, {"id-ppl-inheritAll","Inherit all",NID_id_ppl_inheritAll,8, - &(lvalues[4485]),0}, + &(lvalues[4495]),0}, {"nameConstraints","X509v3 Name Constraints",NID_name_constraints,3, - &(lvalues[4493]),0}, -{"id-ppl-independent","Independent",NID_Independent,8,&(lvalues[4496]),0}, + &(lvalues[4503]),0}, +{"id-ppl-independent","Independent",NID_Independent,8,&(lvalues[4506]),0}, {"RSA-SHA256","sha256WithRSAEncryption",NID_sha256WithRSAEncryption,9, - &(lvalues[4504]),0}, + &(lvalues[4514]),0}, {"RSA-SHA384","sha384WithRSAEncryption",NID_sha384WithRSAEncryption,9, - &(lvalues[4513]),0}, + &(lvalues[4523]),0}, {"RSA-SHA512","sha512WithRSAEncryption",NID_sha512WithRSAEncryption,9, - &(lvalues[4522]),0}, + &(lvalues[4532]),0}, {"RSA-SHA224","sha224WithRSAEncryption",NID_sha224WithRSAEncryption,9, - &(lvalues[4531]),0}, -{"SHA256","sha256",NID_sha256,9,&(lvalues[4540]),0}, -{"SHA384","sha384",NID_sha384,9,&(lvalues[4549]),0}, -{"SHA512","sha512",NID_sha512,9,&(lvalues[4558]),0}, -{"SHA224","sha224",NID_sha224,9,&(lvalues[4567]),0}, + &(lvalues[4541]),0}, +{"SHA256","sha256",NID_sha256,9,&(lvalues[4550]),0}, +{"SHA384","sha384",NID_sha384,9,&(lvalues[4559]),0}, +{"SHA512","sha512",NID_sha512,9,&(lvalues[4568]),0}, +{"SHA224","sha224",NID_sha224,9,&(lvalues[4577]),0}, {"identified-organization","identified-organization", - NID_identified_organization,1,&(lvalues[4576]),0}, -{"certicom-arc","certicom-arc",NID_certicom_arc,3,&(lvalues[4577]),0}, -{"wap","wap",NID_wap,2,&(lvalues[4580]),0}, -{"wap-wsg","wap-wsg",NID_wap_wsg,3,&(lvalues[4582]),0}, + NID_identified_organization,1,&(lvalues[4586]),0}, +{"certicom-arc","certicom-arc",NID_certicom_arc,3,&(lvalues[4587]),0}, +{"wap","wap",NID_wap,2,&(lvalues[4590]),0}, +{"wap-wsg","wap-wsg",NID_wap_wsg,3,&(lvalues[4592]),0}, {"id-characteristic-two-basis","id-characteristic-two-basis", - NID_X9_62_id_characteristic_two_basis,8,&(lvalues[4585]),0}, -{"onBasis","onBasis",NID_X9_62_onBasis,9,&(lvalues[4593]),0}, -{"tpBasis","tpBasis",NID_X9_62_tpBasis,9,&(lvalues[4602]),0}, -{"ppBasis","ppBasis",NID_X9_62_ppBasis,9,&(lvalues[4611]),0}, -{"c2pnb163v1","c2pnb163v1",NID_X9_62_c2pnb163v1,8,&(lvalues[4620]),0}, -{"c2pnb163v2","c2pnb163v2",NID_X9_62_c2pnb163v2,8,&(lvalues[4628]),0}, -{"c2pnb163v3","c2pnb163v3",NID_X9_62_c2pnb163v3,8,&(lvalues[4636]),0}, -{"c2pnb176v1","c2pnb176v1",NID_X9_62_c2pnb176v1,8,&(lvalues[4644]),0}, -{"c2tnb191v1","c2tnb191v1",NID_X9_62_c2tnb191v1,8,&(lvalues[4652]),0}, -{"c2tnb191v2","c2tnb191v2",NID_X9_62_c2tnb191v2,8,&(lvalues[4660]),0}, -{"c2tnb191v3","c2tnb191v3",NID_X9_62_c2tnb191v3,8,&(lvalues[4668]),0}, -{"c2onb191v4","c2onb191v4",NID_X9_62_c2onb191v4,8,&(lvalues[4676]),0}, -{"c2onb191v5","c2onb191v5",NID_X9_62_c2onb191v5,8,&(lvalues[4684]),0}, -{"c2pnb208w1","c2pnb208w1",NID_X9_62_c2pnb208w1,8,&(lvalues[4692]),0}, -{"c2tnb239v1","c2tnb239v1",NID_X9_62_c2tnb239v1,8,&(lvalues[4700]),0}, -{"c2tnb239v2","c2tnb239v2",NID_X9_62_c2tnb239v2,8,&(lvalues[4708]),0}, -{"c2tnb239v3","c2tnb239v3",NID_X9_62_c2tnb239v3,8,&(lvalues[4716]),0}, -{"c2onb239v4","c2onb239v4",NID_X9_62_c2onb239v4,8,&(lvalues[4724]),0}, -{"c2onb239v5","c2onb239v5",NID_X9_62_c2onb239v5,8,&(lvalues[4732]),0}, -{"c2pnb272w1","c2pnb272w1",NID_X9_62_c2pnb272w1,8,&(lvalues[4740]),0}, -{"c2pnb304w1","c2pnb304w1",NID_X9_62_c2pnb304w1,8,&(lvalues[4748]),0}, -{"c2tnb359v1","c2tnb359v1",NID_X9_62_c2tnb359v1,8,&(lvalues[4756]),0}, -{"c2pnb368w1","c2pnb368w1",NID_X9_62_c2pnb368w1,8,&(lvalues[4764]),0}, -{"c2tnb431r1","c2tnb431r1",NID_X9_62_c2tnb431r1,8,&(lvalues[4772]),0}, -{"secp112r1","secp112r1",NID_secp112r1,5,&(lvalues[4780]),0}, -{"secp112r2","secp112r2",NID_secp112r2,5,&(lvalues[4785]),0}, -{"secp128r1","secp128r1",NID_secp128r1,5,&(lvalues[4790]),0}, -{"secp128r2","secp128r2",NID_secp128r2,5,&(lvalues[4795]),0}, -{"secp160k1","secp160k1",NID_secp160k1,5,&(lvalues[4800]),0}, -{"secp160r1","secp160r1",NID_secp160r1,5,&(lvalues[4805]),0}, -{"secp160r2","secp160r2",NID_secp160r2,5,&(lvalues[4810]),0}, -{"secp192k1","secp192k1",NID_secp192k1,5,&(lvalues[4815]),0}, -{"secp224k1","secp224k1",NID_secp224k1,5,&(lvalues[4820]),0}, -{"secp224r1","secp224r1",NID_secp224r1,5,&(lvalues[4825]),0}, -{"secp256k1","secp256k1",NID_secp256k1,5,&(lvalues[4830]),0}, -{"secp384r1","secp384r1",NID_secp384r1,5,&(lvalues[4835]),0}, -{"secp521r1","secp521r1",NID_secp521r1,5,&(lvalues[4840]),0}, -{"sect113r1","sect113r1",NID_sect113r1,5,&(lvalues[4845]),0}, -{"sect113r2","sect113r2",NID_sect113r2,5,&(lvalues[4850]),0}, -{"sect131r1","sect131r1",NID_sect131r1,5,&(lvalues[4855]),0}, -{"sect131r2","sect131r2",NID_sect131r2,5,&(lvalues[4860]),0}, -{"sect163k1","sect163k1",NID_sect163k1,5,&(lvalues[4865]),0}, -{"sect163r1","sect163r1",NID_sect163r1,5,&(lvalues[4870]),0}, -{"sect163r2","sect163r2",NID_sect163r2,5,&(lvalues[4875]),0}, -{"sect193r1","sect193r1",NID_sect193r1,5,&(lvalues[4880]),0}, -{"sect193r2","sect193r2",NID_sect193r2,5,&(lvalues[4885]),0}, -{"sect233k1","sect233k1",NID_sect233k1,5,&(lvalues[4890]),0}, -{"sect233r1","sect233r1",NID_sect233r1,5,&(lvalues[4895]),0}, -{"sect239k1","sect239k1",NID_sect239k1,5,&(lvalues[4900]),0}, -{"sect283k1","sect283k1",NID_sect283k1,5,&(lvalues[4905]),0}, -{"sect283r1","sect283r1",NID_sect283r1,5,&(lvalues[4910]),0}, -{"sect409k1","sect409k1",NID_sect409k1,5,&(lvalues[4915]),0}, -{"sect409r1","sect409r1",NID_sect409r1,5,&(lvalues[4920]),0}, -{"sect571k1","sect571k1",NID_sect571k1,5,&(lvalues[4925]),0}, -{"sect571r1","sect571r1",NID_sect571r1,5,&(lvalues[4930]),0}, + NID_X9_62_id_characteristic_two_basis,8,&(lvalues[4595]),0}, +{"onBasis","onBasis",NID_X9_62_onBasis,9,&(lvalues[4603]),0}, +{"tpBasis","tpBasis",NID_X9_62_tpBasis,9,&(lvalues[4612]),0}, +{"ppBasis","ppBasis",NID_X9_62_ppBasis,9,&(lvalues[4621]),0}, +{"c2pnb163v1","c2pnb163v1",NID_X9_62_c2pnb163v1,8,&(lvalues[4630]),0}, +{"c2pnb163v2","c2pnb163v2",NID_X9_62_c2pnb163v2,8,&(lvalues[4638]),0}, +{"c2pnb163v3","c2pnb163v3",NID_X9_62_c2pnb163v3,8,&(lvalues[4646]),0}, +{"c2pnb176v1","c2pnb176v1",NID_X9_62_c2pnb176v1,8,&(lvalues[4654]),0}, +{"c2tnb191v1","c2tnb191v1",NID_X9_62_c2tnb191v1,8,&(lvalues[4662]),0}, +{"c2tnb191v2","c2tnb191v2",NID_X9_62_c2tnb191v2,8,&(lvalues[4670]),0}, +{"c2tnb191v3","c2tnb191v3",NID_X9_62_c2tnb191v3,8,&(lvalues[4678]),0}, +{"c2onb191v4","c2onb191v4",NID_X9_62_c2onb191v4,8,&(lvalues[4686]),0}, +{"c2onb191v5","c2onb191v5",NID_X9_62_c2onb191v5,8,&(lvalues[4694]),0}, +{"c2pnb208w1","c2pnb208w1",NID_X9_62_c2pnb208w1,8,&(lvalues[4702]),0}, +{"c2tnb239v1","c2tnb239v1",NID_X9_62_c2tnb239v1,8,&(lvalues[4710]),0}, +{"c2tnb239v2","c2tnb239v2",NID_X9_62_c2tnb239v2,8,&(lvalues[4718]),0}, +{"c2tnb239v3","c2tnb239v3",NID_X9_62_c2tnb239v3,8,&(lvalues[4726]),0}, +{"c2onb239v4","c2onb239v4",NID_X9_62_c2onb239v4,8,&(lvalues[4734]),0}, +{"c2onb239v5","c2onb239v5",NID_X9_62_c2onb239v5,8,&(lvalues[4742]),0}, +{"c2pnb272w1","c2pnb272w1",NID_X9_62_c2pnb272w1,8,&(lvalues[4750]),0}, +{"c2pnb304w1","c2pnb304w1",NID_X9_62_c2pnb304w1,8,&(lvalues[4758]),0}, +{"c2tnb359v1","c2tnb359v1",NID_X9_62_c2tnb359v1,8,&(lvalues[4766]),0}, +{"c2pnb368w1","c2pnb368w1",NID_X9_62_c2pnb368w1,8,&(lvalues[4774]),0}, +{"c2tnb431r1","c2tnb431r1",NID_X9_62_c2tnb431r1,8,&(lvalues[4782]),0}, +{"secp112r1","secp112r1",NID_secp112r1,5,&(lvalues[4790]),0}, +{"secp112r2","secp112r2",NID_secp112r2,5,&(lvalues[4795]),0}, +{"secp128r1","secp128r1",NID_secp128r1,5,&(lvalues[4800]),0}, +{"secp128r2","secp128r2",NID_secp128r2,5,&(lvalues[4805]),0}, +{"secp160k1","secp160k1",NID_secp160k1,5,&(lvalues[4810]),0}, +{"secp160r1","secp160r1",NID_secp160r1,5,&(lvalues[4815]),0}, +{"secp160r2","secp160r2",NID_secp160r2,5,&(lvalues[4820]),0}, +{"secp192k1","secp192k1",NID_secp192k1,5,&(lvalues[4825]),0}, +{"secp224k1","secp224k1",NID_secp224k1,5,&(lvalues[4830]),0}, +{"secp224r1","secp224r1",NID_secp224r1,5,&(lvalues[4835]),0}, +{"secp256k1","secp256k1",NID_secp256k1,5,&(lvalues[4840]),0}, +{"secp384r1","secp384r1",NID_secp384r1,5,&(lvalues[4845]),0}, +{"secp521r1","secp521r1",NID_secp521r1,5,&(lvalues[4850]),0}, +{"sect113r1","sect113r1",NID_sect113r1,5,&(lvalues[4855]),0}, +{"sect113r2","sect113r2",NID_sect113r2,5,&(lvalues[4860]),0}, +{"sect131r1","sect131r1",NID_sect131r1,5,&(lvalues[4865]),0}, +{"sect131r2","sect131r2",NID_sect131r2,5,&(lvalues[4870]),0}, +{"sect163k1","sect163k1",NID_sect163k1,5,&(lvalues[4875]),0}, +{"sect163r1","sect163r1",NID_sect163r1,5,&(lvalues[4880]),0}, +{"sect163r2","sect163r2",NID_sect163r2,5,&(lvalues[4885]),0}, +{"sect193r1","sect193r1",NID_sect193r1,5,&(lvalues[4890]),0}, +{"sect193r2","sect193r2",NID_sect193r2,5,&(lvalues[4895]),0}, +{"sect233k1","sect233k1",NID_sect233k1,5,&(lvalues[4900]),0}, +{"sect233r1","sect233r1",NID_sect233r1,5,&(lvalues[4905]),0}, +{"sect239k1","sect239k1",NID_sect239k1,5,&(lvalues[4910]),0}, +{"sect283k1","sect283k1",NID_sect283k1,5,&(lvalues[4915]),0}, +{"sect283r1","sect283r1",NID_sect283r1,5,&(lvalues[4920]),0}, +{"sect409k1","sect409k1",NID_sect409k1,5,&(lvalues[4925]),0}, +{"sect409r1","sect409r1",NID_sect409r1,5,&(lvalues[4930]),0}, +{"sect571k1","sect571k1",NID_sect571k1,5,&(lvalues[4935]),0}, +{"sect571r1","sect571r1",NID_sect571r1,5,&(lvalues[4940]),0}, {"wap-wsg-idm-ecid-wtls1","wap-wsg-idm-ecid-wtls1", - NID_wap_wsg_idm_ecid_wtls1,5,&(lvalues[4935]),0}, + NID_wap_wsg_idm_ecid_wtls1,5,&(lvalues[4945]),0}, {"wap-wsg-idm-ecid-wtls3","wap-wsg-idm-ecid-wtls3", - NID_wap_wsg_idm_ecid_wtls3,5,&(lvalues[4940]),0}, + NID_wap_wsg_idm_ecid_wtls3,5,&(lvalues[4950]),0}, {"wap-wsg-idm-ecid-wtls4","wap-wsg-idm-ecid-wtls4", - NID_wap_wsg_idm_ecid_wtls4,5,&(lvalues[4945]),0}, + NID_wap_wsg_idm_ecid_wtls4,5,&(lvalues[4955]),0}, {"wap-wsg-idm-ecid-wtls5","wap-wsg-idm-ecid-wtls5", - NID_wap_wsg_idm_ecid_wtls5,5,&(lvalues[4950]),0}, + NID_wap_wsg_idm_ecid_wtls5,5,&(lvalues[4960]),0}, {"wap-wsg-idm-ecid-wtls6","wap-wsg-idm-ecid-wtls6", - NID_wap_wsg_idm_ecid_wtls6,5,&(lvalues[4955]),0}, + NID_wap_wsg_idm_ecid_wtls6,5,&(lvalues[4965]),0}, {"wap-wsg-idm-ecid-wtls7","wap-wsg-idm-ecid-wtls7", - NID_wap_wsg_idm_ecid_wtls7,5,&(lvalues[4960]),0}, + NID_wap_wsg_idm_ecid_wtls7,5,&(lvalues[4970]),0}, {"wap-wsg-idm-ecid-wtls8","wap-wsg-idm-ecid-wtls8", - NID_wap_wsg_idm_ecid_wtls8,5,&(lvalues[4965]),0}, + NID_wap_wsg_idm_ecid_wtls8,5,&(lvalues[4975]),0}, {"wap-wsg-idm-ecid-wtls9","wap-wsg-idm-ecid-wtls9", - NID_wap_wsg_idm_ecid_wtls9,5,&(lvalues[4970]),0}, + NID_wap_wsg_idm_ecid_wtls9,5,&(lvalues[4980]),0}, {"wap-wsg-idm-ecid-wtls10","wap-wsg-idm-ecid-wtls10", - NID_wap_wsg_idm_ecid_wtls10,5,&(lvalues[4975]),0}, + NID_wap_wsg_idm_ecid_wtls10,5,&(lvalues[4985]),0}, {"wap-wsg-idm-ecid-wtls11","wap-wsg-idm-ecid-wtls11", - NID_wap_wsg_idm_ecid_wtls11,5,&(lvalues[4980]),0}, + NID_wap_wsg_idm_ecid_wtls11,5,&(lvalues[4990]),0}, {"wap-wsg-idm-ecid-wtls12","wap-wsg-idm-ecid-wtls12", - NID_wap_wsg_idm_ecid_wtls12,5,&(lvalues[4985]),0}, -{"anyPolicy","X509v3 Any Policy",NID_any_policy,4,&(lvalues[4990]),0}, + NID_wap_wsg_idm_ecid_wtls12,5,&(lvalues[4995]),0}, +{"anyPolicy","X509v3 Any Policy",NID_any_policy,4,&(lvalues[5000]),0}, {"policyMappings","X509v3 Policy Mappings",NID_policy_mappings,3, - &(lvalues[4994]),0}, + &(lvalues[5004]),0}, {"inhibitAnyPolicy","X509v3 Inhibit Any Policy", - NID_inhibit_any_policy,3,&(lvalues[4997]),0}, + NID_inhibit_any_policy,3,&(lvalues[5007]),0}, {"Oakley-EC2N-3","ipsec3",NID_ipsec3,0,NULL,0}, {"Oakley-EC2N-4","ipsec4",NID_ipsec4,0,NULL,0}, {"CAMELLIA-128-CBC","camellia-128-cbc",NID_camellia_128_cbc,11, - &(lvalues[5000]),0}, + &(lvalues[5010]),0}, {"CAMELLIA-192-CBC","camellia-192-cbc",NID_camellia_192_cbc,11, - &(lvalues[5011]),0}, + &(lvalues[5021]),0}, {"CAMELLIA-256-CBC","camellia-256-cbc",NID_camellia_256_cbc,11, - &(lvalues[5022]),0}, + &(lvalues[5032]),0}, {"CAMELLIA-128-ECB","camellia-128-ecb",NID_camellia_128_ecb,8, - &(lvalues[5033]),0}, + &(lvalues[5043]),0}, {"CAMELLIA-192-ECB","camellia-192-ecb",NID_camellia_192_ecb,8, - &(lvalues[5041]),0}, + &(lvalues[5051]),0}, {"CAMELLIA-256-ECB","camellia-256-ecb",NID_camellia_256_ecb,8, - &(lvalues[5049]),0}, + &(lvalues[5059]),0}, {"CAMELLIA-128-CFB","camellia-128-cfb",NID_camellia_128_cfb128,8, - &(lvalues[5057]),0}, + &(lvalues[5067]),0}, {"CAMELLIA-192-CFB","camellia-192-cfb",NID_camellia_192_cfb128,8, - &(lvalues[5065]),0}, + &(lvalues[5075]),0}, {"CAMELLIA-256-CFB","camellia-256-cfb",NID_camellia_256_cfb128,8, - &(lvalues[5073]),0}, + &(lvalues[5083]),0}, {"CAMELLIA-128-CFB1","camellia-128-cfb1",NID_camellia_128_cfb1,0,NULL,0}, {"CAMELLIA-192-CFB1","camellia-192-cfb1",NID_camellia_192_cfb1,0,NULL,0}, {"CAMELLIA-256-CFB1","camellia-256-cfb1",NID_camellia_256_cfb1,0,NULL,0}, @@ -2156,284 +2157,284 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ {"CAMELLIA-192-CFB8","camellia-192-cfb8",NID_camellia_192_cfb8,0,NULL,0}, {"CAMELLIA-256-CFB8","camellia-256-cfb8",NID_camellia_256_cfb8,0,NULL,0}, {"CAMELLIA-128-OFB","camellia-128-ofb",NID_camellia_128_ofb128,8, - &(lvalues[5081]),0}, + &(lvalues[5091]),0}, {"CAMELLIA-192-OFB","camellia-192-ofb",NID_camellia_192_ofb128,8, - &(lvalues[5089]),0}, + &(lvalues[5099]),0}, {"CAMELLIA-256-OFB","camellia-256-ofb",NID_camellia_256_ofb128,8, - &(lvalues[5097]),0}, + &(lvalues[5107]),0}, {"subjectDirectoryAttributes","X509v3 Subject Directory Attributes", - NID_subject_directory_attributes,3,&(lvalues[5105]),0}, + NID_subject_directory_attributes,3,&(lvalues[5115]),0}, {"issuingDistributionPoint","X509v3 Issuing Distrubution Point", - NID_issuing_distribution_point,3,&(lvalues[5108]),0}, + NID_issuing_distribution_point,3,&(lvalues[5118]),0}, {"certificateIssuer","X509v3 Certificate Issuer", - NID_certificate_issuer,3,&(lvalues[5111]),0}, + NID_certificate_issuer,3,&(lvalues[5121]),0}, {NULL,NULL,NID_undef,0,NULL,0}, -{"KISA","kisa",NID_kisa,6,&(lvalues[5114]),0}, +{"KISA","kisa",NID_kisa,6,&(lvalues[5124]),0}, {NULL,NULL,NID_undef,0,NULL,0}, {NULL,NULL,NID_undef,0,NULL,0}, -{"SEED-ECB","seed-ecb",NID_seed_ecb,8,&(lvalues[5120]),0}, -{"SEED-CBC","seed-cbc",NID_seed_cbc,8,&(lvalues[5128]),0}, -{"SEED-OFB","seed-ofb",NID_seed_ofb128,8,&(lvalues[5136]),0}, -{"SEED-CFB","seed-cfb",NID_seed_cfb128,8,&(lvalues[5144]),0}, -{"HMAC-MD5","hmac-md5",NID_hmac_md5,8,&(lvalues[5152]),0}, -{"HMAC-SHA1","hmac-sha1",NID_hmac_sha1,8,&(lvalues[5160]),0}, +{"SEED-ECB","seed-ecb",NID_seed_ecb,8,&(lvalues[5130]),0}, +{"SEED-CBC","seed-cbc",NID_seed_cbc,8,&(lvalues[5138]),0}, +{"SEED-OFB","seed-ofb",NID_seed_ofb128,8,&(lvalues[5146]),0}, +{"SEED-CFB","seed-cfb",NID_seed_cfb128,8,&(lvalues[5154]),0}, +{"HMAC-MD5","hmac-md5",NID_hmac_md5,8,&(lvalues[5162]),0}, +{"HMAC-SHA1","hmac-sha1",NID_hmac_sha1,8,&(lvalues[5170]),0}, {"id-PasswordBasedMAC","password based MAC",NID_id_PasswordBasedMAC,9, - &(lvalues[5168]),0}, + &(lvalues[5178]),0}, {"id-DHBasedMac","Diffie-Hellman based MAC",NID_id_DHBasedMac,9, - &(lvalues[5177]),0}, + &(lvalues[5187]),0}, {"id-it-suppLangTags","id-it-suppLangTags",NID_id_it_suppLangTags,8, - &(lvalues[5186]),0}, -{"caRepository","CA Repository",NID_caRepository,8,&(lvalues[5194]),0}, + &(lvalues[5196]),0}, +{"caRepository","CA Repository",NID_caRepository,8,&(lvalues[5204]),0}, {"id-smime-ct-compressedData","id-smime-ct-compressedData", - NID_id_smime_ct_compressedData,11,&(lvalues[5202]),0}, + NID_id_smime_ct_compressedData,11,&(lvalues[5212]),0}, {"id-ct-asciiTextWithCRLF","id-ct-asciiTextWithCRLF", - NID_id_ct_asciiTextWithCRLF,11,&(lvalues[5213]),0}, + NID_id_ct_asciiTextWithCRLF,11,&(lvalues[5223]),0}, {"id-aes128-wrap","id-aes128-wrap",NID_id_aes128_wrap,9, - &(lvalues[5224]),0}, + &(lvalues[5234]),0}, {"id-aes192-wrap","id-aes192-wrap",NID_id_aes192_wrap,9, - &(lvalues[5233]),0}, + &(lvalues[5243]),0}, {"id-aes256-wrap","id-aes256-wrap",NID_id_aes256_wrap,9, - &(lvalues[5242]),0}, + &(lvalues[5252]),0}, {"ecdsa-with-Recommended","ecdsa-with-Recommended", - NID_ecdsa_with_Recommended,7,&(lvalues[5251]),0}, + NID_ecdsa_with_Recommended,7,&(lvalues[5261]),0}, {"ecdsa-with-Specified","ecdsa-with-Specified", - NID_ecdsa_with_Specified,7,&(lvalues[5258]),0}, + NID_ecdsa_with_Specified,7,&(lvalues[5268]),0}, {"ecdsa-with-SHA224","ecdsa-with-SHA224",NID_ecdsa_with_SHA224,8, - &(lvalues[5265]),0}, + &(lvalues[5275]),0}, {"ecdsa-with-SHA256","ecdsa-with-SHA256",NID_ecdsa_with_SHA256,8, - &(lvalues[5273]),0}, + &(lvalues[5283]),0}, {"ecdsa-with-SHA384","ecdsa-with-SHA384",NID_ecdsa_with_SHA384,8, - &(lvalues[5281]),0}, + &(lvalues[5291]),0}, {"ecdsa-with-SHA512","ecdsa-with-SHA512",NID_ecdsa_with_SHA512,8, - &(lvalues[5289]),0}, -{"hmacWithMD5","hmacWithMD5",NID_hmacWithMD5,8,&(lvalues[5297]),0}, + &(lvalues[5299]),0}, +{"hmacWithMD5","hmacWithMD5",NID_hmacWithMD5,8,&(lvalues[5307]),0}, {"hmacWithSHA224","hmacWithSHA224",NID_hmacWithSHA224,8, - &(lvalues[5305]),0}, + &(lvalues[5315]),0}, {"hmacWithSHA256","hmacWithSHA256",NID_hmacWithSHA256,8, - &(lvalues[5313]),0}, + &(lvalues[5323]),0}, {"hmacWithSHA384","hmacWithSHA384",NID_hmacWithSHA384,8, - &(lvalues[5321]),0}, + &(lvalues[5331]),0}, {"hmacWithSHA512","hmacWithSHA512",NID_hmacWithSHA512,8, - &(lvalues[5329]),0}, + &(lvalues[5339]),0}, {"dsa_with_SHA224","dsa_with_SHA224",NID_dsa_with_SHA224,9, - &(lvalues[5337]),0}, + &(lvalues[5347]),0}, {"dsa_with_SHA256","dsa_with_SHA256",NID_dsa_with_SHA256,9, - &(lvalues[5346]),0}, -{"whirlpool","whirlpool",NID_whirlpool,6,&(lvalues[5355]),0}, -{"cryptopro","cryptopro",NID_cryptopro,5,&(lvalues[5361]),0}, -{"cryptocom","cryptocom",NID_cryptocom,5,&(lvalues[5366]),0}, + &(lvalues[5356]),0}, +{"whirlpool","whirlpool",NID_whirlpool,6,&(lvalues[5365]),0}, +{"cryptopro","cryptopro",NID_cryptopro,5,&(lvalues[5371]),0}, +{"cryptocom","cryptocom",NID_cryptocom,5,&(lvalues[5376]),0}, {"id-GostR3411-94-with-GostR3410-2001", "GOST R 34.11-94 with GOST R 34.10-2001", - NID_id_GostR3411_94_with_GostR3410_2001,6,&(lvalues[5371]),0}, + NID_id_GostR3411_94_with_GostR3410_2001,6,&(lvalues[5381]),0}, {"id-GostR3411-94-with-GostR3410-94", "GOST R 34.11-94 with GOST R 34.10-94", - NID_id_GostR3411_94_with_GostR3410_94,6,&(lvalues[5377]),0}, -{"md_gost94","GOST R 34.11-94",NID_id_GostR3411_94,6,&(lvalues[5383]),0}, + NID_id_GostR3411_94_with_GostR3410_94,6,&(lvalues[5387]),0}, +{"md_gost94","GOST R 34.11-94",NID_id_GostR3411_94,6,&(lvalues[5393]),0}, {"id-HMACGostR3411-94","HMAC GOST 34.11-94",NID_id_HMACGostR3411_94,6, - &(lvalues[5389]),0}, + &(lvalues[5399]),0}, {"gost2001","GOST R 34.10-2001",NID_id_GostR3410_2001,6, - &(lvalues[5395]),0}, -{"gost94","GOST R 34.10-94",NID_id_GostR3410_94,6,&(lvalues[5401]),0}, -{"gost89","GOST 28147-89",NID_id_Gost28147_89,6,&(lvalues[5407]),0}, + &(lvalues[5405]),0}, +{"gost94","GOST R 34.10-94",NID_id_GostR3410_94,6,&(lvalues[5411]),0}, +{"gost89","GOST 28147-89",NID_id_Gost28147_89,6,&(lvalues[5417]),0}, {"gost89-cnt","gost89-cnt",NID_gost89_cnt,0,NULL,0}, {"gost-mac","GOST 28147-89 MAC",NID_id_Gost28147_89_MAC,6, - &(lvalues[5413]),0}, + &(lvalues[5423]),0}, {"prf-gostr3411-94","GOST R 34.11-94 PRF",NID_id_GostR3411_94_prf,6, - &(lvalues[5419]),0}, + &(lvalues[5429]),0}, {"id-GostR3410-2001DH","GOST R 34.10-2001 DH",NID_id_GostR3410_2001DH, - 6,&(lvalues[5425]),0}, + 6,&(lvalues[5435]),0}, {"id-GostR3410-94DH","GOST R 34.10-94 DH",NID_id_GostR3410_94DH,6, - &(lvalues[5431]),0}, + &(lvalues[5441]),0}, {"id-Gost28147-89-CryptoPro-KeyMeshing", "id-Gost28147-89-CryptoPro-KeyMeshing", - NID_id_Gost28147_89_CryptoPro_KeyMeshing,7,&(lvalues[5437]),0}, + NID_id_Gost28147_89_CryptoPro_KeyMeshing,7,&(lvalues[5447]),0}, {"id-Gost28147-89-None-KeyMeshing","id-Gost28147-89-None-KeyMeshing", - NID_id_Gost28147_89_None_KeyMeshing,7,&(lvalues[5444]),0}, + NID_id_Gost28147_89_None_KeyMeshing,7,&(lvalues[5454]),0}, {"id-GostR3411-94-TestParamSet","id-GostR3411-94-TestParamSet", - NID_id_GostR3411_94_TestParamSet,7,&(lvalues[5451]),0}, + NID_id_GostR3411_94_TestParamSet,7,&(lvalues[5461]),0}, {"id-GostR3411-94-CryptoProParamSet", "id-GostR3411-94-CryptoProParamSet", - NID_id_GostR3411_94_CryptoProParamSet,7,&(lvalues[5458]),0}, + NID_id_GostR3411_94_CryptoProParamSet,7,&(lvalues[5468]),0}, {"id-Gost28147-89-TestParamSet","id-Gost28147-89-TestParamSet", - NID_id_Gost28147_89_TestParamSet,7,&(lvalues[5465]),0}, + NID_id_Gost28147_89_TestParamSet,7,&(lvalues[5475]),0}, {"id-Gost28147-89-CryptoPro-A-ParamSet", "id-Gost28147-89-CryptoPro-A-ParamSet", - NID_id_Gost28147_89_CryptoPro_A_ParamSet,7,&(lvalues[5472]),0}, + NID_id_Gost28147_89_CryptoPro_A_ParamSet,7,&(lvalues[5482]),0}, {"id-Gost28147-89-CryptoPro-B-ParamSet", "id-Gost28147-89-CryptoPro-B-ParamSet", - NID_id_Gost28147_89_CryptoPro_B_ParamSet,7,&(lvalues[5479]),0}, + NID_id_Gost28147_89_CryptoPro_B_ParamSet,7,&(lvalues[5489]),0}, {"id-Gost28147-89-CryptoPro-C-ParamSet", "id-Gost28147-89-CryptoPro-C-ParamSet", - NID_id_Gost28147_89_CryptoPro_C_ParamSet,7,&(lvalues[5486]),0}, + NID_id_Gost28147_89_CryptoPro_C_ParamSet,7,&(lvalues[5496]),0}, {"id-Gost28147-89-CryptoPro-D-ParamSet", "id-Gost28147-89-CryptoPro-D-ParamSet", - NID_id_Gost28147_89_CryptoPro_D_ParamSet,7,&(lvalues[5493]),0}, + NID_id_Gost28147_89_CryptoPro_D_ParamSet,7,&(lvalues[5503]),0}, {"id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet", "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet", - NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet,7,&(lvalues[5500]), + NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet,7,&(lvalues[5510]), 0}, {"id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet", "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet", - NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet,7,&(lvalues[5507]), + NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet,7,&(lvalues[5517]), 0}, {"id-Gost28147-89-CryptoPro-RIC-1-ParamSet", "id-Gost28147-89-CryptoPro-RIC-1-ParamSet", - NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet,7,&(lvalues[5514]),0}, + NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet,7,&(lvalues[5524]),0}, {"id-GostR3410-94-TestParamSet","id-GostR3410-94-TestParamSet", - NID_id_GostR3410_94_TestParamSet,7,&(lvalues[5521]),0}, + NID_id_GostR3410_94_TestParamSet,7,&(lvalues[5531]),0}, {"id-GostR3410-94-CryptoPro-A-ParamSet", "id-GostR3410-94-CryptoPro-A-ParamSet", - NID_id_GostR3410_94_CryptoPro_A_ParamSet,7,&(lvalues[5528]),0}, + NID_id_GostR3410_94_CryptoPro_A_ParamSet,7,&(lvalues[5538]),0}, {"id-GostR3410-94-CryptoPro-B-ParamSet", "id-GostR3410-94-CryptoPro-B-ParamSet", - NID_id_GostR3410_94_CryptoPro_B_ParamSet,7,&(lvalues[5535]),0}, + NID_id_GostR3410_94_CryptoPro_B_ParamSet,7,&(lvalues[5545]),0}, {"id-GostR3410-94-CryptoPro-C-ParamSet", "id-GostR3410-94-CryptoPro-C-ParamSet", - NID_id_GostR3410_94_CryptoPro_C_ParamSet,7,&(lvalues[5542]),0}, + NID_id_GostR3410_94_CryptoPro_C_ParamSet,7,&(lvalues[5552]),0}, {"id-GostR3410-94-CryptoPro-D-ParamSet", "id-GostR3410-94-CryptoPro-D-ParamSet", - NID_id_GostR3410_94_CryptoPro_D_ParamSet,7,&(lvalues[5549]),0}, + NID_id_GostR3410_94_CryptoPro_D_ParamSet,7,&(lvalues[5559]),0}, {"id-GostR3410-94-CryptoPro-XchA-ParamSet", "id-GostR3410-94-CryptoPro-XchA-ParamSet", - NID_id_GostR3410_94_CryptoPro_XchA_ParamSet,7,&(lvalues[5556]),0}, + NID_id_GostR3410_94_CryptoPro_XchA_ParamSet,7,&(lvalues[5566]),0}, {"id-GostR3410-94-CryptoPro-XchB-ParamSet", "id-GostR3410-94-CryptoPro-XchB-ParamSet", - NID_id_GostR3410_94_CryptoPro_XchB_ParamSet,7,&(lvalues[5563]),0}, + NID_id_GostR3410_94_CryptoPro_XchB_ParamSet,7,&(lvalues[5573]),0}, {"id-GostR3410-94-CryptoPro-XchC-ParamSet", "id-GostR3410-94-CryptoPro-XchC-ParamSet", - NID_id_GostR3410_94_CryptoPro_XchC_ParamSet,7,&(lvalues[5570]),0}, + NID_id_GostR3410_94_CryptoPro_XchC_ParamSet,7,&(lvalues[5580]),0}, {"id-GostR3410-2001-TestParamSet","id-GostR3410-2001-TestParamSet", - NID_id_GostR3410_2001_TestParamSet,7,&(lvalues[5577]),0}, + NID_id_GostR3410_2001_TestParamSet,7,&(lvalues[5587]),0}, {"id-GostR3410-2001-CryptoPro-A-ParamSet", "id-GostR3410-2001-CryptoPro-A-ParamSet", - NID_id_GostR3410_2001_CryptoPro_A_ParamSet,7,&(lvalues[5584]),0}, + NID_id_GostR3410_2001_CryptoPro_A_ParamSet,7,&(lvalues[5594]),0}, {"id-GostR3410-2001-CryptoPro-B-ParamSet", "id-GostR3410-2001-CryptoPro-B-ParamSet", - NID_id_GostR3410_2001_CryptoPro_B_ParamSet,7,&(lvalues[5591]),0}, + NID_id_GostR3410_2001_CryptoPro_B_ParamSet,7,&(lvalues[5601]),0}, {"id-GostR3410-2001-CryptoPro-C-ParamSet", "id-GostR3410-2001-CryptoPro-C-ParamSet", - NID_id_GostR3410_2001_CryptoPro_C_ParamSet,7,&(lvalues[5598]),0}, + NID_id_GostR3410_2001_CryptoPro_C_ParamSet,7,&(lvalues[5608]),0}, {"id-GostR3410-2001-CryptoPro-XchA-ParamSet", "id-GostR3410-2001-CryptoPro-XchA-ParamSet", - NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet,7,&(lvalues[5605]),0}, + NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet,7,&(lvalues[5615]),0}, {"id-GostR3410-2001-CryptoPro-XchB-ParamSet", "id-GostR3410-2001-CryptoPro-XchB-ParamSet", - NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet,7,&(lvalues[5612]),0}, + NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet,7,&(lvalues[5622]),0}, {"id-GostR3410-94-a","id-GostR3410-94-a",NID_id_GostR3410_94_a,7, - &(lvalues[5619]),0}, + &(lvalues[5629]),0}, {"id-GostR3410-94-aBis","id-GostR3410-94-aBis", - NID_id_GostR3410_94_aBis,7,&(lvalues[5626]),0}, + NID_id_GostR3410_94_aBis,7,&(lvalues[5636]),0}, {"id-GostR3410-94-b","id-GostR3410-94-b",NID_id_GostR3410_94_b,7, - &(lvalues[5633]),0}, + &(lvalues[5643]),0}, {"id-GostR3410-94-bBis","id-GostR3410-94-bBis", - NID_id_GostR3410_94_bBis,7,&(lvalues[5640]),0}, + NID_id_GostR3410_94_bBis,7,&(lvalues[5650]),0}, {"id-Gost28147-89-cc","GOST 28147-89 Cryptocom ParamSet", - NID_id_Gost28147_89_cc,8,&(lvalues[5647]),0}, + NID_id_Gost28147_89_cc,8,&(lvalues[5657]),0}, {"gost94cc","GOST 34.10-94 Cryptocom",NID_id_GostR3410_94_cc,8, - &(lvalues[5655]),0}, + &(lvalues[5665]),0}, {"gost2001cc","GOST 34.10-2001 Cryptocom",NID_id_GostR3410_2001_cc,8, - &(lvalues[5663]),0}, + &(lvalues[5673]),0}, {"id-GostR3411-94-with-GostR3410-94-cc", "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom", - NID_id_GostR3411_94_with_GostR3410_94_cc,8,&(lvalues[5671]),0}, + NID_id_GostR3411_94_with_GostR3410_94_cc,8,&(lvalues[5681]),0}, {"id-GostR3411-94-with-GostR3410-2001-cc", "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom", - NID_id_GostR3411_94_with_GostR3410_2001_cc,8,&(lvalues[5679]),0}, + NID_id_GostR3411_94_with_GostR3410_2001_cc,8,&(lvalues[5689]),0}, {"id-GostR3410-2001-ParamSet-cc", "GOST R 3410-2001 Parameter Set Cryptocom", - NID_id_GostR3410_2001_ParamSet_cc,8,&(lvalues[5687]),0}, + NID_id_GostR3410_2001_ParamSet_cc,8,&(lvalues[5697]),0}, {"HMAC","hmac",NID_hmac,0,NULL,0}, {"LocalKeySet","Microsoft Local Key set",NID_LocalKeySet,9, - &(lvalues[5695]),0}, + &(lvalues[5705]),0}, {"freshestCRL","X509v3 Freshest CRL",NID_freshest_crl,3, - &(lvalues[5704]),0}, + &(lvalues[5714]),0}, {"id-on-permanentIdentifier","Permanent Identifier", - NID_id_on_permanentIdentifier,8,&(lvalues[5707]),0}, -{"searchGuide","searchGuide",NID_searchGuide,3,&(lvalues[5715]),0}, + NID_id_on_permanentIdentifier,8,&(lvalues[5717]),0}, +{"searchGuide","searchGuide",NID_searchGuide,3,&(lvalues[5725]),0}, {"businessCategory","businessCategory",NID_businessCategory,3, - &(lvalues[5718]),0}, -{"postalAddress","postalAddress",NID_postalAddress,3,&(lvalues[5721]),0}, -{"postOfficeBox","postOfficeBox",NID_postOfficeBox,3,&(lvalues[5724]),0}, + &(lvalues[5728]),0}, +{"postalAddress","postalAddress",NID_postalAddress,3,&(lvalues[5731]),0}, +{"postOfficeBox","postOfficeBox",NID_postOfficeBox,3,&(lvalues[5734]),0}, {"physicalDeliveryOfficeName","physicalDeliveryOfficeName", - NID_physicalDeliveryOfficeName,3,&(lvalues[5727]),0}, + NID_physicalDeliveryOfficeName,3,&(lvalues[5737]),0}, {"telephoneNumber","telephoneNumber",NID_telephoneNumber,3, - &(lvalues[5730]),0}, -{"telexNumber","telexNumber",NID_telexNumber,3,&(lvalues[5733]),0}, + &(lvalues[5740]),0}, +{"telexNumber","telexNumber",NID_telexNumber,3,&(lvalues[5743]),0}, {"teletexTerminalIdentifier","teletexTerminalIdentifier", - NID_teletexTerminalIdentifier,3,&(lvalues[5736]),0}, + NID_teletexTerminalIdentifier,3,&(lvalues[5746]),0}, {"facsimileTelephoneNumber","facsimileTelephoneNumber", - NID_facsimileTelephoneNumber,3,&(lvalues[5739]),0}, -{"x121Address","x121Address",NID_x121Address,3,&(lvalues[5742]),0}, + NID_facsimileTelephoneNumber,3,&(lvalues[5749]),0}, +{"x121Address","x121Address",NID_x121Address,3,&(lvalues[5752]),0}, {"internationaliSDNNumber","internationaliSDNNumber", - NID_internationaliSDNNumber,3,&(lvalues[5745]),0}, + NID_internationaliSDNNumber,3,&(lvalues[5755]),0}, {"registeredAddress","registeredAddress",NID_registeredAddress,3, - &(lvalues[5748]),0}, + &(lvalues[5758]),0}, {"destinationIndicator","destinationIndicator", - NID_destinationIndicator,3,&(lvalues[5751]),0}, + NID_destinationIndicator,3,&(lvalues[5761]),0}, {"preferredDeliveryMethod","preferredDeliveryMethod", - NID_preferredDeliveryMethod,3,&(lvalues[5754]),0}, + NID_preferredDeliveryMethod,3,&(lvalues[5764]),0}, {"presentationAddress","presentationAddress",NID_presentationAddress, - 3,&(lvalues[5757]),0}, + 3,&(lvalues[5767]),0}, {"supportedApplicationContext","supportedApplicationContext", - NID_supportedApplicationContext,3,&(lvalues[5760]),0}, -{"member","member",NID_member,3,&(lvalues[5763]),0}, -{"owner","owner",NID_owner,3,&(lvalues[5766]),0}, -{"roleOccupant","roleOccupant",NID_roleOccupant,3,&(lvalues[5769]),0}, -{"seeAlso","seeAlso",NID_seeAlso,3,&(lvalues[5772]),0}, -{"userPassword","userPassword",NID_userPassword,3,&(lvalues[5775]),0}, + NID_supportedApplicationContext,3,&(lvalues[5770]),0}, +{"member","member",NID_member,3,&(lvalues[5773]),0}, +{"owner","owner",NID_owner,3,&(lvalues[5776]),0}, +{"roleOccupant","roleOccupant",NID_roleOccupant,3,&(lvalues[5779]),0}, +{"seeAlso","seeAlso",NID_seeAlso,3,&(lvalues[5782]),0}, +{"userPassword","userPassword",NID_userPassword,3,&(lvalues[5785]),0}, {"userCertificate","userCertificate",NID_userCertificate,3, - &(lvalues[5778]),0}, -{"cACertificate","cACertificate",NID_cACertificate,3,&(lvalues[5781]),0}, + &(lvalues[5788]),0}, +{"cACertificate","cACertificate",NID_cACertificate,3,&(lvalues[5791]),0}, {"authorityRevocationList","authorityRevocationList", - NID_authorityRevocationList,3,&(lvalues[5784]),0}, + NID_authorityRevocationList,3,&(lvalues[5794]),0}, {"certificateRevocationList","certificateRevocationList", - NID_certificateRevocationList,3,&(lvalues[5787]),0}, + NID_certificateRevocationList,3,&(lvalues[5797]),0}, {"crossCertificatePair","crossCertificatePair", - NID_crossCertificatePair,3,&(lvalues[5790]),0}, + NID_crossCertificatePair,3,&(lvalues[5800]),0}, {"enhancedSearchGuide","enhancedSearchGuide",NID_enhancedSearchGuide, - 3,&(lvalues[5793]),0}, + 3,&(lvalues[5803]),0}, {"protocolInformation","protocolInformation",NID_protocolInformation, - 3,&(lvalues[5796]),0}, + 3,&(lvalues[5806]),0}, {"distinguishedName","distinguishedName",NID_distinguishedName,3, - &(lvalues[5799]),0}, -{"uniqueMember","uniqueMember",NID_uniqueMember,3,&(lvalues[5802]),0}, + &(lvalues[5809]),0}, +{"uniqueMember","uniqueMember",NID_uniqueMember,3,&(lvalues[5812]),0}, {"houseIdentifier","houseIdentifier",NID_houseIdentifier,3, - &(lvalues[5805]),0}, + &(lvalues[5815]),0}, {"supportedAlgorithms","supportedAlgorithms",NID_supportedAlgorithms, - 3,&(lvalues[5808]),0}, + 3,&(lvalues[5818]),0}, {"deltaRevocationList","deltaRevocationList",NID_deltaRevocationList, - 3,&(lvalues[5811]),0}, -{"dmdName","dmdName",NID_dmdName,3,&(lvalues[5814]),0}, + 3,&(lvalues[5821]),0}, +{"dmdName","dmdName",NID_dmdName,3,&(lvalues[5824]),0}, {"id-alg-PWRI-KEK","id-alg-PWRI-KEK",NID_id_alg_PWRI_KEK,11, - &(lvalues[5817]),0}, + &(lvalues[5827]),0}, {"CMAC","cmac",NID_cmac,0,NULL,0}, -{"id-aes128-GCM","aes-128-gcm",NID_aes_128_gcm,9,&(lvalues[5828]),0}, -{"id-aes128-CCM","aes-128-ccm",NID_aes_128_ccm,9,&(lvalues[5837]),0}, +{"id-aes128-GCM","aes-128-gcm",NID_aes_128_gcm,9,&(lvalues[5838]),0}, +{"id-aes128-CCM","aes-128-ccm",NID_aes_128_ccm,9,&(lvalues[5847]),0}, {"id-aes128-wrap-pad","id-aes128-wrap-pad",NID_id_aes128_wrap_pad,9, - &(lvalues[5846]),0}, -{"id-aes192-GCM","aes-192-gcm",NID_aes_192_gcm,9,&(lvalues[5855]),0}, -{"id-aes192-CCM","aes-192-ccm",NID_aes_192_ccm,9,&(lvalues[5864]),0}, + &(lvalues[5856]),0}, +{"id-aes192-GCM","aes-192-gcm",NID_aes_192_gcm,9,&(lvalues[5865]),0}, +{"id-aes192-CCM","aes-192-ccm",NID_aes_192_ccm,9,&(lvalues[5874]),0}, {"id-aes192-wrap-pad","id-aes192-wrap-pad",NID_id_aes192_wrap_pad,9, - &(lvalues[5873]),0}, -{"id-aes256-GCM","aes-256-gcm",NID_aes_256_gcm,9,&(lvalues[5882]),0}, -{"id-aes256-CCM","aes-256-ccm",NID_aes_256_ccm,9,&(lvalues[5891]),0}, + &(lvalues[5883]),0}, +{"id-aes256-GCM","aes-256-gcm",NID_aes_256_gcm,9,&(lvalues[5892]),0}, +{"id-aes256-CCM","aes-256-ccm",NID_aes_256_ccm,9,&(lvalues[5901]),0}, {"id-aes256-wrap-pad","id-aes256-wrap-pad",NID_id_aes256_wrap_pad,9, - &(lvalues[5900]),0}, + &(lvalues[5910]),0}, {"AES-128-CTR","aes-128-ctr",NID_aes_128_ctr,0,NULL,0}, {"AES-192-CTR","aes-192-ctr",NID_aes_192_ctr,0,NULL,0}, {"AES-256-CTR","aes-256-ctr",NID_aes_256_ctr,0,NULL,0}, {"id-camellia128-wrap","id-camellia128-wrap",NID_id_camellia128_wrap, - 11,&(lvalues[5909]),0}, + 11,&(lvalues[5919]),0}, {"id-camellia192-wrap","id-camellia192-wrap",NID_id_camellia192_wrap, - 11,&(lvalues[5920]),0}, + 11,&(lvalues[5930]),0}, {"id-camellia256-wrap","id-camellia256-wrap",NID_id_camellia256_wrap, - 11,&(lvalues[5931]),0}, + 11,&(lvalues[5941]),0}, {"anyExtendedKeyUsage","Any Extended Key Usage", - NID_anyExtendedKeyUsage,4,&(lvalues[5942]),0}, -{"MGF1","mgf1",NID_mgf1,9,&(lvalues[5946]),0}, -{"RSASSA-PSS","rsassaPss",NID_rsassaPss,9,&(lvalues[5955]),0}, + NID_anyExtendedKeyUsage,4,&(lvalues[5952]),0}, +{"MGF1","mgf1",NID_mgf1,9,&(lvalues[5956]),0}, +{"RSASSA-PSS","rsassaPss",NID_rsassaPss,9,&(lvalues[5965]),0}, {"AES-128-XTS","aes-128-xts",NID_aes_128_xts,0,NULL,0}, {"AES-256-XTS","aes-256-xts",NID_aes_256_xts,0,NULL,0}, {"RC4-HMAC-MD5","rc4-hmac-md5",NID_rc4_hmac_md5,0,NULL,0}, @@ -2443,67 +2444,67 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ NID_aes_192_cbc_hmac_sha1,0,NULL,0}, {"AES-256-CBC-HMAC-SHA1","aes-256-cbc-hmac-sha1", NID_aes_256_cbc_hmac_sha1,0,NULL,0}, -{"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5964]),0}, -{"dhpublicnumber","X9.42 DH",NID_dhpublicnumber,7,&(lvalues[5973]),0}, +{"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5974]),0}, +{"dhpublicnumber","X9.42 DH",NID_dhpublicnumber,7,&(lvalues[5983]),0}, {"brainpoolP160r1","brainpoolP160r1",NID_brainpoolP160r1,9, - &(lvalues[5980]),0}, + &(lvalues[5990]),0}, {"brainpoolP160t1","brainpoolP160t1",NID_brainpoolP160t1,9, - &(lvalues[5989]),0}, + &(lvalues[5999]),0}, {"brainpoolP192r1","brainpoolP192r1",NID_brainpoolP192r1,9, - &(lvalues[5998]),0}, + &(lvalues[6008]),0}, {"brainpoolP192t1","brainpoolP192t1",NID_brainpoolP192t1,9, - &(lvalues[6007]),0}, + &(lvalues[6017]),0}, {"brainpoolP224r1","brainpoolP224r1",NID_brainpoolP224r1,9, - &(lvalues[6016]),0}, + &(lvalues[6026]),0}, {"brainpoolP224t1","brainpoolP224t1",NID_brainpoolP224t1,9, - &(lvalues[6025]),0}, + &(lvalues[6035]),0}, {"brainpoolP256r1","brainpoolP256r1",NID_brainpoolP256r1,9, - &(lvalues[6034]),0}, + &(lvalues[6044]),0}, {"brainpoolP256t1","brainpoolP256t1",NID_brainpoolP256t1,9, - &(lvalues[6043]),0}, + &(lvalues[6053]),0}, {"brainpoolP320r1","brainpoolP320r1",NID_brainpoolP320r1,9, - &(lvalues[6052]),0}, + &(lvalues[6062]),0}, {"brainpoolP320t1","brainpoolP320t1",NID_brainpoolP320t1,9, - &(lvalues[6061]),0}, + &(lvalues[6071]),0}, {"brainpoolP384r1","brainpoolP384r1",NID_brainpoolP384r1,9, - &(lvalues[6070]),0}, + &(lvalues[6080]),0}, {"brainpoolP384t1","brainpoolP384t1",NID_brainpoolP384t1,9, - &(lvalues[6079]),0}, + &(lvalues[6089]),0}, {"brainpoolP512r1","brainpoolP512r1",NID_brainpoolP512r1,9, - &(lvalues[6088]),0}, + &(lvalues[6098]),0}, {"brainpoolP512t1","brainpoolP512t1",NID_brainpoolP512t1,9, - &(lvalues[6097]),0}, -{"PSPECIFIED","pSpecified",NID_pSpecified,9,&(lvalues[6106]),0}, + &(lvalues[6107]),0}, +{"PSPECIFIED","pSpecified",NID_pSpecified,9,&(lvalues[6116]),0}, {"dhSinglePass-stdDH-sha1kdf-scheme", "dhSinglePass-stdDH-sha1kdf-scheme", - NID_dhSinglePass_stdDH_sha1kdf_scheme,9,&(lvalues[6115]),0}, + NID_dhSinglePass_stdDH_sha1kdf_scheme,9,&(lvalues[6125]),0}, {"dhSinglePass-stdDH-sha224kdf-scheme", "dhSinglePass-stdDH-sha224kdf-scheme", - NID_dhSinglePass_stdDH_sha224kdf_scheme,6,&(lvalues[6124]),0}, + NID_dhSinglePass_stdDH_sha224kdf_scheme,6,&(lvalues[6134]),0}, {"dhSinglePass-stdDH-sha256kdf-scheme", "dhSinglePass-stdDH-sha256kdf-scheme", - NID_dhSinglePass_stdDH_sha256kdf_scheme,6,&(lvalues[6130]),0}, + NID_dhSinglePass_stdDH_sha256kdf_scheme,6,&(lvalues[6140]),0}, {"dhSinglePass-stdDH-sha384kdf-scheme", "dhSinglePass-stdDH-sha384kdf-scheme", - NID_dhSinglePass_stdDH_sha384kdf_scheme,6,&(lvalues[6136]),0}, + NID_dhSinglePass_stdDH_sha384kdf_scheme,6,&(lvalues[6146]),0}, {"dhSinglePass-stdDH-sha512kdf-scheme", "dhSinglePass-stdDH-sha512kdf-scheme", - NID_dhSinglePass_stdDH_sha512kdf_scheme,6,&(lvalues[6142]),0}, + NID_dhSinglePass_stdDH_sha512kdf_scheme,6,&(lvalues[6152]),0}, {"dhSinglePass-cofactorDH-sha1kdf-scheme", "dhSinglePass-cofactorDH-sha1kdf-scheme", - NID_dhSinglePass_cofactorDH_sha1kdf_scheme,9,&(lvalues[6148]),0}, + NID_dhSinglePass_cofactorDH_sha1kdf_scheme,9,&(lvalues[6158]),0}, {"dhSinglePass-cofactorDH-sha224kdf-scheme", "dhSinglePass-cofactorDH-sha224kdf-scheme", - NID_dhSinglePass_cofactorDH_sha224kdf_scheme,6,&(lvalues[6157]),0}, + NID_dhSinglePass_cofactorDH_sha224kdf_scheme,6,&(lvalues[6167]),0}, {"dhSinglePass-cofactorDH-sha256kdf-scheme", "dhSinglePass-cofactorDH-sha256kdf-scheme", - NID_dhSinglePass_cofactorDH_sha256kdf_scheme,6,&(lvalues[6163]),0}, + NID_dhSinglePass_cofactorDH_sha256kdf_scheme,6,&(lvalues[6173]),0}, {"dhSinglePass-cofactorDH-sha384kdf-scheme", "dhSinglePass-cofactorDH-sha384kdf-scheme", - NID_dhSinglePass_cofactorDH_sha384kdf_scheme,6,&(lvalues[6169]),0}, + NID_dhSinglePass_cofactorDH_sha384kdf_scheme,6,&(lvalues[6179]),0}, {"dhSinglePass-cofactorDH-sha512kdf-scheme", "dhSinglePass-cofactorDH-sha512kdf-scheme", - NID_dhSinglePass_cofactorDH_sha512kdf_scheme,6,&(lvalues[6175]),0}, + NID_dhSinglePass_cofactorDH_sha512kdf_scheme,6,&(lvalues[6185]),0}, {"dh-std-kdf","dh-std-kdf",NID_dh_std_kdf,0,NULL,0}, {"dh-cofactor-kdf","dh-cofactor-kdf",NID_dh_cofactor_kdf,0,NULL,0}, {"AES-128-CBC-HMAC-SHA256","aes-128-cbc-hmac-sha256", @@ -2513,46 +2514,46 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ {"AES-256-CBC-HMAC-SHA256","aes-256-cbc-hmac-sha256", NID_aes_256_cbc_hmac_sha256,0,NULL,0}, {"ct_precert_scts","CT Precertificate SCTs",NID_ct_precert_scts,10, - &(lvalues[6181]),0}, + &(lvalues[6191]),0}, {"ct_precert_poison","CT Precertificate Poison",NID_ct_precert_poison, - 10,&(lvalues[6191]),0}, -{"ct_precert_signer","CT Precertificate Signer",NID_ct_precert_signer, 10,&(lvalues[6201]),0}, +{"ct_precert_signer","CT Precertificate Signer",NID_ct_precert_signer, + 10,&(lvalues[6211]),0}, {"ct_cert_scts","CT Certificate SCTs",NID_ct_cert_scts,10, - &(lvalues[6211]),0}, + &(lvalues[6221]),0}, {"jurisdictionL","jurisdictionLocalityName", - NID_jurisdictionLocalityName,11,&(lvalues[6221]),0}, + NID_jurisdictionLocalityName,11,&(lvalues[6231]),0}, {"jurisdictionST","jurisdictionStateOrProvinceName", - NID_jurisdictionStateOrProvinceName,11,&(lvalues[6232]),0}, + NID_jurisdictionStateOrProvinceName,11,&(lvalues[6242]),0}, {"jurisdictionC","jurisdictionCountryName", - NID_jurisdictionCountryName,11,&(lvalues[6243]),0}, + NID_jurisdictionCountryName,11,&(lvalues[6253]),0}, {"AES-128-OCB","aes-128-ocb",NID_aes_128_ocb,0,NULL,0}, {"AES-192-OCB","aes-192-ocb",NID_aes_192_ocb,0,NULL,0}, {"AES-256-OCB","aes-256-ocb",NID_aes_256_ocb,0,NULL,0}, {"CAMELLIA-128-GCM","camellia-128-gcm",NID_camellia_128_gcm,8, - &(lvalues[6254]),0}, + &(lvalues[6264]),0}, {"CAMELLIA-128-CCM","camellia-128-ccm",NID_camellia_128_ccm,8, - &(lvalues[6262]),0}, + &(lvalues[6272]),0}, {"CAMELLIA-128-CTR","camellia-128-ctr",NID_camellia_128_ctr,8, - &(lvalues[6270]),0}, + &(lvalues[6280]),0}, {"CAMELLIA-128-CMAC","camellia-128-cmac",NID_camellia_128_cmac,8, - &(lvalues[6278]),0}, + &(lvalues[6288]),0}, {"CAMELLIA-192-GCM","camellia-192-gcm",NID_camellia_192_gcm,8, - &(lvalues[6286]),0}, + &(lvalues[6296]),0}, {"CAMELLIA-192-CCM","camellia-192-ccm",NID_camellia_192_ccm,8, - &(lvalues[6294]),0}, + &(lvalues[6304]),0}, {"CAMELLIA-192-CTR","camellia-192-ctr",NID_camellia_192_ctr,8, - &(lvalues[6302]),0}, + &(lvalues[6312]),0}, {"CAMELLIA-192-CMAC","camellia-192-cmac",NID_camellia_192_cmac,8, - &(lvalues[6310]),0}, + &(lvalues[6320]),0}, {"CAMELLIA-256-GCM","camellia-256-gcm",NID_camellia_256_gcm,8, - &(lvalues[6318]),0}, + &(lvalues[6328]),0}, {"CAMELLIA-256-CCM","camellia-256-ccm",NID_camellia_256_ccm,8, - &(lvalues[6326]),0}, + &(lvalues[6336]),0}, {"CAMELLIA-256-CTR","camellia-256-ctr",NID_camellia_256_ctr,8, - &(lvalues[6334]),0}, + &(lvalues[6344]),0}, {"CAMELLIA-256-CMAC","camellia-256-cmac",NID_camellia_256_cmac,8, - &(lvalues[6342]),0}, + &(lvalues[6352]),0}, }; static const unsigned int sn_objs[NUM_SN]={ @@ -3497,6 +3498,7 @@ static const unsigned int sn_objs[NUM_SN]={ 682, /* "tpBasis" */ 375, /* "trustRoot" */ 436, /* "ucl" */ +102, /* "uid" */ 888, /* "uniqueMember" */ 55, /* "unstructuredAddress" */ 49, /* "unstructuredName" */ @@ -4464,6 +4466,7 @@ static const unsigned int ln_objs[NUM_LN]={ 682, /* "tpBasis" */ 436, /* "ucl" */ 0, /* "undefined" */ +102, /* "uniqueIdentifier" */ 888, /* "uniqueMember" */ 55, /* "unstructuredAddress" */ 49, /* "unstructuredName" */ @@ -5258,6 +5261,7 @@ static const unsigned int obj_objs[NUM_OBJ]={ 488, /* OBJ_mobileTelephoneNumber 0 9 2342 19200300 100 1 41 */ 489, /* OBJ_pagerTelephoneNumber 0 9 2342 19200300 100 1 42 */ 490, /* OBJ_friendlyCountryName 0 9 2342 19200300 100 1 43 */ +102, /* OBJ_uniqueIdentifier 0 9 2342 19200300 100 1 44 */ 491, /* OBJ_organizationalStatus 0 9 2342 19200300 100 1 45 */ 492, /* OBJ_janetMailbox 0 9 2342 19200300 100 1 46 */ 493, /* OBJ_mailPreferenceOption 0 9 2342 19200300 100 1 47 */ diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h index e314f5c..9d37396 100644 --- a/crypto/objects/obj_mac.h +++ b/crypto/objects/obj_mac.h @@ -3075,6 +3075,11 @@ #define NID_friendlyCountryName 490 #define OBJ_friendlyCountryName OBJ_pilotAttributeType,43L +#define SN_uniqueIdentifier "uid" +#define LN_uniqueIdentifier "uniqueIdentifier" +#define NID_uniqueIdentifier 102 +#define OBJ_uniqueIdentifier OBJ_pilotAttributeType,44L + #define LN_organizationalStatus "organizationalStatus" #define NID_organizationalStatus 491 #define OBJ_organizationalStatus OBJ_pilotAttributeType,45L diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index ee38910..2bcaf83 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -988,8 +988,7 @@ pilotAttributeType 40 : : personalTitle pilotAttributeType 41 : : mobileTelephoneNumber pilotAttributeType 42 : : pagerTelephoneNumber pilotAttributeType 43 : : friendlyCountryName -# The following clashes with 2.5.4.45, so commented away -#pilotAttributeType 44 : uid : uniqueIdentifier +pilotAttributeType 44 : uid : uniqueIdentifier pilotAttributeType 45 : : organizationalStatus pilotAttributeType 46 : : janetMailbox pilotAttributeType 47 : : mailPreferenceOption From levitte at openssl.org Fri Feb 13 12:39:39 2015 From: levitte at openssl.org (Richard Levitte) Date: Fri, 13 Feb 2015 13:39:39 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150213123939.512C91DF1AB@butler.localdomain> The branch master has been updated via 774ccae63c3a41a3f0762cbc818271d3ef9f369f (commit) from c81f425eaa09dcf3f1f55a008c0486d7b742f20d (commit) - Log ----------------------------------------------------------------- commit 774ccae63c3a41a3f0762cbc818271d3ef9f369f Author: Richard Levitte Date: Thu Feb 12 13:16:20 2015 +0100 Transfer a fix from 1.0.1 manually picked from e7b85bc40200961984925604ca444517359a6067 Reviewed-by: Stephen Henson ----------------------------------------------------------------------- Summary of changes: engines/ccgost/gost_eng.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/engines/ccgost/gost_eng.c b/engines/ccgost/gost_eng.c index 971a1ed..5924791 100644 --- a/engines/ccgost/gost_eng.c +++ b/engines/ccgost/gost_eng.c @@ -76,6 +76,10 @@ static int bind_gost(ENGINE *e, const char *id) int ret = 0; if (id && strcmp(id, engine_gost_id)) return 0; + if (ameth_GostR3410_94) { + printf("GOST engine already loaded\n"); + goto end; + } if (!ENGINE_set_id(e, engine_gost_id)) { printf("ENGINE_set_id failed\n"); From levitte at openssl.org Fri Feb 13 12:41:10 2015 From: levitte at openssl.org (Richard Levitte) Date: Fri, 13 Feb 2015 13:41:10 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150213124110.176341DF1AB@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via 681da86ebb46ef9ef769d0ea4ea61987ca4e96bc (commit) from 872f91c4036e35d292d423e751741ba76f8c5594 (commit) - Log ----------------------------------------------------------------- commit 681da86ebb46ef9ef769d0ea4ea61987ca4e96bc Author: Richard Levitte Date: Thu Feb 12 13:16:20 2015 +0100 Transfer a fix from 1.0.1 manually picked from e7b85bc40200961984925604ca444517359a6067 Reviewed-by: Stephen Henson (cherry picked from commit 774ccae63c3a41a3f0762cbc818271d3ef9f369f) ----------------------------------------------------------------------- Summary of changes: engines/ccgost/gost_eng.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/engines/ccgost/gost_eng.c b/engines/ccgost/gost_eng.c index 971a1ed..5924791 100644 --- a/engines/ccgost/gost_eng.c +++ b/engines/ccgost/gost_eng.c @@ -76,6 +76,10 @@ static int bind_gost(ENGINE *e, const char *id) int ret = 0; if (id && strcmp(id, engine_gost_id)) return 0; + if (ameth_GostR3410_94) { + printf("GOST engine already loaded\n"); + goto end; + } if (!ENGINE_set_id(e, engine_gost_id)) { printf("ENGINE_set_id failed\n"); From steve at openssl.org Fri Feb 13 13:29:45 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Fri, 13 Feb 2015 14:29:45 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150213132945.692A11DF1AB@butler.localdomain> The branch master has been updated via d5ec8efc70d3f9197dd6965d959de7dcda784459 (commit) via b9d4e97c873873340027b47437b09a51bf8ad3d5 (commit) via 5824cc298174d462c827cd090675e30fc03f0caf (commit) via 16cb8eb0139379f122d3bf3bedb0c5a43e70a30a (commit) via b8c792dc43cbb8585dd5ee90a8b07bc11f6f10f5 (commit) via 83251f397b6a4226b9b73ab52666d4999c21512e (commit) via eff1a4d24f3f23b48984b7b60d4c343a3a995f38 (commit) via 6906a7c1a34d753b783cb38083bf95f417fef684 (commit) from 774ccae63c3a41a3f0762cbc818271d3ef9f369f (commit) - Log ----------------------------------------------------------------- commit d5ec8efc70d3f9197dd6965d959de7dcda784459 Author: Dr. Stephen Henson Date: Thu Feb 12 16:34:10 2015 +0000 Add leak detection, fix leaks. Reviewed-by: Richard Levitte commit b9d4e97c873873340027b47437b09a51bf8ad3d5 Author: Dr. Stephen Henson Date: Thu Feb 12 15:30:48 2015 +0000 Add EVP_PKEY test data. Add some EVP_PKEY test data for sign and verify tests including failure cases. Reviewed-by: Richard Levitte commit 5824cc298174d462c827cd090675e30fc03f0caf Author: Dr. Stephen Henson Date: Wed Feb 11 17:15:51 2015 +0000 EVP_PKEY support for evp_test Add two new keywords "PublicKey" and "PrivateKey". These will load a key in PEM format from the lines immediately following the keyword and assign it a name according to the value. These will be used later for public and private key testing operations. Add tests for Sign, Verify, VerifyRecover and Decrypt. Reviewed-by: Richard Levitte commit 16cb8eb0139379f122d3bf3bedb0c5a43e70a30a Author: Dr. Stephen Henson Date: Tue Feb 10 18:33:05 2015 +0000 Add CMAC test data. Reviewed-by: Richard Levitte commit b8c792dc43cbb8585dd5ee90a8b07bc11f6f10f5 Author: Dr. Stephen Henson Date: Tue Feb 10 15:53:12 2015 +0000 Add HMAC test data. Reviewed-by: Richard Levitte commit 83251f397b6a4226b9b73ab52666d4999c21512e Author: Dr. Stephen Henson Date: Tue Feb 10 13:44:17 2015 +0000 MAC support for evp_test Reviewed-by: Richard Levitte commit eff1a4d24f3f23b48984b7b60d4c343a3a995f38 Author: Dr. Stephen Henson Date: Tue Feb 10 18:06:56 2015 +0000 New macro to set mac key. Reviewed-by: Richard Levitte commit 6906a7c1a34d753b783cb38083bf95f417fef684 Author: Dr. Stephen Henson Date: Tue Feb 10 15:53:56 2015 +0000 Return error code is any tests fail. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/evp/evp.h | 4 + crypto/evp/evp_test.c | 460 ++++++++++++++++++++++++++++++++++++++++++++++- crypto/evp/evptests.txt | 259 +++++++++++++++++++++++++- crypto/evp/pmeth_gn.c | 4 +- 4 files changed, 716 insertions(+), 11 deletions(-) diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 0dbd420..2e9f83f 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -1198,6 +1198,10 @@ void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \ EVP_PKEY_CTRL_GET_MD, 0, (void *)pmd) +# define EVP_PKEY_CTX_set_mac_key(ctx, key, len) \ + EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_SET_MAC_KEY, len, (void *)key) + # define EVP_PKEY_CTRL_MD 1 # define EVP_PKEY_CTRL_PEER_KEY 2 diff --git a/crypto/evp/evp_test.c b/crypto/evp/evp_test.c index 686ca7c..78e8b70 100644 --- a/crypto/evp/evp_test.c +++ b/crypto/evp/evp_test.c @@ -57,6 +57,7 @@ #include #include #include +#include #include #include @@ -134,6 +135,18 @@ static int test_bin(const char *value, unsigned char **buf, size_t *buflen) *buflen = 0; return 1; } + /* Check for string literal */ + if (value[0] == '"') { + size_t vlen; + value++; + vlen = strlen(value); + if (value[vlen - 1] != '"') + return 0; + vlen--; + *buf = BUF_memdup(value, vlen); + *buflen = vlen; + return 1; + } *buf = string_to_hex(value, &len); if (!*buf) { fprintf(stderr, "Value=%s\n", value); @@ -147,6 +160,11 @@ static int test_bin(const char *value, unsigned char **buf, size_t *buflen) /* Structure holding test information */ struct evp_test { + /* file being read */ + FILE *in; + /* List of public and private keys */ + struct key_list *private; + struct key_list *public; /* method for this test */ const struct evp_test_method *meth; /* current line being processed */ @@ -168,6 +186,13 @@ struct evp_test { /* test specific data */ void *data; }; + +struct key_list { + char *name; + EVP_PKEY *key; + struct key_list *next; +}; + /* Test method structure */ struct evp_test_method { /* Name of test as it appears in file */ @@ -183,12 +208,20 @@ struct evp_test_method { }; static const struct evp_test_method digest_test_method, cipher_test_method; -static const struct evp_test_method aead_test_method; +static const struct evp_test_method aead_test_method, mac_test_method; +static const struct evp_test_method psign_test_method, pverify_test_method; +static const struct evp_test_method pdecrypt_test_method; +static const struct evp_test_method pverify_recover_test_method; static const struct evp_test_method *evp_test_list[] = { &digest_test_method, &cipher_test_method, - NULL, + &mac_test_method, + &psign_test_method, + &pverify_test_method, + &pdecrypt_test_method, + &pverify_recover_test_method, + NULL }; static const struct evp_test_method *evp_find_test(const char *name) @@ -265,11 +298,8 @@ static int setup_test(struct evp_test *t, const struct evp_test_method *tmeth) } ERR_clear_error(); t->meth->cleanup(t); - /* If new test type free old data */ - if (tmeth != t->meth && t->data) { - OPENSSL_free(t->data); - t->data = NULL; - } + OPENSSL_free(t->data); + t->data = NULL; if (t->expected_err) { OPENSSL_free(t->expected_err); t->expected_err = NULL; @@ -279,15 +309,84 @@ static int setup_test(struct evp_test *t, const struct evp_test_method *tmeth) return 1; } +static EVP_PKEY *find_key(const char *name, struct key_list *lst) +{ + for (; lst; lst = lst->next) { + if (!strcmp(lst->name, name)) + return lst->key; + } + return NULL; +} + +static void free_key_list(struct key_list *lst) +{ + while (lst != NULL) { + struct key_list *ltmp; + EVP_PKEY_free(lst->key); + OPENSSL_free(lst->name); + ltmp = lst->next; + OPENSSL_free(lst); + lst = ltmp; + } +} + static int process_test(struct evp_test *t, char *buf, int verbose) { char *keyword, *value; int rv = 0; + long save_pos; + struct key_list **lst, *key; + EVP_PKEY *pk = NULL; const struct evp_test_method *tmeth; if (verbose) fputs(buf, stdout); if (!parse_line(&keyword, &value, buf)) return 1; + if (!strcmp(keyword, "PrivateKey")) { + save_pos = ftell(t->in); + pk = PEM_read_PrivateKey(t->in, NULL, 0, NULL); + if (pk == NULL) { + fprintf(stderr, "Error reading private key %s\n", value); + ERR_print_errors_fp(stderr); + return 0; + } + lst = &t->private; + } + if (!strcmp(keyword, "PublicKey")) { + save_pos = ftell(t->in); + pk = PEM_read_PUBKEY(t->in, NULL, 0, NULL); + if (pk == NULL) { + fprintf(stderr, "Error reading public key %s\n", value); + ERR_print_errors_fp(stderr); + return 0; + } + lst = &t->public; + } + /* If we have a key add to list */ + if (pk) { + char tmpbuf[80]; + if (find_key(value, *lst)) { + fprintf(stderr, "Duplicate key %s\n", value); + return 0; + } + key = OPENSSL_malloc(sizeof(struct key_list)); + if (!key) + return 0; + key->name = BUF_strdup(value); + key->key = pk; + key->next = *lst; + *lst = key; + /* Rewind input, read to end and update line numbers */ + fseek(t->in, save_pos, SEEK_SET); + while (fgets(tmpbuf, sizeof(tmpbuf), t->in)) { + t->line++; + if (!strncmp(tmpbuf, "-----END", 8)) + return 1; + } + fprintf(stderr, "Can't find key end\n"); + return 0; + } + /* See if keyword corresponds to a test start */ tmeth = evp_find_test(keyword); if (tmeth) { @@ -351,9 +450,13 @@ int main(int argc, char **argv) return 1; } + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); t.meth = NULL; + t.public = NULL; + t.private = NULL; t.err = NULL; t.line = 0; t.start_line = -1; @@ -363,6 +466,7 @@ int main(int argc, char **argv) t.out_got = NULL; t.out_len = 0; in = fopen(argv[1], "r"); + t.in = in; while (fgets(buf, sizeof(buf), in)) { t.line++; if (!process_test(&t, buf, 0)) @@ -373,7 +477,16 @@ int main(int argc, char **argv) exit(1); fprintf(stderr, "%d tests completed with %d errors\n", t.ntests, t.errors); + free_key_list(t.public); + free_key_list(t.private); fclose(in); + EVP_cleanup(); + CRYPTO_cleanup_all_ex_data(); + ERR_remove_thread_state(NULL); + ERR_free_strings(); + CRYPTO_mem_leaks_fp(stderr); + if (t.errors) + return 1; return 0; } @@ -735,3 +848,336 @@ static const struct evp_test_method cipher_test_method = { cipher_test_parse, cipher_test_run }; + +struct mac_data { + /* MAC type */ + int type; + /* Algorithm string for this MAC */ + char *alg; + /* MAC key */ + unsigned char *key; + size_t key_len; + /* Input to MAC */ + unsigned char *input; + size_t input_len; + /* Expected output */ + unsigned char *output; + size_t output_len; +}; + +static int mac_test_init(struct evp_test *t, const char *alg) +{ + int type; + struct mac_data *mdat; + if (!strcmp(alg, "HMAC")) + type = EVP_PKEY_HMAC; + else if (!strcmp(alg, "CMAC")) + type = EVP_PKEY_CMAC; + else + return 0; + + mdat = OPENSSL_malloc(sizeof(struct mac_data)); + mdat->type = type; + mdat->alg = NULL; + mdat->key = NULL; + mdat->input = NULL; + mdat->output = NULL; + t->data = mdat; + return 1; +} + +static void mac_test_cleanup(struct evp_test *t) +{ + struct mac_data *mdat = t->data; + test_free(mdat->alg); + test_free(mdat->key); + test_free(mdat->input); + test_free(mdat->output); +} + +static int mac_test_parse(struct evp_test *t, + const char *keyword, const char *value) +{ + struct mac_data *mdata = t->data; + if (!strcmp(keyword, "Key")) + return test_bin(value, &mdata->key, &mdata->key_len); + if (!strcmp(keyword, "Algorithm")) { + mdata->alg = BUF_strdup(value); + if (!mdata->alg) + return 0; + return 1; + } + if (!strcmp(keyword, "Input")) + return test_bin(value, &mdata->input, &mdata->input_len); + if (!strcmp(keyword, "Output")) + return test_bin(value, &mdata->output, &mdata->output_len); + return 0; +} + +static int mac_test_run(struct evp_test *t) +{ + struct mac_data *mdata = t->data; + const char *err = "INTERNAL_ERROR"; + EVP_MD_CTX *mctx = NULL; + EVP_PKEY_CTX *pctx = NULL, *genctx = NULL; + EVP_PKEY *key = NULL; + const EVP_MD *md = NULL; + unsigned char *mac = NULL; + size_t mac_len; + + err = "MAC_PKEY_CTX_ERROR"; + genctx = EVP_PKEY_CTX_new_id(mdata->type, NULL); + if (!genctx) + goto err; + + err = "MAC_KEYGEN_INIT_ERROR"; + if (EVP_PKEY_keygen_init(genctx) <= 0) + goto err; + if (mdata->type == EVP_PKEY_CMAC) { + err = "MAC_ALGORITHM_SET_ERROR"; + if (EVP_PKEY_CTX_ctrl_str(genctx, "cipher", mdata->alg) <= 0) + goto err; + } + + err = "MAC_KEY_SET_ERROR"; + if (EVP_PKEY_CTX_set_mac_key(genctx, mdata->key, mdata->key_len) <= 0) + goto err; + + err = "MAC_KEY_GENERATE_ERROR"; + if (EVP_PKEY_keygen(genctx, &key) <= 0) + goto err; + if (mdata->type == EVP_PKEY_HMAC) { + err = "MAC_ALGORITHM_SET_ERROR"; + md = EVP_get_digestbyname(mdata->alg); + if (!md) + goto err; + } + mctx = EVP_MD_CTX_create(); + if (!mctx) + goto err; + err = "DIGESTSIGNINIT_ERROR"; + if (!EVP_DigestSignInit(mctx, &pctx, md, NULL, key)) + goto err; + + err = "DIGESTSIGNUPDATE_ERROR"; + if (!EVP_DigestSignUpdate(mctx, mdata->input, mdata->input_len)) + goto err; + err = "DIGESTSIGNFINAL_LENGTH_ERROR"; + if (!EVP_DigestSignFinal(mctx, NULL, &mac_len)) + goto err; + mac = OPENSSL_malloc(mac_len); + if (!mac) { + fprintf(stderr, "Error allocating mac buffer!\n"); + exit(1); + } + if (!EVP_DigestSignFinal(mctx, mac, &mac_len)) + goto err; + err = "MAC_LENGTH_MISMATCH"; + if (mac_len != mdata->output_len) + goto err; + err = "MAC_MISMATCH"; + if (check_output(t, mdata->output, mac, mac_len)) + goto err; + err = NULL; + err: + if (mctx) + EVP_MD_CTX_destroy(mctx); + if (mac) + OPENSSL_free(mac); + if (genctx) + EVP_PKEY_CTX_free(genctx); + if (key) + EVP_PKEY_free(key); + t->err = err; + return 1; +} + +static const struct evp_test_method mac_test_method = { + "MAC", + mac_test_init, + mac_test_cleanup, + mac_test_parse, + mac_test_run +}; + +/* + * Public key operations. These are all very similar and can share + * a lot of common code. + */ + +struct pkey_data { + /* Context for this operation */ + EVP_PKEY_CTX *ctx; + /* Key operation to perform */ + int (*keyop) (EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen); + /* Input to MAC */ + unsigned char *input; + size_t input_len; + /* Expected output */ + unsigned char *output; + size_t output_len; +}; + +/* + * Perform public key operation setup: lookup key, allocated ctx and call + * the appropriate initialisation function + */ +static int pkey_test_init(struct evp_test *t, const char *name, + int use_public, + int (*keyopinit) (EVP_PKEY_CTX *ctx), + int (*keyop) (EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen) + ) +{ + struct pkey_data *kdata; + EVP_PKEY *pkey = NULL; + kdata = OPENSSL_malloc(sizeof(struct pkey_data)); + if (!kdata) + return 0; + kdata->ctx = NULL; + kdata->input = NULL; + kdata->output = NULL; + kdata->keyop = keyop; + t->data = kdata; + if (use_public) + pkey = find_key(name, t->public); + if (!pkey) + pkey = find_key(name, t->private); + if (!pkey) + return 0; + kdata->ctx = EVP_PKEY_CTX_new(pkey, NULL); + if (!kdata->ctx) + return 0; + if (keyopinit(kdata->ctx) <= 0) + return 0; + return 1; +} + +static void pkey_test_cleanup(struct evp_test *t) +{ + struct pkey_data *kdata = t->data; + if (kdata->input) + OPENSSL_free(kdata->input); + if (kdata->output) + OPENSSL_free(kdata->output); + if (kdata->ctx) + EVP_PKEY_CTX_free(kdata->ctx); +} + +static int pkey_test_parse(struct evp_test *t, + const char *keyword, const char *value) +{ + struct pkey_data *kdata = t->data; + if (!strcmp(keyword, "Input")) + return test_bin(value, &kdata->input, &kdata->input_len); + if (!strcmp(keyword, "Output")) + return test_bin(value, &kdata->output, &kdata->output_len); + if (!strcmp(keyword, "Ctrl")) { + char *p = strchr(value, ':'); + if (p) + *p++ = 0; + if (EVP_PKEY_CTX_ctrl_str(kdata->ctx, value, p) <= 0) + return 0; + return 1; + } + return 0; +} + +static int pkey_test_run(struct evp_test *t) +{ + struct pkey_data *kdata = t->data; + unsigned char *out = NULL; + size_t out_len; + const char *err = "KEYOP_LENGTH_ERROR"; + if (kdata->keyop(kdata->ctx, NULL, &out_len, kdata->input, + kdata->input_len) <= 0) + goto err; + out = OPENSSL_malloc(out_len); + if (!out) { + fprintf(stderr, "Error allocating output buffer!\n"); + exit(1); + } + err = "KEYOP_ERROR"; + if (kdata->keyop + (kdata->ctx, out, &out_len, kdata->input, kdata->input_len) <= 0) + goto err; + err = "KEYOP_LENGTH_MISMATCH"; + if (out_len != kdata->output_len) + goto err; + err = "KEYOP_MISMATCH"; + if (check_output(t, kdata->output, out, out_len)) + goto err; + err = NULL; + err: + if (out) + OPENSSL_free(out); + t->err = err; + return 1; +} + +static int sign_test_init(struct evp_test *t, const char *name) +{ + return pkey_test_init(t, name, 0, EVP_PKEY_sign_init, EVP_PKEY_sign); +} + +static const struct evp_test_method psign_test_method = { + "Sign", + sign_test_init, + pkey_test_cleanup, + pkey_test_parse, + pkey_test_run +}; + +static int verify_recover_test_init(struct evp_test *t, const char *name) +{ + return pkey_test_init(t, name, 1, EVP_PKEY_verify_recover_init, + EVP_PKEY_verify_recover); +} + +static const struct evp_test_method pverify_recover_test_method = { + "VerifyRecover", + verify_recover_test_init, + pkey_test_cleanup, + pkey_test_parse, + pkey_test_run +}; + +static int decrypt_test_init(struct evp_test *t, const char *name) +{ + return pkey_test_init(t, name, 0, EVP_PKEY_decrypt_init, + EVP_PKEY_decrypt); +} + +static const struct evp_test_method pdecrypt_test_method = { + "Decrypt", + decrypt_test_init, + pkey_test_cleanup, + pkey_test_parse, + pkey_test_run +}; + +static int verify_test_init(struct evp_test *t, const char *name) +{ + return pkey_test_init(t, name, 1, EVP_PKEY_verify_init, 0); +} + +static int verify_test_run(struct evp_test *t) +{ + struct pkey_data *kdata = t->data; + if (EVP_PKEY_verify(kdata->ctx, kdata->output, kdata->output_len, + kdata->input, kdata->input_len) <= 0) + t->err = "VERIFY_ERROR"; + return 1; +} + +static const struct evp_test_method pverify_test_method = { + "Verify", + verify_test_init, + pkey_test_cleanup, + pkey_test_parse, + verify_test_run +}; diff --git a/crypto/evp/evptests.txt b/crypto/evp/evptests.txt index 718f723..da85100 100644 --- a/crypto/evp/evptests.txt +++ b/crypto/evp/evptests.txt @@ -1790,4 +1790,261 @@ Key = 5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8 Plaintext = 466f7250617369 Ciphertext = afbeb0f07dfbf5419200f2ccb50bb24f - +# HMAC tests from RFC2104 +MAC = HMAC +Algorithm = MD5 +Key = 0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b +Input = "Hi There" +Output = 9294727a3638bb1c13f48ef8158bfc9d + +MAC = HMAC +Algorithm = MD5 +Key = "Jefe" +Input = "what do ya want for nothing?" +Output = 750c783e6ab0b503eaa86e310a5db738 + +MAC = HMAC +Algorithm = MD5 +Key = AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +Input = DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD +Output = 56be34521d144c88dbb8c733f0e8b3f6 + +# HMAC tests from NIST test data + +MAC = HMAC +Algorithm = SHA1 +Input = "Sample message for keylen=blocklen" +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F +Output = 5FD596EE78D5553C8FF4E72D266DFD192366DA29 +MAC = HMAC +Algorithm = SHA1 +Input = "Sample message for keylen The branch master has been updated via e5bf3c923c184b19e8c3ef7043080955479a2325 (commit) from d5ec8efc70d3f9197dd6965d959de7dcda784459 (commit) - Log ----------------------------------------------------------------- commit e5bf3c923c184b19e8c3ef7043080955479a2325 Author: Dr. Stephen Henson Date: Fri Feb 13 13:02:24 2015 +0000 size_t for buffer functions. Change BUF_MEM_grow and BUF_MEM_grow_clean to return size_t. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/bio/bss_mem.c | 2 +- crypto/buffer/buffer.c | 4 ++-- crypto/buffer/buffer.h | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c index d190765..56e0d2e 100644 --- a/crypto/bio/bss_mem.c +++ b/crypto/bio/bss_mem.c @@ -187,7 +187,7 @@ static int mem_write(BIO *b, const char *in, int inl) BIO_clear_retry_flags(b); blen = bm->length; - if (BUF_MEM_grow_clean(bm, blen + inl) != (blen + inl)) + if (BUF_MEM_grow_clean(bm, blen + inl) == 0) goto end; memcpy(&(bm->data[blen]), in, inl); ret = inl; diff --git a/crypto/buffer/buffer.c b/crypto/buffer/buffer.c index f762fe8..0859974 100644 --- a/crypto/buffer/buffer.c +++ b/crypto/buffer/buffer.c @@ -94,7 +94,7 @@ void BUF_MEM_free(BUF_MEM *a) OPENSSL_free(a); } -int BUF_MEM_grow(BUF_MEM *str, size_t len) +size_t BUF_MEM_grow(BUF_MEM *str, size_t len) { char *ret; size_t n; @@ -130,7 +130,7 @@ int BUF_MEM_grow(BUF_MEM *str, size_t len) return (len); } -int BUF_MEM_grow_clean(BUF_MEM *str, size_t len) +size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len) { char *ret; size_t n; diff --git a/crypto/buffer/buffer.h b/crypto/buffer/buffer.h index 530ffd2..672c06b 100644 --- a/crypto/buffer/buffer.h +++ b/crypto/buffer/buffer.h @@ -82,8 +82,8 @@ struct buf_mem_st { BUF_MEM *BUF_MEM_new(void); void BUF_MEM_free(BUF_MEM *a); -int BUF_MEM_grow(BUF_MEM *str, size_t len); -int BUF_MEM_grow_clean(BUF_MEM *str, size_t len); +size_t BUF_MEM_grow(BUF_MEM *str, size_t len); +size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len); size_t BUF_strnlen(const char *str, size_t maxlen); char *BUF_strdup(const char *str); char *BUF_strndup(const char *str, size_t siz); From steve at openssl.org Fri Feb 13 14:01:57 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Fri, 13 Feb 2015 15:01:57 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150213140157.EFE0E1DF1AB@butler.localdomain> The branch master has been updated via f9e31463923dae15f23cc53b1d72e5a768e37fbc (commit) from e5bf3c923c184b19e8c3ef7043080955479a2325 (commit) - Log ----------------------------------------------------------------- commit f9e31463923dae15f23cc53b1d72e5a768e37fbc Author: Dr. Stephen Henson Date: Fri Feb 13 13:33:36 2015 +0000 remove unused method declaration Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/evp/evp_test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/evp/evp_test.c b/crypto/evp/evp_test.c index 78e8b70..7706ee1 100644 --- a/crypto/evp/evp_test.c +++ b/crypto/evp/evp_test.c @@ -208,7 +208,7 @@ struct evp_test_method { }; static const struct evp_test_method digest_test_method, cipher_test_method; -static const struct evp_test_method aead_test_method, mac_test_method; +static const struct evp_test_method mac_test_method; static const struct evp_test_method psign_test_method, pverify_test_method; static const struct evp_test_method pdecrypt_test_method; static const struct evp_test_method pverify_recover_test_method; From steve at openssl.org Sat Feb 14 00:07:52 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Sat, 14 Feb 2015 01:07:52 +0100 (CET) Subject: [openssl-commits] [web] master update Message-ID: <20150214000753.0231C1DF1AB@butler.localdomain> The branch master has been updated via 254c281f03f4a088a4831469ad9edc81a756440b (commit) from a043553a84caf3cb4334833186c29cf4de80fe00 (commit) - Log ----------------------------------------------------------------- commit 254c281f03f4a088a4831469ad9edc81a756440b Author: Steve Marquess Date: Fri Feb 13 19:00:39 2015 -0500 Add message in Chinese about Alipay ----------------------------------------------------------------------- Summary of changes: support/donations.wml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/support/donations.wml b/support/donations.wml index 1e2031c..a33827d 100644 --- a/support/donations.wml +++ b/support/donations.wml @@ -85,6 +85,13 @@ We also accept donations in any amount via credit card or PayPal: +
+
+Alipay coming soon:
+ +????PayPal??????????????????? ??????????????????????????????????????????????????????? +
+

From steve at openssl.org Wed Feb 18 00:41:40 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Wed, 18 Feb 2015 01:41:40 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150218004140.8711E1E035F@butler.localdomain> The branch master has been updated via f37879d07783a78cda66fd80eaae687dadc7269f (commit) from f9e31463923dae15f23cc53b1d72e5a768e37fbc (commit) - Log ----------------------------------------------------------------- commit f37879d07783a78cda66fd80eaae687dadc7269f Author: Dr. Stephen Henson Date: Sat Feb 14 18:43:21 2015 +0000 More RSA tests. Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: crypto/evp/evptests.txt | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/crypto/evp/evptests.txt b/crypto/evp/evptests.txt index da85100..58d9159 100644 --- a/crypto/evp/evptests.txt +++ b/crypto/evp/evptests.txt @@ -2000,6 +2000,40 @@ Input = "0123456789ABCDEF1233" Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ae Result = VERIFY_ERROR +# parameter is not NULL: should verify OK +Verify = RSA-2048 +Ctrl = digest:sha1 +Input = "0123456789ABCDEF1234" +Output = 3ec3fc29eb6e122bd7aa361cd09fe1bcbe85311096a7b9e4799cedfb2351ce0ab7fe4e75b4f6b37f67edd9c60c800f9ab941c0c157d7d880ca9de40c951d60fd293ae220d4bc510b1572d6e85a1bbbd8605b52e05f1c64fafdae59a1c2fbed214b7844d0134619de62851d5a0522e32e556e5950f3f97b8150e3f0dffee612c924201c27cd9bc8b423a71533380c276d3d59fcba35a2e80a1a192ec266a6c2255012cd86a349fe90a542b355fa3355b04da6cdf1df77f0e7bd44a90e880e1760266d233e465226f5db1c68857847d82072861ee266ddfc2e596845b77e1803274a579835ab5e4975d81d20b7df9cec7795489e4a2bdb8c1cf6a6b359945ac92c + +# embedded digest too long +Verify = RSA-2048 +Ctrl = digest:sha1 +Input = "0123456789ABCDEF1234" +Output = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d +Result = VERIFY_ERROR + +# embedded digest too short +Verify = RSA-2048 +Ctrl = digest:sha1 +Input = "0123456789ABCDEF1234" +Output = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d +Result = VERIFY_ERROR + +# Garbage after DigestInfo +Verify = RSA-2048 +Ctrl = digest:sha1 +Input = "0123456789ABCDEF1234" +Output = 9ee34872d4271a7d8808af0a4052a145a6d6a8437d00da3ed14428c7f087cd39f4d43334c41af63e7fa1ba363fee7bcef401d9d36a662abbab55ce89a696e1be0dfa19a5d09ca617dd488787b6048baaefeb29bc8688b2fe3882de2b77c905b5a8b56cf9616041e5ec934ba6de863efe93acc4eef783fe7f72a00fa65d6093ed32bf98ce527e62ccb1d56317f4be18b7e0f55d7c36617d2d0678a306e3350956b662ac15df45215dd8f6b314babb9788e6c272fa461e4c9b512a11a4b92bc77c3a4c95c903fccb238794eca5c750477bf56ea6ee6a167367d881b485ae3889e7c489af8fdf38e0c0f2aed780831182e34abedd43c39281b290774bf35cc25274 +Result = VERIFY_ERROR + +# invalid tag for parameter +Verify = RSA-2048 +Ctrl = digest:sha1 +Input = "0123456789ABCDEF1234" +Output = 49525db4d44c755e560cba980b1d85ea604b0e077fcadd4ba44072a3487bbddb835016200a7d8739cce2dc3223d9c20cbdd25059ab02277f1f21318efd18e21038ec89aa9d40680987129e8b41ba33bceb86518bdf47268b921cce2037acabca6575d832499538d6f40cdba0d40bd7f4d8ea6ca6e2eec87f294efc971407857f5d7db09f6a7b31e301f571c6d82a5e3d08d2bb3a36e673d28b910f5bec57f0fcc4d968fd7c94d0b9226dec17f5192ad8b42bcab6f26e1bea1fdc3b958199acb00f14ebcb2a352f3afcedd4c09000128a603bbeb9696dea13040445253972d46237a25c7845e3b464e6984c2348ea1f1210a9ff0b00d2d72b50db00c009bb39f9 +Result = VERIFY_ERROR + # EC tests Verify = P-256 From rsalz at openssl.org Thu Feb 19 18:18:43 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 19 Feb 2015 19:18:43 +0100 (CET) Subject: [openssl-commits] [web] master update Message-ID: <20150219181843.A45141E035F@butler.localdomain> The branch master has been updated via 955458532940646f6f124f4e2c9f02fe818835c6 (commit) from 254c281f03f4a088a4831469ad9edc81a756440b (commit) - Log ----------------------------------------------------------------- commit 955458532940646f6f124f4e2c9f02fe818835c6 Author: Rich Salz Date: Thu Feb 19 13:17:07 2015 -0500 Separate simple and generated targets simple, generated, manpages no longer have any interdependencies. all does generated/simple/manpages. udpate relupd actions to explicitly do generated/simple ----------------------------------------------------------------------- Summary of changes: Makefile | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/Makefile b/Makefile index 404248c..b6cd0e1 100644 --- a/Makefile +++ b/Makefile @@ -13,13 +13,7 @@ QUIET=--quiet DIRS= about docs news source support -all: simple manpages - -simple: generated - wmk $(FORCE) -I $(SNAP) -a $(DIRS) index.wml - -manpages: - sh ./run-pod2html.sh $(PODSHOME) +all: generated simple manpages generated: cp -f $(SNAP)/LICENSE source/license.inc @@ -29,6 +23,12 @@ generated: perl run-fundingfaq.pl < support/funding/support-faq.txt >support/funding/support-faq.inc ( cd news && xsltproc vulnerabilities.xsl vulnerabilities.xml > vulnerabilities.wml ) +simple: + wmk $(FORCE) -I $(SNAP) -a $(DIRS) index.wml + +manpages: + sh ./run-pod2html.sh $(PODSHOME) + # Update release notes (and other items, but relnotes is the use-case) relupd: id | grep -q root || { echo you must sudo ; exit 1; } @@ -36,6 +36,4 @@ relupd: echo Updating $$dir ; cd $$dir ; sudo -u openssl git pull $(QUIET) ; cd .. ; \ done ) sudo -u www-data git pull $(QUIET) - sudo -u www-data $(MAKE) simple - - + sudo -u www-data $(MAKE) generated simple From openssl-git at openssl.org Thu Feb 19 19:54:16 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:16 +0000 Subject: [openssl-commits] [openssl] OpenSSL-fips-2_0_3 delete Message-ID: <1424375656.459877.12712.nullmailer@dev.openssl.org> The annotated tag OpenSSL-fips-2_0_3 has been deleted was 6f385d783328b7467f5644352209ea6e13e5978d - Log ----------------------------------------------------------------- 4f6c4c1896f1fea63053468bfc599d3cf7da93f5 Support for WinEC7. ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:16 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:16 +0000 Subject: [openssl-commits] [openssl] OpenSSL-fips-2_0_4 delete Message-ID: <1424375656.556362.12725.nullmailer@dev.openssl.org> The annotated tag OpenSSL-fips-2_0_4 has been deleted was 4d4c2a522e55ac95267a8eb252ffce3a942770f2 - Log ----------------------------------------------------------------- b0ee17ad475c97f068c7314efafdd8a53d92af54 Add MIPS support. ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:16 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:16 +0000 Subject: [openssl-commits] [openssl] OpenSSL-fips-2_0_6 delete Message-ID: <1424375656.758274.12752.nullmailer@dev.openssl.org> The annotated tag OpenSSL-fips-2_0_6 has been deleted was bcf9f8bccad075957232d00abcc846c7ff5c66fd - Log ----------------------------------------------------------------- 2659a2aa7ca8cf17cae05d119fc3caee0480ddd6 QNX6-armv4 support. ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:16 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:16 +0000 Subject: [openssl-commits] [openssl] OpenSSL-fips-2_0_5 delete Message-ID: <1424375656.657025.12739.nullmailer@dev.openssl.org> The annotated tag OpenSSL-fips-2_0_5 has been deleted was c1dcffb1634f41f244d7b0d204ec6c200e528018 - Log ----------------------------------------------------------------- 4089bd6080d41450adab1e0ac0d63cfeab4a78e7 eCos ARMv4/5 support ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:16 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:16 +0000 Subject: [openssl-commits] [openssl] OpenSSL-fips-2_0_7 delete Message-ID: <1424375656.863158.12766.nullmailer@dev.openssl.org> The annotated tag OpenSSL-fips-2_0_7 has been deleted was 2845604f5448f6cd04a8ebb7b630d53a1981d59e - Log ----------------------------------------------------------------- 005563bbce6e66b9c481fd39574b0ffcd2a34292 Add linux-x86_64-cross target. ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:16 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:16 +0000 Subject: [openssl-commits] [openssl] OpenSSL-fips-2_0_8 delete Message-ID: <1424375656.959719.12781.nullmailer@dev.openssl.org> The annotated tag OpenSSL-fips-2_0_8 has been deleted was d5500aeaddb973323fd83b0fe46d30be53f019b8 - Log ----------------------------------------------------------------- 7fb7844f3b40b60c2df77e093398da55d7928e9d Remove Dual EC DRBG again... ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:17 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:17 +0000 Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-post-auto-reformat delete Message-ID: <1424375657.053504.12795.nullmailer@dev.openssl.org> The annotated tag OpenSSL_0_9_8-post-auto-reformat has been deleted was 75825ee7edda525fc9e3f6f3b2816bd8ba094d61 - Log ----------------------------------------------------------------- 6f1f3c665331d73c4ec08d653d100fa52c44cd60 Rerun util/openssl-format-source -v -c . ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:16 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:16 +0000 Subject: [openssl-commits] [openssl] OpenSSL-fips-2_0_2 delete Message-ID: <1424375656.360112.12698.nullmailer@dev.openssl.org> The annotated tag OpenSSL-fips-2_0_2 has been deleted was 4449ebc05d847784cbb6111e44e1a75b06bdc4ad - Log ----------------------------------------------------------------- 2d183e4c44b1d18fe515739ec72c76d471a4b669 Add BSD-ppc85xx support and avoid copying overlapping buffers in fips_dssvs.c ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:17 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:17 +0000 Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-post-reformat delete Message-ID: <1424375657.141332.12810.nullmailer@dev.openssl.org> The annotated tag OpenSSL_0_9_8-post-reformat has been deleted was 157c7c73f853a773833d72dbe6ac3ca7e193c48d - Log ----------------------------------------------------------------- 02f0c26cea09e4ea847fba303a856b9475382ba5 Re-align some comments after running the reformat script. This should be a one off operation (subsequent invokation of the script should not move them) ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:17 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:17 +0000 Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-pre-auto-reformat delete Message-ID: <1424375657.231099.12824.nullmailer@dev.openssl.org> The annotated tag OpenSSL_0_9_8-pre-auto-reformat has been deleted was 096a6bc15694ee72968f26254ef26a44a6eb3c1e - Log ----------------------------------------------------------------- 9d03aabea3ead1fe6a194297ddffd4a87f89b93c More comment changes required for indent ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:17 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:17 +0000 Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-pre-reformat delete Message-ID: <1424375657.320162.12838.nullmailer@dev.openssl.org> The annotated tag OpenSSL_0_9_8-pre-reformat has been deleted was 109031518137daa5557ebe31e663ee8d935c2c27 - Log ----------------------------------------------------------------- ba442a7e1ba96d0b189bc627a2a750c928a42d13 Prepare for 0.9.8zf-dev ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:17 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:17 +0000 Subject: [openssl-commits] [openssl] OpenSSL_0_9_8y delete Message-ID: <1424375657.406089.12852.nullmailer@dev.openssl.org> The annotated tag OpenSSL_0_9_8y has been deleted was dd110c1150065197364a57323cb62f94316b3db5 - Log ----------------------------------------------------------------- 8964efc413f281a6cacaa83c1c642e8a531613ba prepare for release ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:17 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:17 +0000 Subject: [openssl-commits] [openssl] OpenSSL_0_9_8za delete Message-ID: <1424375657.493380.12866.nullmailer@dev.openssl.org> The annotated tag OpenSSL_0_9_8za has been deleted was 1e65e5c9b82fb90ecff2ed5169e7c1f36c9298e4 - Log ----------------------------------------------------------------- 047ec5d196bb7d41491e95b554f11154e27a931a Prepare for 0.9.8za release ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:17 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:17 +0000 Subject: [openssl-commits] [openssl] OpenSSL_0_9_8zb delete Message-ID: <1424375657.580249.12880.nullmailer@dev.openssl.org> The annotated tag OpenSSL_0_9_8zb has been deleted was 0a2682a5b63757c861be8e4df497a586c491435c - Log ----------------------------------------------------------------- 1c5f396d3658562cf2eb969d9cba769aa33a9b00 Prepare for 0.9.8zb release ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:17 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:17 +0000 Subject: [openssl-commits] [openssl] OpenSSL_0_9_8zc delete Message-ID: <1424375657.667886.12894.nullmailer@dev.openssl.org> The annotated tag OpenSSL_0_9_8zc has been deleted was 5a49adc829065ee260a9153e25cfeb6aef265827 - Log ----------------------------------------------------------------- 36216218ca1eeac5cc4ed4042283f4a3936bcbde Prepare for 0.9.8zc release ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:17 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:17 +0000 Subject: [openssl-commits] [openssl] OpenSSL_0_9_8zd delete Message-ID: <1424375657.755699.12908.nullmailer@dev.openssl.org> The annotated tag OpenSSL_0_9_8zd has been deleted was 58f95e3a7db8e68ffabef77a5669d5767376197c - Log ----------------------------------------------------------------- b873409efee1731171f78d8eb456b57aa4b7d0ff Prepare for 0.9.8zd release ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:17 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:17 +0000 Subject: [openssl-commits] [openssl] OpenSSL_0_9_8ze delete Message-ID: <1424375657.842798.12922.nullmailer@dev.openssl.org> The annotated tag OpenSSL_0_9_8ze has been deleted was deed151406f32123d345861cd9078524c0cca02e - Log ----------------------------------------------------------------- e8ccaee31caa9376dd752b45a8f1a62259a69867 Prepare for 0.9.8ze release ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:17 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:17 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-post-auto-reformat delete Message-ID: <1424375657.942392.12936.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_0-post-auto-reformat has been deleted was 775021164244df079a561e83fa0be7ec4a1e4203 - Log ----------------------------------------------------------------- 4bc991384404d05e49e3aa622c142c7b7d05ef7b Rerun util/openssl-format-source -v -c . ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:18 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:18 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-post-reformat delete Message-ID: <1424375658.041861.12950.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_0-post-reformat has been deleted was 4d4af8b7a0f02b9f31fde7c9be0dbbc175459c68 - Log ----------------------------------------------------------------- 3d7a9aca8c400683d2fb7eca799fa547f70e4832 Re-align some comments after running the reformat script. This should be a one off operation (subsequent invokation of the script should not move them) ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:18 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:18 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-pre-auto-reformat delete Message-ID: <1424375658.141312.12964.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_0-pre-auto-reformat has been deleted was c980ebae0d279d02dadb12e1a8686e52ea2da151 - Log ----------------------------------------------------------------- e3db68b766609ad5a3d1ab1fbf68d9286e6cf8b3 Yet more changes to comments ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:18 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:18 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-pre-reformat delete Message-ID: <1424375658.242755.12978.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_0-pre-reformat has been deleted was a0714275f2618e0df717fc29bd9657e46dd8f702 - Log ----------------------------------------------------------------- 569c68744ab18ff48074a683a57962d959fcb13c Prepare for 1.0.0r-dev ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:18 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:18 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0k delete Message-ID: <1424375658.337260.12992.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_0k has been deleted was 8f3a2638cfc339ef9ccd65a4203b4ab18b4d639c - Log ----------------------------------------------------------------- d9e048ceac64d3f2cfa8b153271acd309e6a5edb prepare for release ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:18 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:18 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0l delete Message-ID: <1424375658.436959.13006.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_0l has been deleted was 27002358447d41388800aef493cf2eaaafa544b9 - Log ----------------------------------------------------------------- 7f94a3c3de881a876ccf945093ec451881ebec30 Prepare for 1.0.0l release ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:18 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:18 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0m delete Message-ID: <1424375658.534219.13020.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_0m has been deleted was 77b90c70c114c4e140285bf00c3ce725fb9b87f3 - Log ----------------------------------------------------------------- 4bee980bb5d8f751a3a0500e6979983e40fd1bea Prepare for 1.0.0m release ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:18 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:18 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0n delete Message-ID: <1424375658.631688.13034.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_0n has been deleted was 42a0b2782dab091713c5e3d19175e7fa216a73da - Log ----------------------------------------------------------------- bb505311c6abc8db675f384d396b318cb1007585 Prepare for 1.0.0n release ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:18 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:18 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0o delete Message-ID: <1424375658.728729.13048.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_0o has been deleted was ee5e0632a47d504b2bebb23e5e05419f3e8dec74 - Log ----------------------------------------------------------------- 41da9188cc1d7bb49831d2e27f7a5b8353d53024 Prepare for 1.0.0o release ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:18 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:18 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0p delete Message-ID: <1424375658.826246.13062.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_0p has been deleted was 89c5e025a461db9be4cd4a4625fdf80e3f098e61 - Log ----------------------------------------------------------------- 225628f280d79dda31d135f96e231807d06e38c3 Prepare for 1.0.0p release ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:18 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:18 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0q delete Message-ID: <1424375658.924328.13076.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_0q has been deleted was 689a1eb8d11c1f81e54ae68b409dcc0c1a6e8de1 - Log ----------------------------------------------------------------- cdac2e8928ca483843bfa3b527efb16e7f83bd60 Prepare for 1.0.0q release ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:19 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:19 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-post-auto-reformat delete Message-ID: <1424375659.027824.13090.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_1-post-auto-reformat has been deleted was 614fd42311baad9ec41d7440b1ff18c0b130cc0e - Log ----------------------------------------------------------------- 47050853f13b07f91b5b4a058dcb188621296f21 Rerun util/openssl-format-source -v -c . ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:19 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:19 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-post-reformat delete Message-ID: <1424375659.131634.13104.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_1-post-reformat has been deleted was d5de757dfd569cb6c99253cf4172ed118862c486 - Log ----------------------------------------------------------------- cda8845ded7c0739c9142283ed4c449130b1b546 Re-align some comments after running the reformat script. This should be a one off operation (subsequent invokation of the script should not move them) ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:19 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:19 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-pre-auto-reformat delete Message-ID: <1424375659.236131.13118.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_1-pre-auto-reformat has been deleted was 5e6f171ca5b9083aaf2a70ccb97bca002ecabe29 - Log ----------------------------------------------------------------- e498b83fed7025eeacb4dd2ad183c3f6236467b2 More tweaks for comments due indent issues ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:19 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:19 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-pre-reformat delete Message-ID: <1424375659.343395.13132.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_1-pre-reformat has been deleted was f12958ee75eb1362556cfd193df003b4414b2754 - Log ----------------------------------------------------------------- 3a9a0321638ae13957b66baae6d4955597fc128d Prepare for 1.0.1m-dev ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:19 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:19 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1d delete Message-ID: <1424375659.440307.13146.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_1d has been deleted was 9f426095d12ed07e980ec1988a4ea32c76ac8609 - Log ----------------------------------------------------------------- 62f4033381a013c8a8edb6db5345da678495d94f typo ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:19 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:19 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1e delete Message-ID: <1424375659.537534.13160.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_1e has been deleted was 7f19e571a35afd595e9b307e91fbfbe63460a60f - Log ----------------------------------------------------------------- 46ebd9e3bb623d3c15ef2203038956f3f7213620 use 10240 for record size ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:19 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:19 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1f delete Message-ID: <1424375659.637471.13174.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_1f has been deleted was ef1478b81a69d305d2d93487a5307f1af44a98c6 - Log ----------------------------------------------------------------- 0d8776344cd7965fadd870e361503985df9c45bb Prepare for 1.0.1f release ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:19 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:19 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1g delete Message-ID: <1424375659.735077.13188.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_1g has been deleted was 7434fe25b14aa036f6b9e12358abeaebdb7b250a - Log ----------------------------------------------------------------- b2d951e4232d2f90168f9a3dd0b7df9ecf2d81a8 Prepare for 1.0.1g release ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:19 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:19 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1h delete Message-ID: <1424375659.835032.13202.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_1h has been deleted was fad8d5b0a107c65e93b62b39d1b3272aade35c50 - Log ----------------------------------------------------------------- 6b72417a00b803680edc9be214c1b3dd9dae203d Prepare for 1.0.1h release ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:19 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:19 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1i delete Message-ID: <1424375659.937956.13216.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_1i has been deleted was 488cb0c4b85851dc4043022c545aa319badc6954 - Log ----------------------------------------------------------------- 2b456034457b58454aae3998a2765b6a5b9bc837 Prepare for 1.0.1i release ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:20 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:20 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1j delete Message-ID: <1424375660.087539.13230.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_1j has been deleted was 91accef3f62a5303829e21fd1ff190dcb008780f - Log ----------------------------------------------------------------- 872e681c00a713e840ebed77a4e05fa0e181f16f Prepare for 1.0.1j release ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:20 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:20 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1l delete Message-ID: <1424375660.298043.13258.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_1l has been deleted was 3af93c6cfaa06462206ec7dbf13fc86f172b4e6c - Log ----------------------------------------------------------------- b83ceba7d51e846cf24433aa3c417bfd62b3ffa5 Prepare for 1.0.1l release ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:20 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:20 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1k delete Message-ID: <1424375660.194693.13244.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_1k has been deleted was 06d3e7b7f9acd0bb66af9a29eb37635c6e59f526 - Log ----------------------------------------------------------------- b4a57c4c419a578d1a16862a6b445c34003b4c52 Prepare for 1.0.1k release ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:20 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:20 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2 delete Message-ID: <1424375660.407777.13272.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_2 has been deleted was bfec9ddfdf241911fa917bdd10a579874414d450 - Log ----------------------------------------------------------------- 4ac0329582829f5378d8078c8d314ad37db87736 Prepare for 1.0.2 release ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:20 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:20 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-beta1 delete Message-ID: <1424375660.510499.13286.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_2-beta1 has been deleted was 1ba59a85c9f3a117f116627c814b1b1427715b94 - Log ----------------------------------------------------------------- 94f416601754dbe65e287f8e1eca01fa32f74a7a Prepare for 1.0.2-beta1 release ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:20 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:20 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-beta2 delete Message-ID: <1424375660.616999.13300.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_2-beta2 has been deleted was dfbbcf9c2759d83604b25d5dc92d273948eb698d - Log ----------------------------------------------------------------- 2f63ad1c6daa61614f3d58de0889bf68e9f75853 Prepare for 1.0.2-beta2 release ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:20 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:20 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-beta3 delete Message-ID: <1424375660.724475.13314.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_2-beta3 has been deleted was 41d1e44a209d8d9bbe35b7e8512107294815cb68 - Log ----------------------------------------------------------------- 2c5db8dac3a06fe5b2c889838a606138ee3542ed Prepare for 1.0.2-beta3 release ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:20 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:20 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-post-auto-reformat delete Message-ID: <1424375660.834162.13328.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_2-post-auto-reformat has been deleted was 12b69d483d9954b9754f0eedd0c34b4cbab1c0d0 - Log ----------------------------------------------------------------- 323d39e87f86bc4524881942aafc7539532aefff Rerun util/openssl-format-source -v -c . ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:20 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:20 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-post-reformat delete Message-ID: <1424375660.943704.13342.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_2-post-reformat has been deleted was ac1e6674c070d95ce118b77f5fe61008b4b80213 - Log ----------------------------------------------------------------- 83975c80bbc3e84cc605e0491707a6517f5dd346 Re-align some comments after running the reformat script. This should be a one off operation (subsequent invokation of the script should not move them) ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:21 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:21 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-pre-auto-reformat delete Message-ID: <1424375661.053860.13356.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_2-pre-auto-reformat has been deleted was a73e48759f52155f773fe9673f39dcb3ce27fcda - Log ----------------------------------------------------------------- aae3233e1e08e9f11742f8f351af5c98cd8add16 More tweaks for comments due indent issues ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:21 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:21 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-pre-reformat delete Message-ID: <1424375661.163354.13370.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_2-pre-reformat has been deleted was 6b1754608f389ee2595fb7027de4e1e35eee6b02 - Log ----------------------------------------------------------------- 43257b9f51de749262258668c77c2f0f99d7a15b Define CFLAGS as cflags on VMS as well ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:21 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:21 +0000 Subject: [openssl-commits] [openssl] master-post-auto-reformat delete Message-ID: <1424375661.279757.13384.nullmailer@dev.openssl.org> The annotated tag master-post-auto-reformat has been deleted was 0c59a14b93b682c48a9611876d081409bbbf9941 - Log ----------------------------------------------------------------- 739a5eee619fc8c03736140828891b369f8690f4 Rerun util/openssl-format-source -v -c . ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:21 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:21 +0000 Subject: [openssl-commits] [openssl] master-post-reformat delete Message-ID: <1424375661.401125.13398.nullmailer@dev.openssl.org> The annotated tag master-post-reformat has been deleted was 48c4781590e1ab4f9fd9d132ef91773a1df99d7e - Log ----------------------------------------------------------------- 35a1cc90bc1795e8893c11e442790ee7f659fffb More comment realignment ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:21 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:21 +0000 Subject: [openssl-commits] [openssl] master-pre-auto-reformat delete Message-ID: <1424375661.516811.13412.nullmailer@dev.openssl.org> The annotated tag master-pre-auto-reformat has been deleted was 9fd62bd141af640af7482d017e89382b389bb669 - Log ----------------------------------------------------------------- 22b52164aaed31d6e93dbd2d397ace041360e6aa More tweaks for comments due indent issues ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:21 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:21 +0000 Subject: [openssl-commits] [openssl] master-pre-reformat delete Message-ID: <1424375661.633875.13426.nullmailer@dev.openssl.org> The annotated tag master-pre-reformat has been deleted was e422e1a89576a7bef94ec5ec7db3e3c7dc77e009 - Log ----------------------------------------------------------------- 4b618848f9beb8271f24883694e097caa70013c0 Cleanup OPENSSL_NO_xxx, part 1 ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:21 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:21 +0000 Subject: [openssl-commits] [openssl] security-0.9.8 create Message-ID: <1424375661.722619.13439.nullmailer@dev.openssl.org> The branch security-0.9.8 has been created at 1dc6a5441a2759e7e17995ef61ba7fc9011920a7 (commit) - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:21 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:21 +0000 Subject: [openssl-commits] [openssl] security-1.0.0 create Message-ID: <1424375661.830432.13456.nullmailer@dev.openssl.org> The branch security-1.0.0 has been created at c1beec0e6dd4325210f4e42ddf2fb97c32dda45b (commit) - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:21 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:21 +0000 Subject: [openssl-commits] [openssl] security-1.0.1 create Message-ID: <1424375661.943348.13473.nullmailer@dev.openssl.org> The branch security-1.0.1 has been created at e02863b5ac8f6fc581e75e24e53b4ef5ea0b15ca (commit) - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:22 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:22 +0000 Subject: [openssl-commits] [openssl] security-1.0.2 create Message-ID: <1424375662.061513.13490.nullmailer@dev.openssl.org> The branch security-1.0.2 has been created at 7c6a3cf2375f5881ef3f3a58ac0fbd0b4663abd1 (commit) - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:22 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:22 +0000 Subject: [openssl-commits] [openssl] security-master create Message-ID: <1424375662.186336.13507.nullmailer@dev.openssl.org> The branch security-master has been created at 103b171d8fc282ef435f8de9afbf7782e312961f (commit) - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:22 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:22 +0000 Subject: [openssl-commits] [openssl] steve/0.9.8za-secfix create Message-ID: <1424375662.283096.13524.nullmailer@dev.openssl.org> The branch steve/0.9.8za-secfix has been created at 141a5482fdd1944804cc342c1c443362eed8501b (commit) - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- From openssl-git at openssl.org Thu Feb 19 19:54:22 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Thu, 19 Feb 2015 19:54:22 +0000 Subject: [openssl-commits] [openssl] steve/review-1.0.1 create Message-ID: <1424375662.410801.13541.nullmailer@dev.openssl.org> The branch steve/review-1.0.1 has been created at bf3e200eb4bd180169bb2caa8472e1533692fb9f (commit) - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- From levitte at openssl.org Thu Feb 19 22:14:34 2015 From: levitte at openssl.org (Richard Levitte) Date: Thu, 19 Feb 2015 23:14:34 +0100 (CET) Subject: [openssl-commits] The deluge of removed tags... [FALSE ALARM] Message-ID: <20150219.231434.1005901241926643053.levitte@openssl.org> Hi, The deluge of removed tags that just occured is a false alarm, generated by repository mirroring to a new machine that had some mistakes and an email post-receive that was enabled a little too early. I stopped the deluge in its tracks when I realised what was going on, and it seems like the deluge is over at this point. So please, ignore them and appologies for the interruption and the scare. -- Richard Levitte levitte at openssl.org OpenSSL Project http://www.openssl.org/~levitte/ From steve at openssl.org Sat Feb 21 01:18:51 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Sat, 21 Feb 2015 02:18:51 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150221011851.8003B1DF11A@butler.localdomain> The branch master has been updated via 146ca72cca3ab668d6bcb45b2a7f71bd9a8d06bb (commit) via 86f300d38540ead85543aee0cb30c32145931744 (commit) from f37879d07783a78cda66fd80eaae687dadc7269f (commit) - Log ----------------------------------------------------------------- commit 146ca72cca3ab668d6bcb45b2a7f71bd9a8d06bb Author: Dr. Stephen Henson Date: Thu Feb 19 14:35:43 2015 +0000 Add additional EC documentation. Reviewed-by: Matt Caswell commit 86f300d38540ead85543aee0cb30c32145931744 Author: Dr. Stephen Henson Date: Thu Feb 19 14:32:44 2015 +0000 Use named curve parameter encoding by default. Many applications require named curve parameter encoding instead of explicit parameter encoding (including the TLS library in OpenSSL itself). Set this encoding by default instead of requiring an explicit call to set it. Add OPENSSL_EC_EXPLICT_CURVE define. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/ec/ec.h | 3 ++- crypto/ec/ec_lib.c | 2 +- doc/apps/genpkey.pod | 35 ++++++++++++++++++++++++++++++----- doc/crypto/EC_GROUP_copy.pod | 16 ++++++++++++---- doc/crypto/EVP_PKEY_CTX_ctrl.pod | 24 ++++++++++++++++++------ 5 files changed, 63 insertions(+), 17 deletions(-) diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h index b89add6..2d36dd5 100644 --- a/crypto/ec/ec.h +++ b/crypto/ec/ec.h @@ -715,7 +715,8 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, unsigned int *k2, unsigned int *k3); # endif -# define OPENSSL_EC_NAMED_CURVE 0x001 +# define OPENSSL_EC_EXPLICIT_CURVE 0x000 +# define OPENSSL_EC_NAMED_CURVE 0x001 typedef struct ecpk_parameters_st ECPKPARAMETERS; diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index cc3dd35..2dcdb40 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -106,7 +106,7 @@ EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) goto err; ret->curve_name = 0; - ret->asn1_flag = 0; + ret->asn1_flag = OPENSSL_EC_NAMED_CURVE; ret->asn1_form = POINT_CONVERSION_UNCOMPRESSED; ret->seed = NULL; diff --git a/doc/apps/genpkey.pod b/doc/apps/genpkey.pod index 929edcd..74faba5 100644 --- a/doc/apps/genpkey.pod +++ b/doc/apps/genpkey.pod @@ -29,7 +29,7 @@ The B command generates a private key. =item B<-out filename> the output filename. If this argument is not specified then standard output is -used. +used. =item B<-outform DER|PEM> @@ -141,11 +141,21 @@ and 2048 bit group with 256 bit subgroup as mentioned in RFC5114 sections =head1 EC PARAMETER GENERATION OPTIONS +In OpenSSL 1.0.2 and later the EC parameter generation options below can also +be supplied as EC key generation options. This can (for example) generate a +key from a named curve without the need to use an explicit parameter file. + =over 4 =item B -the EC curve to use. +the EC curve to use. OpenSSL 1.0.2 and later supports NIST curve names +such as "P-256". + +=item B + +the encoding to use for parameters. The "encoding" paramater must be either +"named_curve" or "explicit". =back @@ -190,7 +200,7 @@ can be used. Generate an RSA private key using default parameters: - openssl genpkey -algorithm RSA -out key.pem + openssl genpkey -algorithm RSA -out key.pem Encrypt output private key using 128 bit AES and the passphrase "hello": @@ -208,7 +218,7 @@ Generate 1024 bit DSA parameters: Generate DSA key from parameters: - openssl genpkey -paramfile dsap.pem -out dsakey.pem + openssl genpkey -paramfile dsap.pem -out dsakey.pem Generate 1024 bit DH parameters: @@ -221,8 +231,23 @@ Output RFC5114 2048 bit DH parameters with 224 bit subgroup: Generate DH key from parameters: - openssl genpkey -paramfile dhp.pem -out dhkey.pem + openssl genpkey -paramfile dhp.pem -out dhkey.pem + +Generate EC parameters: + + openssl genpkey -genparam -algorithm EC -out ecp.pem \ + -pkeyopt ec_paramgen_curve:secp384r1 \ + -pkeyopt ec_param_enc:named_curve + +Generate EC key from parameters: + + openssl genpkey -paramfile ecp.pem -out eckey.pem + +Generate EC key directly (OpenSSL 1.0.2+ only): + openssl genpkey -algorithm EC -out eckey.pem \ + -pkeyopt ec_paramgen_curve:P-384 \ + -pkeyopt ec_param_enc:named_curve =cut diff --git a/doc/crypto/EC_GROUP_copy.pod b/doc/crypto/EC_GROUP_copy.pod index 954af46..d8fb3dd 100644 --- a/doc/crypto/EC_GROUP_copy.pod +++ b/doc/crypto/EC_GROUP_copy.pod @@ -69,10 +69,18 @@ The functions EC_GROUP_set_curve_name and EC_GROUP_get_curve_name, set and get t (see L). If a curve does not have a NID associated with it, then EC_GROUP_get_curve_name will return 0. -The asn1_flag value on a curve is used to determine whether there is a specific ASN1 OID to describe the curve or not. -If the asn1_flag is 1 then this is a named curve with an associated ASN1 OID. If not then asn1_flag is 0. The functions -EC_GROUP_get_asn1_flag and EC_GROUP_set_asn1_flag get and set the status of the asn1_flag for the curve. If set then -the curve_name must also be set. +The asn1_flag value is used to determine whether the curve encoding uses +explicit parameters or a named curve using an ASN1 OID: many applications only +support the latter form. If asn1_flag is B then the +named curve form is used and the parameters must have a corresponding +named curve NID set. If asn1_flags is B the +parameters are explicitly encoded. The functions EC_GROUP_get_asn1_flag and +EC_GROUP_set_asn1_flag get and set the status of the asn1_flag for the curve. +Note: B was first added to OpenSSL 1.1.0, for +previous versions of OpenSSL the value 0 must be used instead. Before OpenSSL +1.1.0 the default form was to use explicit parameters (meaning that +applications would have to explicitly set the named curve form) in OpenSSL +1.1.0 and later the named curve form is the default. The point_coversion_form for a curve controls how EC_POINT data is encoded as ASN1 as defined in X9.62 (ECDSA). point_conversion_form_t is an enum defined as follows: diff --git a/doc/crypto/EVP_PKEY_CTX_ctrl.pod b/doc/crypto/EVP_PKEY_CTX_ctrl.pod index 2367ae6..6866a6f 100644 --- a/doc/crypto/EVP_PKEY_CTX_ctrl.pod +++ b/doc/crypto/EVP_PKEY_CTX_ctrl.pod @@ -8,7 +8,8 @@ EVP_PKEY_CTX_set_rsa_pss_saltlen, EVP_PKEY_CTX_set_rsa_rsa_keygen_bits, EVP_PKEY_CTX_set_rsa_keygen_pubexp, EVP_PKEY_CTX_set_dsa_paramgen_bits, EVP_PKEY_CTX_set_dh_paramgen_prime_len, EVP_PKEY_CTX_set_dh_paramgen_generator, -EVP_PKEY_CTX_set_ec_paramgen_curve_nid - algorithm specific control operations +EVP_PKEY_CTX_set_ec_paramgen_curve_nid, +EVP_PKEY_CTX_set_ec_param_enc - algorithm specific control operations =head1 SYNOPSIS @@ -37,6 +38,7 @@ EVP_PKEY_CTX_set_ec_paramgen_curve_nid - algorithm specific control operations #include int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid); + int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int param_enc); =head1 DESCRIPTION @@ -66,7 +68,7 @@ The macro EVP_PKEY_CTX_set_rsa_padding() sets the RSA padding mode for B. The B parameter can take the value RSA_PKCS1_PADDING for PKCS#1 padding, RSA_SSLV23_PADDING for SSLv23 padding, RSA_NO_PADDING for no padding, RSA_PKCS1_OAEP_PADDING for OAEP padding (encrypt and decrypt only), -RSA_X931_PADDING for X9.31 padding (signature operations only) and +RSA_X931_PADDING for X9.31 padding (signature operations only) and RSA_PKCS1_PSS_PADDING (sign and verify only). Two RSA padding modes behave differently if EVP_PKEY_CTX_set_signature_md() @@ -91,7 +93,7 @@ RSA key genration to B. If not specified 1024 bits is used. The EVP_PKEY_CTX_set_rsa_keygen_pubexp() macro sets the public exponent value for RSA key generation to B currently it should be an odd integer. The -B pointer is used internally by this function so it should not be +B pointer is used internally by this function so it should not be modified or free after the call. If this macro is not called then 65537 is used. The macro EVP_PKEY_CTX_set_dsa_paramgen_bits() sets the number of bits used @@ -106,7 +108,17 @@ for DH parameter generation. If not specified 2 is used. The EVP_PKEY_CTX_set_ec_paramgen_curve_nid() sets the EC curve for EC parameter generation to B. For EC parameter generation this macro must be called -or an error occurs because there is no default curve. +or an error occurs because there is no default curve. In OpenSSL 1.0.2 and +later this function can also be called to set the curve explicitly when +generating an EC key. + +The EVP_PKEY_CTX_set_ec_param_enc() sets the EC parameter encoding to +B when generating EC parameters or an EC key. The encoding can be +B for explicit parameters (the default in versions +of OpenSSL before 1.1.0) or B to use named curve form. +For maximum compatibility the named curve form should be used. Note: the +B value was only added to OpenSSL 1.1.0: previous +versions should use 0 instead. =head1 RETURN VALUES @@ -122,8 +134,8 @@ L, L, L, L, -L -L +L +L =head1 HISTORY From levitte at openssl.org Sat Feb 21 22:51:42 2015 From: levitte at openssl.org (Richard Levitte) Date: Sat, 21 Feb 2015 23:51:42 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150221225142.BA2401DF11A@butler.localdomain> The branch master has been updated via 64e6bf64b36136d487e2fbf907f09612e69ae911 (commit) from 146ca72cca3ab668d6bcb45b2a7f71bd9a8d06bb (commit) - Log ----------------------------------------------------------------- commit 64e6bf64b36136d487e2fbf907f09612e69ae911 Author: Richard Levitte Date: Thu Feb 12 11:41:48 2015 +0100 Assume TERMIOS is default, remove TERMIO on all Linux. The rationale for this move is that TERMIOS is default, supported by POSIX-1.2001, and most definitely on Linux. For a few other systems, TERMIO may still be the termnial interface of preference, so we keep -DTERMIO on those in Configure. crypto/ui/ui_openssl.c is simplified in this regard, and will define TERMIOS for all systems except a select few exceptions. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: Configure | 128 ++++++++++++++++++++++++------------------------ crypto/ui/ui_openssl.c | 59 ++++++++++------------ 2 files changed, 90 insertions(+), 97 deletions(-) diff --git a/Configure b/Configure index 69320b7..90e20a8 100755 --- a/Configure +++ b/Configure @@ -180,10 +180,10 @@ my %table=( "debug-ben-debug-64-clang", "clang:$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-ben-debug-64-noopt", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-ben-macos", "cc:$gcc_devteam_warn -DOPENSSL_NO_ASM -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch i386 -O3 -DL_ENDIAN -g3 -pipe::(unknown)::::::", -"debug-ben-no-opt", "gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::", +"debug-ben-no-opt", "gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -Wall -g3::(unknown)::::::", "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", "debug-ben-darwin64","cc:$gcc_devteam_warn -Wno-language-extension-token -Wno-extended-offsetof -arch x86_64 -O3 -DL_ENDIAN -DMD32_REG_T=int -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:$x86_64_asm:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", +"debug-rse","cc:-DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-bodo", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", "debug-erbridge", "gcc:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", "debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -191,18 +191,18 @@ my %table=( "debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-geoff32","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-geoff64","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", -"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", -"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o::des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o:e_padlock-x86.o:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", +"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", +"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o::des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o:e_padlock-x86.o:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", "dist", "cc:-O::(unknown)::::::", "debug-test-64-clang", "clang:$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "darwin64-debug-test-64-clang", "clang:-arch x86_64 -DL_ENDIAN $gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:MACOSX::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", @@ -260,16 +260,16 @@ my %table=( #### IRIX 5.x configs # -mips2 flag is added by ./config when appropriate. -"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"irix-gcc","gcc:-O3 -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"irix-cc", "cc:-O2 -use_readonly_const -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### IRIX 6.x configs # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke # './Configure irix-cc -o32' manually. -"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", -"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", +"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", +"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", # N64 ABI builds. -"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", #### Unified HP-UX ANSI C configs. # Special notes: @@ -349,8 +349,8 @@ my %table=( #### # *-generic* is endian-neutral target, but ./config is free to # throw in -D[BL]_ENDIAN, whichever appropriate... -"linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-ppc", "gcc:-DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ####################################################################### # Note that -march is not among compiler options in below linux-armv4 @@ -379,30 +379,30 @@ my %table=( # # ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8 # -"linux-armv4", "gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-aarch64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-aarch64","gcc: -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # Configure script adds minimally required -march for assembly support, # if no -march was specified at command line. mips32 and mips64 below # refer to contemporary MIPS Architecture specifications, MIPS32 and # MIPS64, rather than to kernel bitness. -"linux-mips32", "gcc:-mabi=32 -DTERMIO -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-mips64", "gcc:-mabi=n32 -DTERMIO -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:n32:dlfcn:linux-shared:-fPIC:-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", -"linux64-mips64", "gcc:-mabi=64 -DTERMIO -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux-mips32", "gcc:-mabi=32 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-mips64", "gcc:-mabi=n32 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:n32:dlfcn:linux-shared:-fPIC:-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", +"linux64-mips64", "gcc:-mabi=64 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", #### IA-32 targets... -"linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2::-D_REENTRANT::-ldl -no_cpprt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out", +"linux-ia32-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-aout", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out", #### -"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"linux-ppc64le","gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:$ppc64_asm:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::", -"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"linux-x86_64-clang", "clang: -m64 -DL_ENDIAN -DTERMIO -O3 -Weverything $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"linux-x86_64-icc", "icc:-DL_ENDIAN -DTERMIO -O2::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"linux-x32", "gcc:-mx32 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32:", -"linux64-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux-generic64","gcc:-O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-ppc64", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux-ppc64le","gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:$ppc64_asm:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::", +"linux-ia64", "gcc:-DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux-x86_64-clang", "clang: -m64 -DL_ENDIAN -O3 -Weverything $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux-x86_64-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux-x32", "gcc:-mx32 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32:", +"linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", #### So called "highgprs" target for z/Architecture CPUs # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see # /proc/cpuinfo. The idea is to preserve most significant bits of @@ -416,16 +416,16 @@ my %table=( # ldconfig and run-time linker to autodiscover. Unfortunately it # doesn't work just yet, because of couple of bugs in glibc # sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1... -"linux32-s390x", "gcc:-m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs", +"linux32-s390x", "gcc:-m31 -Wa,-mzarch -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs", #### SPARC Linux setups # Ray Miller has patiently # assisted with debugging of following two configs. -"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # it's a real mess with -mcpu=ultrasparc option under Linux, but # -Wa,-Av8plus should do the trick no matter what. -"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # GCC 3.1 is a requirement -"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", #### Alpha Linux with GNU C and Compaq C setups # Special notes: # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you @@ -439,34 +439,34 @@ my %table=( # # # -"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", -"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", +"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", +"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", # # TI_CGT_C6000_7.3.x is a requirement "linux-c64xplus","cl6x:--linux -ea=.s -eo=.o -mv6400+ -o2 -ox -ms -pden -DOPENSSL_SMALL_FOOTPRINT::-D_REENTRANT:::BN_LLONG:c64xpluscpuid.o:bn-c64xplus.o c64xplus-gf2m.o:::aes-c64xplus.o aes_cbc.o aes_ctr.o:::sha1-c64xplus.o sha256-c64xplus.o sha512-c64xplus.o::rc4-c64xplus.o:::::ghash-c64xplus.o::void:dlfcn:linux-shared:--pic:-z --sysv --shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):true", -# Android: linux-* but without -DTERMIO and pointers to headers and libs. +# Android: linux-* but without pointers to headers and libs. "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "android-armv7","gcc:-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "android-mips","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### *BSD [do see comment about ${BSDthreads} above!] -"BSD-generic32","gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-x86-elf", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-BSD-x86-elf", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-sparcv8", "gcc:-DB_ENDIAN -DTERMIOS -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-generic32","gcc:-O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-x86", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-sparcv8", "gcc:-DB_ENDIAN -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-generic64","gcc:-DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-generic64","gcc:-O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it # simply *happens* to work around a compiler bug in gcc 3.3.3, # triggered by RIPEMD160 code. -"BSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-ia64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-x86_64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-sparc64", "gcc:-DB_ENDIAN -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-ia64", "gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-x86_64", "gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -475,8 +475,8 @@ my %table=( # QNX "qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:", -"QNX6", "gcc:-DTERMIOS::::-lsocket::${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"QNX6-i386", "gcc:-DL_ENDIAN -DTERMIOS -O2 -Wall::::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"QNX6", "gcc:::::-lsocket::${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"QNX6-i386", "gcc:-DL_ENDIAN -O2 -Wall::::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### SCO/Caldera targets. # @@ -508,7 +508,7 @@ my %table=( "aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:$ppc64_asm:aix64:dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64", # SIEMENS BS2000/OSD: an EBCDIC-based mainframe -"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::", +"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::", # OS/390 Unix an EBCDIC-based Unix system on IBM mainframe # You need to compile using the c89.sh wrapper in the tools directory, because the @@ -550,11 +550,11 @@ my %table=( "mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE::-D_MT:MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a", # UWIN -"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", +"UWIN", "cc:-DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", # Cygwin -"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:coff:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", -"Cygwin-x86_64", "gcc:-DTERMIOS -DL_ENDIAN -O3 -Wall:::CYGWIN::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:mingw64:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", +"Cygwin", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:coff:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", +"Cygwin-x86_64", "gcc:-DL_ENDIAN -O3 -Wall:::CYGWIN::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:mingw64:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", # NetWare from David Ward (dsward at novell.com) # requires either MetroWerks NLM development tools, or gcc / nlmconv @@ -572,7 +572,7 @@ my %table=( "netware-libc-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYS_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::", # DJGPP -"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:", +"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:", # Ultrix from Bernhard Simon "ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::", @@ -610,7 +610,7 @@ my %table=( "aux3-gcc","gcc:-O2 -DTERMIO::(unknown):AUX:-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::", ##### GNU Hurd -"hurd-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC", +"hurd-x86", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC", ##### OS/2 EMX "OS2-EMX", "gcc::::::::", diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c index b033a30..2ee9658 100644 --- a/crypto/ui/ui_openssl.c +++ b/crypto/ui/ui_openssl.c @@ -178,43 +178,36 @@ /* * There are 5 types of terminal interface supported, TERMIO, TERMIOS, VMS, - * MSDOS and SGTTY + * MSDOS and SGTTY. + * + * If someone defines one of the macros TERMIO, TERMIOS or SGTTY, it will + * remain respected. Otherwise, we default to TERMIOS except for a few + * systems that require something different. + * + * Note: we do not use SGTTY unless it's defined by the configuration. We + * may eventually opt to remove it's use entirely. */ -#if defined(__sgi) && !defined(TERMIOS) -# define TERMIOS -# undef TERMIO -# undef SGTTY -#endif - -#if defined(linux) && !defined(TERMIO) -# undef TERMIOS -# define TERMIO -# undef SGTTY -#endif - -#ifdef _LIBC -# undef TERMIOS -# define TERMIO -# undef SGTTY -#endif - -#if !defined(TERMIO) && !defined(TERMIOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_MSDOS) && !defined(MAC_OS_GUSI_SOURCE) -# undef TERMIOS -# undef TERMIO -# define SGTTY -#endif +#if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY) -#if defined(OPENSSL_SYS_VXWORKS) -# undef TERMIOS -# undef TERMIO -# undef SGTTY -#endif +# if defined(_LIBC) +# undef TERMIOS +# define TERMIO +# undef SGTTY +/* + * We know that VMS, MSDOS, VXWORKS, NETWARE use entirely other mechanisms. + * MAC_OS_GUSI_SOURCE should probably go away, but that needs to be confirmed. + */ +# elif !defined(OPENSSL_SYS_VMS) \ + && !defined(OPENSSL_SYS_MSDOS) \ + && !defined(MAC_OS_GUSI_SOURCE) \ + && !defined(OPENSSL_SYS_VXWORKS) \ + && !defined(OPENSSL_SYS_NETWARE) +# define TERMIOS +# undef TERMIO +# undef SGTTY +# endif -#if defined(OPENSSL_SYS_NETWARE) -# undef TERMIOS -# undef TERMIO -# undef SGTTY #endif #ifdef TERMIOS From levitte at openssl.org Sun Feb 22 07:11:07 2015 From: levitte at openssl.org (Richard Levitte) Date: Sun, 22 Feb 2015 08:11:07 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150222071107.F19251DF124@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via 458a55af16b6b15c0b647a69b7d54a2c30f751b3 (commit) from 681da86ebb46ef9ef769d0ea4ea61987ca4e96bc (commit) - Log ----------------------------------------------------------------- commit 458a55af16b6b15c0b647a69b7d54a2c30f751b3 Author: Richard Levitte Date: Thu Feb 12 11:41:48 2015 +0100 Assume TERMIOS is default, remove TERMIO on all Linux. The rationale for this move is that TERMIOS is default, supported by POSIX-1.2001, and most definitely on Linux. For a few other systems, TERMIO may still be the termnial interface of preference, so we keep -DTERMIO on those in Configure. crypto/ui/ui_openssl.c is simplified in this regard, and will define TERMIOS for all systems except a select few exceptions. Reviewed-by: Matt Caswell (cherry picked from commit 64e6bf64b36136d487e2fbf907f09612e69ae911) Conflicts: Configure crypto/ui/ui_openssl.c ----------------------------------------------------------------------- Summary of changes: Configure | 120 ++++++++++++++++++++++++------------------------ crypto/ui/ui_openssl.c | 60 +++++++++++------------- 2 files changed, 87 insertions(+), 93 deletions(-) diff --git a/Configure b/Configure index 3cf4a7a..8f8ca55 100755 --- a/Configure +++ b/Configure @@ -188,18 +188,18 @@ my %table=( "debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-geoff32","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-geoff64","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", -"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", -"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o::des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o::elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", +"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", +"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o::des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o::elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", "dist", "cc:-O::(unknown)::::::", # Basic configs that should work on any (32 and less bit) box @@ -259,16 +259,16 @@ my %table=( #### IRIX 5.x configs # -mips2 flag is added by ./config when appropriate. -"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"irix-gcc","gcc:-O3 -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"irix-cc", "cc:-O2 -use_readonly_const -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### IRIX 6.x configs # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke # './Configure irix-cc -o32' manually. -"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", -"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", +"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", +"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", # N64 ABI builds. -"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", #### Unified HP-UX ANSI C configs. # Special notes: @@ -348,8 +348,8 @@ my %table=( #### # *-generic* is endian-neutral target, but ./config is free to # throw in -D[BL]_ENDIAN, whichever appropriate... -"linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-ppc", "gcc:-DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ####################################################################### # Note that -march is not among compiler options in below linux-armv4 @@ -378,30 +378,30 @@ my %table=( # # ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8 # -"linux-armv4", "gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-aarch64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-aarch64","gcc: -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # Configure script adds minimally required -march for assembly support, # if no -march was specified at command line. mips32 and mips64 below # refer to contemporary MIPS Architecture specifications, MIPS32 and # MIPS64, rather than to kernel bitness. -"linux-mips32", "gcc:-mabi=32 -DTERMIO -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-mips64", "gcc:-mabi=n32 -DTERMIO -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:n32:dlfcn:linux-shared:-fPIC:-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", -"linux64-mips64", "gcc:-mabi=64 -DTERMIO -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux-mips32", "gcc:-mabi=32 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-mips64", "gcc:-mabi=n32 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:n32:dlfcn:linux-shared:-fPIC:-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", +"linux64-mips64", "gcc:-mabi=64 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", #### IA-32 targets... -"linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2::-D_REENTRANT::-ldl -no_cpprt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out", +"linux-ia32-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-aout", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out", #### -"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"linux-ppc64le","gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:$ppc64_asm:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::", +"linux-generic64","gcc:-O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-ppc64", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux-ppc64le","gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:$ppc64_asm:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::", "linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"linux-x86_64-clang", "clang: -m64 -DL_ENDIAN -DTERMIO -O3 -Weverything $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"linux-x86_64-icc", "icc:-DL_ENDIAN -DTERMIO -O2::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"linux-x32", "gcc:-mx32 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32", -"linux64-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux-x86_64-clang", "clang: -m64 -DL_ENDIAN -O3 -Weverything $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux-x86_64-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux-x32", "gcc:-mx32 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32", +"linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", #### So called "highgprs" target for z/Architecture CPUs # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see # /proc/cpuinfo. The idea is to preserve most significant bits of @@ -415,16 +415,16 @@ my %table=( # ldconfig and run-time linker to autodiscover. Unfortunately it # doesn't work just yet, because of couple of bugs in glibc # sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1... -"linux32-s390x", "gcc:-m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs", +"linux32-s390x", "gcc:-m31 -Wa,-mzarch -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs", #### SPARC Linux setups # Ray Miller has patiently # assisted with debugging of following two configs. -"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # it's a real mess with -mcpu=ultrasparc option under Linux, but # -Wa,-Av8plus should do the trick no matter what. -"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # GCC 3.1 is a requirement -"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", #### Alpha Linux with GNU C and Compaq C setups # Special notes: # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you @@ -438,31 +438,31 @@ my %table=( # # # -"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", -"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", +"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", +"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", -# Android: linux-* but without -DTERMIO and pointers to headers and libs. +# Android: linux-* but without pointers to headers and libs. "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "android-armv7","gcc:-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "android-mips","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### *BSD [do see comment about ${BSDthreads} above!] -"BSD-generic32","gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-x86-elf", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-BSD-x86-elf", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-sparcv8", "gcc:-DB_ENDIAN -DTERMIOS -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-generic32","gcc:-O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-x86", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-sparcv8", "gcc:-DB_ENDIAN -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-generic64","gcc:-DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-generic64","gcc:-O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it # simply *happens* to work around a compiler bug in gcc 3.3.3, # triggered by RIPEMD160 code. -"BSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-ia64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-x86_64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-sparc64", "gcc:-DB_ENDIAN -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-ia64", "gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-x86_64", "gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -474,8 +474,8 @@ my %table=( # QNX "qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:", -"QNX6", "gcc:-DTERMIOS::::-lsocket::${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"QNX6-i386", "gcc:-DL_ENDIAN -DTERMIOS -O2 -Wall::::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"QNX6", "gcc:::::-lsocket::${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"QNX6-i386", "gcc:-DL_ENDIAN -O2 -Wall::::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # BeOS "beos-x86-r5", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT:BEOS:-lbe -lnet:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:beos:beos-shared:-fPIC -DPIC:-shared:.so", @@ -548,7 +548,7 @@ my %table=( "SINIX-N","/usr/ucb/cc:-O2 -misaligned::(unknown)::-lucb:RC4_INDEX RC4_CHAR:::", # SIEMENS BS2000/OSD: an EBCDIC-based mainframe -"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::", +"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::", # OS/390 Unix an EBCDIC-based Unix system on IBM mainframe # You need to compile using the c89.sh wrapper in the tools directory, because the @@ -585,11 +585,11 @@ my %table=( "mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE::-D_MT:MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a", # UWIN -"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", +"UWIN", "cc:-DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", # Cygwin -"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:coff:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", -"Cygwin-x86_64", "gcc:-DTERMIOS -DL_ENDIAN -O3 -Wall:::CYGWIN::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:mingw64:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", +"Cygwin", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:coff:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", +"Cygwin-x86_64", "gcc:-DL_ENDIAN -O3 -Wall:::CYGWIN::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:mingw64:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", # NetWare from David Ward (dsward at novell.com) # requires either MetroWerks NLM development tools, or gcc / nlmconv @@ -607,7 +607,7 @@ my %table=( "netware-libc-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::", # DJGPP -"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:", +"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:", # Ultrix from Bernhard Simon "ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::", @@ -634,7 +634,7 @@ my %table=( "newsos4-gcc","gcc:-O -DB_ENDIAN::(unknown):NEWS4:-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::", ##### GNU Hurd -"hurd-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC", +"hurd-x86", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC", ##### OS/2 EMX "OS2-EMX", "gcc::::::::", diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c index 8bda83c..5d66276 100644 --- a/crypto/ui/ui_openssl.c +++ b/crypto/ui/ui_openssl.c @@ -185,43 +185,37 @@ /* * There are 5 types of terminal interface supported, TERMIO, TERMIOS, VMS, - * MSDOS and SGTTY + * MSDOS and SGTTY. + * + * If someone defines one of the macros TERMIO, TERMIOS or SGTTY, it will + * remain respected. Otherwise, we default to TERMIOS except for a few + * systems that require something different. + * + * Note: we do not use SGTTY unless it's defined by the configuration. We + * may eventually opt to remove it's use entirely. */ -#if defined(__sgi) && !defined(TERMIOS) -# define TERMIOS -# undef TERMIO -# undef SGTTY -#endif - -#if defined(linux) && !defined(TERMIO) -# undef TERMIOS -# define TERMIO -# undef SGTTY -#endif - -#ifdef _LIBC -# undef TERMIOS -# define TERMIO -# undef SGTTY -#endif +#if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY) -#if !defined(TERMIO) && !defined(TERMIOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(MAC_OS_GUSI_SOURCE) -# undef TERMIOS -# undef TERMIO -# define SGTTY -#endif - -#if defined(OPENSSL_SYS_VXWORKS) -# undef TERMIOS -# undef TERMIO -# undef SGTTY -#endif +# if defined(_LIBC) +# undef TERMIOS +# define TERMIO +# undef SGTTY +/* + * We know that VMS, MSDOS, VXWORKS, NETWARE use entirely other mechanisms. + * MAC_OS_GUSI_SOURCE should probably go away, but that needs to be confirmed. + */ +# elif !defined(OPENSSL_SYS_VMS) \ + && !defined(OPENSSL_SYS_MSDOS) \ + && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) \ + && !defined(MAC_OS_GUSI_SOURCE) \ + && !defined(OPENSSL_SYS_VXWORKS) \ + && !defined(OPENSSL_SYS_NETWARE) +# define TERMIOS +# undef TERMIO +# undef SGTTY +# endif -#if defined(OPENSSL_SYS_NETWARE) -# undef TERMIOS -# undef TERMIO -# undef SGTTY #endif #ifdef TERMIOS From levitte at openssl.org Sun Feb 22 08:15:39 2015 From: levitte at openssl.org (Richard Levitte) Date: Sun, 22 Feb 2015 09:15:39 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <20150222081540.553B11DF124@butler.localdomain> The branch OpenSSL_1_0_1-stable has been updated via aafdbbc4691f8eb54dcbd3d575f9c0bf64e0ce67 (commit) from a9ea906654c616908f1195f1396c5bf5cf7fe646 (commit) - Log ----------------------------------------------------------------- commit aafdbbc4691f8eb54dcbd3d575f9c0bf64e0ce67 Author: Richard Levitte Date: Thu Feb 12 11:41:48 2015 +0100 Assume TERMIOS is default, remove TERMIO on all Linux. The rationale for this move is that TERMIOS is default, supported by POSIX-1.2001, and most definitely on Linux. For a few other systems, TERMIO may still be the termnial interface of preference, so we keep -DTERMIO on those in Configure. crypto/ui/ui_openssl.c is simplified in this regard, and will define TERMIOS for all systems except a select few exceptions. Reviewed-by: Matt Caswell (cherry picked from commit 64e6bf64b36136d487e2fbf907f09612e69ae911) Conflicts: Configure crypto/ui/ui_openssl.c ----------------------------------------------------------------------- Summary of changes: Configure | 112 ++++++++++++++++++++++++------------------------ crypto/ui/ui_openssl.c | 60 ++++++++++++-------------- 2 files changed, 83 insertions(+), 89 deletions(-) diff --git a/Configure b/Configure index 541be9e..e539ab4 100755 --- a/Configure +++ b/Configure @@ -185,18 +185,18 @@ my %table=( "debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-geoff32","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-geoff64","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", -"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", -"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o::elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", +"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", +"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o::elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", "dist", "cc:-O::(unknown)::::::", # Basic configs that should work on any (32 and less bit) box @@ -256,16 +256,16 @@ my %table=( #### IRIX 5.x configs # -mips2 flag is added by ./config when appropriate. -"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"irix-gcc","gcc:-O3 -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"irix-cc", "cc:-O2 -use_readonly_const -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### IRIX 6.x configs # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke # './Configure irix-cc -o32' manually. -"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", -"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", +"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", +"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", # N64 ABI builds. -"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", #### Unified HP-UX ANSI C configs. # Special notes: @@ -345,23 +345,23 @@ my %table=( #### # *-generic* is endian-neutral target, but ./config is free to # throw in -D[BL]_ENDIAN, whichever appropriate... -"linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-ppc", "gcc:-DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # It's believed that majority of ARM toolchains predefine appropriate -march. # If you compiler does not, do complement config command line with one! -"linux-armv4", "gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-armv4", "gcc:-O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### IA-32 targets... -"linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out", +"linux-ia32-icc", "icc:-DL_ENDIAN -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-aout", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out", #### -"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"linux64-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux-generic64","gcc:-O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-ppc64", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux-ia64", "gcc:-DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-ia64-ecc","ecc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", #### So called "highgprs" target for z/Architecture CPUs # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see # /proc/cpuinfo. The idea is to preserve most significant bits of @@ -375,16 +375,16 @@ my %table=( # ldconfig and run-time linker to autodiscover. Unfortunately it # doesn't work just yet, because of couple of bugs in glibc # sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1... -"linux32-s390x", "gcc:-m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs", +"linux32-s390x", "gcc:-m31 -Wa,-mzarch -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs", #### SPARC Linux setups # Ray Miller has patiently # assisted with debugging of following two configs. -"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # it's a real mess with -mcpu=ultrasparc option under Linux, but # -Wa,-Av8plus should do the trick no matter what. -"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # GCC 3.1 is a requirement -"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", #### Alpha Linux with GNU C and Compaq C setups # Special notes: # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you @@ -398,30 +398,30 @@ my %table=( # # # -"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", -"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", +"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", +"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", -# Android: linux-* but without -DTERMIO and pointers to headers and libs. +# Android: linux-* but without pointers to headers and libs. "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "android-armv7","gcc:-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### *BSD [do see comment about ${BSDthreads} above!] -"BSD-generic32","gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-x86-elf", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-BSD-x86-elf", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-sparcv8", "gcc:-DB_ENDIAN -DTERMIOS -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-generic32","gcc:-O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-x86", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-sparcv8", "gcc:-DB_ENDIAN -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-generic64","gcc:-DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-generic64","gcc:-O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it # simply *happens* to work around a compiler bug in gcc 3.3.3, # triggered by RIPEMD160 code. -"BSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-ia64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-x86_64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-sparc64", "gcc:-DB_ENDIAN -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-ia64", "gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-x86_64", "gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -433,8 +433,8 @@ my %table=( # QNX "qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:", -"QNX6", "gcc:-DTERMIOS::::-lsocket::${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"QNX6-i386", "gcc:-DL_ENDIAN -DTERMIOS -O2 -Wall::::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"QNX6", "gcc:::::-lsocket::${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"QNX6-i386", "gcc:-DL_ENDIAN -O2 -Wall::::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # BeOS "beos-x86-r5", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT:BEOS:-lbe -lnet:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:beos:beos-shared:-fPIC -DPIC:-shared:.so", @@ -507,7 +507,7 @@ my %table=( "SINIX-N","/usr/ucb/cc:-O2 -misaligned::(unknown)::-lucb:RC4_INDEX RC4_CHAR:::", # SIEMENS BS2000/OSD: an EBCDIC-based mainframe -"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::", +"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::", # OS/390 Unix an EBCDIC-based Unix system on IBM mainframe # You need to compile using the c89.sh wrapper in the tools directory, because the @@ -544,12 +544,12 @@ my %table=( "mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE::-D_MT:MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a", # UWIN -"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", +"UWIN", "cc:-DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", # Cygwin -"Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", -"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:coff:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", -"debug-Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::CYGWIN32:::${no_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", +"Cygwin-pre1.3", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", +"Cygwin", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:coff:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", +"debug-Cygwin", "gcc:-DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::CYGWIN32:::${no_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", # NetWare from David Ward (dsward at novell.com) # requires either MetroWerks NLM development tools, or gcc / nlmconv @@ -567,7 +567,7 @@ my %table=( "netware-libc-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::", # DJGPP -"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:", +"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:", # Ultrix from Bernhard Simon "ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::", @@ -593,7 +593,7 @@ my %table=( "newsos4-gcc","gcc:-O -DB_ENDIAN::(unknown):NEWS4:-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::", ##### GNU Hurd -"hurd-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC", +"hurd-x86", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC", ##### OS/2 EMX "OS2-EMX", "gcc::::::::", diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c index 8bda83c..829ea86 100644 --- a/crypto/ui/ui_openssl.c +++ b/crypto/ui/ui_openssl.c @@ -185,43 +185,37 @@ /* * There are 5 types of terminal interface supported, TERMIO, TERMIOS, VMS, - * MSDOS and SGTTY + * MSDOS and SGTTY. + * + * If someone defines one of the macros TERMIO, TERMIOS or SGTTY, it will + * remain respected. Otherwise, we default to TERMIOS except for a few + * systems that require something different. + * + * Note: we do not use SGTTY unless it's defined by the configuration. We + * may eventually opt to remove it's use entirely. */ -#if defined(__sgi) && !defined(TERMIOS) -# define TERMIOS -# undef TERMIO -# undef SGTTY -#endif - -#if defined(linux) && !defined(TERMIO) -# undef TERMIOS -# define TERMIO -# undef SGTTY -#endif - -#ifdef _LIBC -# undef TERMIOS -# define TERMIO -# undef SGTTY -#endif +#if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY) -#if !defined(TERMIO) && !defined(TERMIOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(MAC_OS_GUSI_SOURCE) -# undef TERMIOS -# undef TERMIO -# define SGTTY -#endif - -#if defined(OPENSSL_SYS_VXWORKS) -# undef TERMIOS -# undef TERMIO -# undef SGTTY -#endif +# if defined(_LIBC) +# undef TERMIOS +# define TERMIO +# undef SGTTY +/* + * We know that VMS, MSDOS, VXWORKS, NETWARE use entirely other mechanisms. + * MAC_OS_GUSI_SOURCE should probably go away, but that needs to be confirmed. + */ +# elif !defined(OPENSSL_SYS_VMS) \ + && !defined(OPENSSL_SYS_MSDOS) \ + && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) \ + && !defined(MAC_OS_GUSI_SOURCE) \ + && !defined(OPENSSL_SYS_VXWORKS) \ + && !defined(OPENSSL_SYS_NETWARE) +# define TERMIOS +# undef TERMIO +# undef SGTTY +# endif -#if defined(OPENSSL_SYS_NETWARE) -# undef TERMIOS -# undef TERMIO -# undef SGTTY #endif #ifdef TERMIOS From levitte at openssl.org Sun Feb 22 08:36:26 2015 From: levitte at openssl.org (Richard Levitte) Date: Sun, 22 Feb 2015 09:36:26 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150222083626.DC6D01DF124@butler.localdomain> The branch master has been updated via ba4bdee7184a5cea5bef8739eb360e5c2bc3b52c (commit) from 64e6bf64b36136d487e2fbf907f09612e69ae911 (commit) - Log ----------------------------------------------------------------- commit ba4bdee7184a5cea5bef8739eb360e5c2bc3b52c Author: Richard Levitte Date: Sun Feb 22 08:27:36 2015 +0100 Restore -DTERMIO/-DTERMIOS on Windows platforms. The previous defaulting to TERMIOS took away -DTERMIOS / -DTERMIO a bit too enthusiastically. Windows/DOSish platforms of all sorts get identified as OPENSSL_SYS_MSDOS, and they get a different treatment altogether UNLESS -DTERMIO or -DTERMIOS is explicitely given with the configuration. The answer is to restore those macro definitions for the affected configuration targets. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: Configure | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Configure b/Configure index 90e20a8..1ea3a60 100755 --- a/Configure +++ b/Configure @@ -550,11 +550,11 @@ my %table=( "mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE::-D_MT:MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a", # UWIN -"UWIN", "cc:-DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", +"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", # Cygwin -"Cygwin", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:coff:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", -"Cygwin-x86_64", "gcc:-DL_ENDIAN -O3 -Wall:::CYGWIN::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:mingw64:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", +"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:coff:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", +"Cygwin-x86_64", "gcc:-DTERMIOS -DL_ENDIAN -O3 -Wall:::CYGWIN::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:mingw64:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", # NetWare from David Ward (dsward at novell.com) # requires either MetroWerks NLM development tools, or gcc / nlmconv @@ -572,7 +572,7 @@ my %table=( "netware-libc-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYS_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::", # DJGPP -"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:", +"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIO -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:", # Ultrix from Bernhard Simon "ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::", From levitte at openssl.org Sun Feb 22 08:39:07 2015 From: levitte at openssl.org (Richard Levitte) Date: Sun, 22 Feb 2015 09:39:07 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150222083907.E94301DF124@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via 7f3563b576c0cf6fe6621f1d2dd92ec67d7e58e2 (commit) from 458a55af16b6b15c0b647a69b7d54a2c30f751b3 (commit) - Log ----------------------------------------------------------------- commit 7f3563b576c0cf6fe6621f1d2dd92ec67d7e58e2 Author: Richard Levitte Date: Sun Feb 22 08:27:36 2015 +0100 Restore -DTERMIO/-DTERMIOS on Windows platforms. The previous defaulting to TERMIOS took away -DTERMIOS / -DTERMIO a bit too enthusiastically. Windows/DOSish platforms of all sorts get identified as OPENSSL_SYS_MSDOS, and they get a different treatment altogether UNLESS -DTERMIO or -DTERMIOS is explicitely given with the configuration. The answer is to restore those macro definitions for the affected configuration targets. Reviewed-by: Tim Hudson (cherry picked from commit ba4bdee7184a5cea5bef8739eb360e5c2bc3b52c) Conflicts: Configure ----------------------------------------------------------------------- Summary of changes: Configure | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Configure b/Configure index 8f8ca55..f776e23 100755 --- a/Configure +++ b/Configure @@ -585,11 +585,11 @@ my %table=( "mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE::-D_MT:MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a", # UWIN -"UWIN", "cc:-DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", +"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", # Cygwin -"Cygwin", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:coff:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", -"Cygwin-x86_64", "gcc:-DL_ENDIAN -O3 -Wall:::CYGWIN::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:mingw64:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", +"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:coff:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", +"Cygwin-x86_64", "gcc:-DTERMIOS -DL_ENDIAN -O3 -Wall:::CYGWIN::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:mingw64:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", # NetWare from David Ward (dsward at novell.com) # requires either MetroWerks NLM development tools, or gcc / nlmconv @@ -607,7 +607,7 @@ my %table=( "netware-libc-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::", # DJGPP -"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:", +"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIO -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:", # Ultrix from Bernhard Simon "ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::", From levitte at openssl.org Sun Feb 22 08:42:19 2015 From: levitte at openssl.org (Richard Levitte) Date: Sun, 22 Feb 2015 09:42:19 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <20150222084219.E7E981DF124@butler.localdomain> The branch OpenSSL_1_0_1-stable has been updated via e961fa4479cf90a58bc3d3f0db9f1d0385da866f (commit) from aafdbbc4691f8eb54dcbd3d575f9c0bf64e0ce67 (commit) - Log ----------------------------------------------------------------- commit e961fa4479cf90a58bc3d3f0db9f1d0385da866f Author: Richard Levitte Date: Sun Feb 22 08:27:36 2015 +0100 Restore -DTERMIO/-DTERMIOS on Windows platforms. The previous defaulting to TERMIOS took away -DTERMIOS / -DTERMIO a bit too enthusiastically. Windows/DOSish platforms of all sorts get identified as OPENSSL_SYS_MSDOS, and they get a different treatment altogether UNLESS -DTERMIO or -DTERMIOS is explicitely given with the configuration. The answer is to restore those macro definitions for the affected configuration targets. Reviewed-by: Tim Hudson (cherry picked from commit ba4bdee7184a5cea5bef8739eb360e5c2bc3b52c) Conflicts: Configure ----------------------------------------------------------------------- Summary of changes: Configure | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Configure b/Configure index e539ab4..d7ecf97 100755 --- a/Configure +++ b/Configure @@ -544,12 +544,12 @@ my %table=( "mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE::-D_MT:MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a", # UWIN -"UWIN", "cc:-DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", +"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", # Cygwin -"Cygwin-pre1.3", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", -"Cygwin", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:coff:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", -"debug-Cygwin", "gcc:-DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::CYGWIN32:::${no_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", +"Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", +"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:coff:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", +"debug-Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::CYGWIN32:::${no_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", # NetWare from David Ward (dsward at novell.com) # requires either MetroWerks NLM development tools, or gcc / nlmconv @@ -567,7 +567,7 @@ my %table=( "netware-libc-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::", # DJGPP -"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:", +"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIO -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:", # Ultrix from Bernhard Simon "ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::", From kurt at openssl.org Sun Feb 22 12:22:28 2015 From: kurt at openssl.org (Kurt Roeckx) Date: Sun, 22 Feb 2015 13:22:28 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150222122228.9B1691DF124@butler.localdomain> The branch master has been updated via bcfa19a8d19506c26b5f8d9d9934ca2aa5f96b43 (commit) via edac5dc220d494dff7ee259dfd84335ffa50e938 (commit) via 1549a265209d449b6aefd2b49d7d39f7fbe0689b (commit) from ba4bdee7184a5cea5bef8739eb360e5c2bc3b52c (commit) - Log ----------------------------------------------------------------- commit bcfa19a8d19506c26b5f8d9d9934ca2aa5f96b43 Author: Edgar Pek Date: Sat Feb 21 14:56:41 2015 +0100 Fix null-pointer dereference Signed-off-by: Kurt Roeckx Reviewed-by: Richard Levitte commit edac5dc220d494dff7ee259dfd84335ffa50e938 Author: Kurt Roeckx Date: Sat Feb 21 14:51:50 2015 +0100 Fix memory leak Reviewed-by: Matt Caswell commit 1549a265209d449b6aefd2b49d7d39f7fbe0689b Author: Doug Hogan Date: Wed Jan 7 18:21:01 2015 -0800 Avoid a double-free in an error path. Signed-off-by: Kurt Roeckx Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/dh/dh_ameth.c | 2 ++ engines/e_ubsec.c | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index 2ead91f..14d291f 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -248,6 +248,7 @@ static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) DHerr(DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR); dherr: DH_free(dh); + ASN1_INTEGER_free(privkey); return 0; } @@ -283,6 +284,7 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) dplen = i2d_ASN1_INTEGER(prkey, &dp); ASN1_INTEGER_free(prkey); + prkey = NULL; if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0, V_ASN1_SEQUENCE, params, dp, dplen)) diff --git a/engines/e_ubsec.c b/engines/e_ubsec.c index 2d6331d..6f09ffb 100644 --- a/engines/e_ubsec.c +++ b/engines/e_ubsec.c @@ -967,11 +967,11 @@ static int ubsec_dh_generate_key(DH *dh) if (dh->pub_key == NULL) { pub_key = BN_new(); + if (pub_key == NULL) + goto err; pub_key_len = BN_num_bits(dh->p); if (bn_wexpand(pub_key, dh->p->top) == NULL) goto err; - if (pub_key == NULL) - goto err; } else { pub_key = dh->pub_key; } From kurt at openssl.org Sun Feb 22 12:26:56 2015 From: kurt at openssl.org (Kurt Roeckx) Date: Sun, 22 Feb 2015 13:26:56 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150222122656.4A9BD1DF124@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via 98e6f0790111715877ffa1b08c93e44cc0b402e9 (commit) via f95519538a0ed412dc56e091fb28dbfbc48babe8 (commit) via 79e2e927e6e904a4b15e35c64eeb1461630cfe49 (commit) from 7f3563b576c0cf6fe6621f1d2dd92ec67d7e58e2 (commit) - Log ----------------------------------------------------------------- commit 98e6f0790111715877ffa1b08c93e44cc0b402e9 Author: Edgar Pek Date: Sat Feb 21 14:56:41 2015 +0100 Fix null-pointer dereference Signed-off-by: Kurt Roeckx Reviewed-by: Richard Levitte (cherry picked from commit bcfa19a8d19506c26b5f8d9d9934ca2aa5f96b43) commit f95519538a0ed412dc56e091fb28dbfbc48babe8 Author: Kurt Roeckx Date: Sat Feb 21 14:51:50 2015 +0100 Fix memory leak Reviewed-by: Matt Caswell (cherry picked from commit edac5dc220d494dff7ee259dfd84335ffa50e938) commit 79e2e927e6e904a4b15e35c64eeb1461630cfe49 Author: Doug Hogan Date: Wed Jan 7 18:21:01 2015 -0800 Avoid a double-free in an error path. Signed-off-by: Kurt Roeckx Reviewed-by: Matt Caswell (cherry picked from commit 1549a265209d449b6aefd2b49d7d39f7fbe0689b) ----------------------------------------------------------------------- Summary of changes: crypto/dh/dh_ameth.c | 2 ++ engines/e_ubsec.c | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index a8349e7..f32d376 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -248,6 +248,7 @@ static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) DHerr(DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR); dherr: DH_free(dh); + ASN1_INTEGER_free(privkey); return 0; } @@ -283,6 +284,7 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) dplen = i2d_ASN1_INTEGER(prkey, &dp); ASN1_INTEGER_free(prkey); + prkey = NULL; if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0, V_ASN1_SEQUENCE, params, dp, dplen)) diff --git a/engines/e_ubsec.c b/engines/e_ubsec.c index 2d6331d..6f09ffb 100644 --- a/engines/e_ubsec.c +++ b/engines/e_ubsec.c @@ -967,11 +967,11 @@ static int ubsec_dh_generate_key(DH *dh) if (dh->pub_key == NULL) { pub_key = BN_new(); + if (pub_key == NULL) + goto err; pub_key_len = BN_num_bits(dh->p); if (bn_wexpand(pub_key, dh->p->top) == NULL) goto err; - if (pub_key == NULL) - goto err; } else { pub_key = dh->pub_key; } From kurt at openssl.org Sun Feb 22 12:30:33 2015 From: kurt at openssl.org (Kurt Roeckx) Date: Sun, 22 Feb 2015 13:30:33 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <20150222123033.D62541DF124@butler.localdomain> The branch OpenSSL_1_0_1-stable has been updated via e347d80287f18fce0db4571d5ee7285f1b14b82b (commit) via 9e7a5464d74917d9eb22305d3505895678b5b3c5 (commit) via e224c45317b8a78ff52a121aac30ffc1499410c8 (commit) from e961fa4479cf90a58bc3d3f0db9f1d0385da866f (commit) - Log ----------------------------------------------------------------- commit e347d80287f18fce0db4571d5ee7285f1b14b82b Author: Edgar Pek Date: Sat Feb 21 14:56:41 2015 +0100 Fix null-pointer dereference Signed-off-by: Kurt Roeckx Reviewed-by: Richard Levitte (cherry picked from commit bcfa19a8d19506c26b5f8d9d9934ca2aa5f96b43) commit 9e7a5464d74917d9eb22305d3505895678b5b3c5 Author: Kurt Roeckx Date: Sat Feb 21 14:51:50 2015 +0100 Fix memory leak Reviewed-by: Matt Caswell (cherry picked from commit edac5dc220d494dff7ee259dfd84335ffa50e938) commit e224c45317b8a78ff52a121aac30ffc1499410c8 Author: Doug Hogan Date: Wed Jan 7 18:21:01 2015 -0800 Avoid a double-free in an error path. Signed-off-by: Kurt Roeckx Reviewed-by: Matt Caswell (cherry picked from commit 1549a265209d449b6aefd2b49d7d39f7fbe0689b) ----------------------------------------------------------------------- Summary of changes: crypto/dh/dh_ameth.c | 2 ++ engines/e_ubsec.c | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index 0ba4d44..786f021 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -223,6 +223,7 @@ static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) DHerr(DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR); dherr: DH_free(dh); + ASN1_INTEGER_free(privkey); return 0; } @@ -258,6 +259,7 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) dplen = i2d_ASN1_INTEGER(prkey, &dp); ASN1_INTEGER_free(prkey); + prkey = NULL; if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dhKeyAgreement), 0, V_ASN1_SEQUENCE, params, dp, dplen)) diff --git a/engines/e_ubsec.c b/engines/e_ubsec.c index 2d6331d..6f09ffb 100644 --- a/engines/e_ubsec.c +++ b/engines/e_ubsec.c @@ -967,11 +967,11 @@ static int ubsec_dh_generate_key(DH *dh) if (dh->pub_key == NULL) { pub_key = BN_new(); + if (pub_key == NULL) + goto err; pub_key_len = BN_num_bits(dh->p); if (bn_wexpand(pub_key, dh->p->top) == NULL) goto err; - if (pub_key == NULL) - goto err; } else { pub_key = dh->pub_key; } From steve at openssl.org Sun Feb 22 14:43:39 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Sun, 22 Feb 2015 15:43:39 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150222144339.14DD11DF124@butler.localdomain> The branch master has been updated via 15b5d6585de098e48acebc8366a9956ee57c8f2d (commit) from bcfa19a8d19506c26b5f8d9d9934ca2aa5f96b43 (commit) - Log ----------------------------------------------------------------- commit 15b5d6585de098e48acebc8366a9956ee57c8f2d Author: Dr. Stephen Henson Date: Sun Feb 22 13:13:12 2015 +0000 typo Reviewed-by: Kurt Roeckx ----------------------------------------------------------------------- Summary of changes: doc/ssl/SSL_CONF_CTX_set_flags.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/ssl/SSL_CONF_CTX_set_flags.pod b/doc/ssl/SSL_CONF_CTX_set_flags.pod index ab87efc..4e34280 100644 --- a/doc/ssl/SSL_CONF_CTX_set_flags.pod +++ b/doc/ssl/SSL_CONF_CTX_set_flags.pod @@ -36,7 +36,7 @@ least one of these flags must be set. recognise options intended for use in SSL/TLS clients or servers. One or both of these flags must be set. -=item SSL_CONF_CERTIFICATE +=item SSL_CONF_FLAG_CERTIFICATE recognise certificate and private key options. From steve at openssl.org Sun Feb 22 14:44:43 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Sun, 22 Feb 2015 15:44:43 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150222144443.BD23B1DF124@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via 1f956f9cda79ad6439938e3c40763f2bd73ceda3 (commit) from 98e6f0790111715877ffa1b08c93e44cc0b402e9 (commit) - Log ----------------------------------------------------------------- commit 1f956f9cda79ad6439938e3c40763f2bd73ceda3 Author: Dr. Stephen Henson Date: Sun Feb 22 13:13:12 2015 +0000 typo Reviewed-by: Kurt Roeckx (cherry picked from commit 15b5d6585de098e48acebc8366a9956ee57c8f2d) ----------------------------------------------------------------------- Summary of changes: doc/ssl/SSL_CONF_CTX_set_flags.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/ssl/SSL_CONF_CTX_set_flags.pod b/doc/ssl/SSL_CONF_CTX_set_flags.pod index ab87efc..4e34280 100644 --- a/doc/ssl/SSL_CONF_CTX_set_flags.pod +++ b/doc/ssl/SSL_CONF_CTX_set_flags.pod @@ -36,7 +36,7 @@ least one of these flags must be set. recognise options intended for use in SSL/TLS clients or servers. One or both of these flags must be set. -=item SSL_CONF_CERTIFICATE +=item SSL_CONF_FLAG_CERTIFICATE recognise certificate and private key options. From appro at openssl.org Sun Feb 22 18:15:44 2015 From: appro at openssl.org (Andy Polyakov) Date: Sun, 22 Feb 2015 19:15:44 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150222181544.6747C1DF124@butler.localdomain> The branch master has been updated via 1526fea5441f0b6256b298b30ba9fcb3e3ecd930 (commit) from 15b5d6585de098e48acebc8366a9956ee57c8f2d (commit) - Log ----------------------------------------------------------------- commit 1526fea5441f0b6256b298b30ba9fcb3e3ecd930 Author: Andy Polyakov Date: Sun Feb 22 19:13:35 2015 +0100 evp/evp_test.c: avoid crashes when referencing uninitialized pointers. For some reason failure surfaced on ARM platforms. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/evp/evp_test.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/evp/evp_test.c b/crypto/evp/evp_test.c index 7706ee1..fb8ac4f 100644 --- a/crypto/evp/evp_test.c +++ b/crypto/evp/evp_test.c @@ -454,6 +454,8 @@ int main(int argc, char **argv) ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); + + memset(&t,0,sizeof(t)); t.meth = NULL; t.public = NULL; t.private = NULL; From appro at openssl.org Sun Feb 22 18:22:27 2015 From: appro at openssl.org (Andy Polyakov) Date: Sun, 22 Feb 2015 19:22:27 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150222182228.0CF101DF128@butler.localdomain> The branch master has been updated via 3372c4fffa0556a688f8f1f550b095051398f596 (commit) from 1526fea5441f0b6256b298b30ba9fcb3e3ecd930 (commit) - Log ----------------------------------------------------------------- commit 3372c4fffa0556a688f8f1f550b095051398f596 Author: Andy Polyakov Date: Sun Feb 22 19:19:26 2015 +0100 sha/asm/sha1-586.pl: fix typo. The typo doesn't affect supported configuration, only unsupported masm. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/sha/asm/sha1-586.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/sha/asm/sha1-586.pl b/crypto/sha/asm/sha1-586.pl index 8377299..4895eb3 100644 --- a/crypto/sha/asm/sha1-586.pl +++ b/crypto/sha/asm/sha1-586.pl @@ -450,7 +450,7 @@ sub sha1msg2 { sha1op38(0xca, at _); } &sub ("esp",32); &movdqu ($ABCD,&QWP(0,$ctx)); - &movd ($E,&QWP(16,$ctx)); + &movd ($E,&DWP(16,$ctx)); &and ("esp",-32); &movdqa ($BSWAP,&QWP(0x50,$tmp1)); # byte-n-word swap From appro at openssl.org Sun Feb 22 18:22:27 2015 From: appro at openssl.org (Andy Polyakov) Date: Sun, 22 Feb 2015 19:22:27 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150222182227.E8B2F1DF124@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via f243def213b24256db997bb30f729bc23d2c9d0a (commit) from 1f956f9cda79ad6439938e3c40763f2bd73ceda3 (commit) - Log ----------------------------------------------------------------- commit f243def213b24256db997bb30f729bc23d2c9d0a Author: Andy Polyakov Date: Sun Feb 22 19:19:26 2015 +0100 sha/asm/sha1-586.pl: fix typo. The typo doesn't affect supported configuration, only unsupported masm. Reviewed-by: Matt Caswell (cherry picked from commit 3372c4fffa0556a688f8f1f550b095051398f596) ----------------------------------------------------------------------- Summary of changes: crypto/sha/asm/sha1-586.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/sha/asm/sha1-586.pl b/crypto/sha/asm/sha1-586.pl index 8377299..4895eb3 100644 --- a/crypto/sha/asm/sha1-586.pl +++ b/crypto/sha/asm/sha1-586.pl @@ -450,7 +450,7 @@ sub sha1msg2 { sha1op38(0xca, at _); } &sub ("esp",32); &movdqu ($ABCD,&QWP(0,$ctx)); - &movd ($E,&QWP(16,$ctx)); + &movd ($E,&DWP(16,$ctx)); &and ("esp",-32); &movdqa ($BSWAP,&QWP(0x50,$tmp1)); # byte-n-word swap From appro at openssl.org Sun Feb 22 18:25:40 2015 From: appro at openssl.org (Andy Polyakov) Date: Sun, 22 Feb 2015 19:25:40 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150222182540.CB6011DF124@butler.localdomain> The branch master has been updated via 2f8d82d6418c4de8330e2870c1ca6386dc9e1b34 (commit) from 3372c4fffa0556a688f8f1f550b095051398f596 (commit) - Log ----------------------------------------------------------------- commit 2f8d82d6418c4de8330e2870c1ca6386dc9e1b34 Author: Andy Polyakov Date: Sun Feb 22 19:23:25 2015 +0100 perlasm/x86masm.pl: make it work. Though this doesn't mean that masm becomes supported, the script is still provided on don't-ask-in-case-of-doubt-use-nasm basis. See RT#3650 for background. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/perlasm/x86masm.pl | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/crypto/perlasm/x86masm.pl b/crypto/perlasm/x86masm.pl index 1741342..917d0f8 100644 --- a/crypto/perlasm/x86masm.pl +++ b/crypto/perlasm/x86masm.pl @@ -18,10 +18,10 @@ sub ::generic if ($opcode =~ /lea/ && @arg[1] =~ s/.*PTR\s+($.*$)$/OFFSET $1/) # no [] { $opcode="mov"; } - elsif ($opcode !~ /movq/) + elsif ($opcode !~ /mov[dq]$/) { # fix xmm references - $arg[0] =~ s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i if ($arg[1]=~/\bxmm[0-7]\b/i); - $arg[1] =~ s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i if ($arg[0]=~/\bxmm[0-7]\b/i); + $arg[0] =~ s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i if ($arg[-1]=~/\bxmm[0-7]\b/i); + $arg[-1] =~ s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i if ($arg[0]=~/\bxmm[0-7]\b/i); } &::emit($opcode, at arg); @@ -160,13 +160,13 @@ sub ::public_label { push(@out,"PUBLIC\t".&::LABEL($_[0],$nmdecor.$_[0])."\n"); } sub ::data_byte -{ push(@out,("DB\t").join(',', at _)."\n"); } +{ push(@out,("DB\t").join(',',splice(@_,0,16))."\n") while(@_); } sub ::data_short -{ push(@out,("DW\t").join(',', at _)."\n"); } +{ push(@out,("DW\t").join(',',splice(@_,0,8))."\n") while(@_); } sub ::data_word -{ push(@out,("DD\t").join(',', at _)."\n"); } +{ push(@out,("DD\t").join(',',splice(@_,0,4))."\n") while(@_); } sub ::align { push(@out,"ALIGN\t$_[0]\n"); } From steve at openssl.org Tue Feb 24 02:43:28 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 24 Feb 2015 03:43:28 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150224024328.775EB1DF124@butler.localdomain> The branch master has been updated via ccc227565da59c4d6c707925c4230ab2afa2cf87 (commit) from 2f8d82d6418c4de8330e2870c1ca6386dc9e1b34 (commit) - Log ----------------------------------------------------------------- commit ccc227565da59c4d6c707925c4230ab2afa2cf87 Author: Dr. Stephen Henson Date: Tue Feb 24 02:27:51 2015 +0000 Don't set no_protocol if -tls1 selected. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: ssl/ssltest.c | 1 - 1 file changed, 1 deletion(-) diff --git a/ssl/ssltest.c b/ssl/ssltest.c index fb51ddd..89fb44a 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -1130,7 +1130,6 @@ int main(int argc, char *argv[]) } #endif else if (strcmp(*argv, "-tls1") == 0) { - no_protocol = 1; tls1 = 1; } else if (strcmp(*argv, "-ssl3") == 0) { #ifdef OPENSSL_NO_SSL3_METHOD From appro at openssl.org Tue Feb 24 09:09:11 2015 From: appro at openssl.org (Andy Polyakov) Date: Tue, 24 Feb 2015 10:09:11 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150224090911.235721DF124@butler.localdomain> The branch master has been updated via e620e5ae37bc3fc5e457ebf3edcdd01b20f8c5dd (commit) from ccc227565da59c4d6c707925c4230ab2afa2cf87 (commit) - Log ----------------------------------------------------------------- commit e620e5ae37bc3fc5e457ebf3edcdd01b20f8c5dd Author: Andy Polyakov Date: Tue Feb 24 10:07:22 2015 +0100 aes/asm/bsaes-armv7: fix kernel-side XTS and harmonize with Linux. XTS bug spotted and fix suggested by Adrian Kotelba. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/aes/asm/bsaes-armv7.pl | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/aes/asm/bsaes-armv7.pl b/crypto/aes/asm/bsaes-armv7.pl index fcc81d1..a4d3856 100644 --- a/crypto/aes/asm/bsaes-armv7.pl +++ b/crypto/aes/asm/bsaes-armv7.pl @@ -702,7 +702,7 @@ $code.=<<___; # define BSAES_ASM_EXTENDED_KEY # define XTS_CHAIN_TWEAK # define __ARM_ARCH__ __LINUX_ARM_ARCH__ -# define __ARM_MAX_ARCH__ __LINUX_ARM_ARCH__ +# define __ARM_MAX_ARCH__ 7 #endif #ifdef __thumb__ @@ -2078,9 +2078,11 @@ bsaes_xts_decrypt: vld1.8 {@XMM[8]}, [r0] @ initial tweak adr $magic, .Lxts_magic +#ifndef XTS_CHAIN_TWEAK tst $len, #0xf @ if not multiple of 16 it ne @ Thumb2 thing, sanity check in ARM subne $len, #0x10 @ subtract another 16 bytes +#endif subs $len, #0x80 blo .Lxts_dec_short From appro at openssl.org Tue Feb 24 09:13:16 2015 From: appro at openssl.org (Andy Polyakov) Date: Tue, 24 Feb 2015 10:13:16 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150224091316.0C6DC1DF124@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via 13c1807041c9e2a502ee9af418f723bbf135e24c (commit) from f243def213b24256db997bb30f729bc23d2c9d0a (commit) - Log ----------------------------------------------------------------- commit 13c1807041c9e2a502ee9af418f723bbf135e24c Author: Andy Polyakov Date: Sun Feb 22 17:43:11 2015 +0100 Fix crash in SPARC T4 XTS. Reviewed-by: Tim Hudson (cherry picked from commit 775b669de3ba84d8dce16ff5e2bdffe263c05c4b) ----------------------------------------------------------------------- Summary of changes: crypto/aes/Makefile | 2 +- crypto/camellia/Makefile | 2 +- crypto/perlasm/sparcv9_modes.pl | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/crypto/aes/Makefile b/crypto/aes/Makefile index 709b1af..b94ca72 100644 --- a/crypto/aes/Makefile +++ b/crypto/aes/Makefile @@ -72,7 +72,7 @@ aesni-mb-x86_64.s: asm/aesni-mb-x86_64.pl aes-sparcv9.s: asm/aes-sparcv9.pl $(PERL) asm/aes-sparcv9.pl $(CFLAGS) > $@ -aest4-sparcv9.s: asm/aest4-sparcv9.pl +aest4-sparcv9.s: asm/aest4-sparcv9.pl ../perlasm/sparcv9_modes.pl $(PERL) asm/aest4-sparcv9.pl $(CFLAGS) > $@ aes-ppc.s: asm/aes-ppc.pl diff --git a/crypto/camellia/Makefile b/crypto/camellia/Makefile index 88535f9..60e8960 100644 --- a/crypto/camellia/Makefile +++ b/crypto/camellia/Makefile @@ -48,7 +48,7 @@ cmll-x86.s: asm/cmll-x86.pl ../perlasm/x86asm.pl $(PERL) asm/cmll-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ cmll-x86_64.s: asm/cmll-x86_64.pl $(PERL) asm/cmll-x86_64.pl $(PERLASM_SCHEME) > $@ -cmllt4-sparcv9.s: asm/cmllt4-sparcv9.pl +cmllt4-sparcv9.s: asm/cmllt4-sparcv9.pl ../perlasm/sparcv9_modes.pl $(PERL) asm/cmllt4-sparcv9.pl $(CFLAGS) > $@ files: diff --git a/crypto/perlasm/sparcv9_modes.pl b/crypto/perlasm/sparcv9_modes.pl index dc55b34..eb267a5 100644 --- a/crypto/perlasm/sparcv9_modes.pl +++ b/crypto/perlasm/sparcv9_modes.pl @@ -1249,6 +1249,7 @@ $code.=<<___; fxor %f8, %f4, %f4 fxor %f10, %f6, %f6 + subcc $len, 2, $len stda %f0, [$out]0xe2 ! ASI_BLK_INIT, T4-specific add $out, 8, $out stda %f2, [$out]0xe2 ! ASI_BLK_INIT, T4-specific From appro at openssl.org Tue Feb 24 09:13:16 2015 From: appro at openssl.org (Andy Polyakov) Date: Tue, 24 Feb 2015 10:13:16 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150224091316.15F4D1DF128@butler.localdomain> The branch master has been updated via 775b669de3ba84d8dce16ff5e2bdffe263c05c4b (commit) from e620e5ae37bc3fc5e457ebf3edcdd01b20f8c5dd (commit) - Log ----------------------------------------------------------------- commit 775b669de3ba84d8dce16ff5e2bdffe263c05c4b Author: Andy Polyakov Date: Sun Feb 22 17:43:11 2015 +0100 Fix crash in SPARC T4 XTS. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/aes/Makefile | 2 +- crypto/camellia/Makefile | 2 +- crypto/perlasm/sparcv9_modes.pl | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/crypto/aes/Makefile b/crypto/aes/Makefile index 6cf7363..72fe789 100644 --- a/crypto/aes/Makefile +++ b/crypto/aes/Makefile @@ -72,7 +72,7 @@ aesni-mb-x86_64.s: asm/aesni-mb-x86_64.pl aes-sparcv9.s: asm/aes-sparcv9.pl $(PERL) asm/aes-sparcv9.pl $(CFLAGS) > $@ -aest4-sparcv9.s: asm/aest4-sparcv9.pl +aest4-sparcv9.s: asm/aest4-sparcv9.pl ../perlasm/sparcv9_modes.pl $(PERL) asm/aest4-sparcv9.pl $(CFLAGS) > $@ aes-ppc.s: asm/aes-ppc.pl diff --git a/crypto/camellia/Makefile b/crypto/camellia/Makefile index 5923099..a5b983b 100644 --- a/crypto/camellia/Makefile +++ b/crypto/camellia/Makefile @@ -48,7 +48,7 @@ cmll-x86.s: asm/cmll-x86.pl ../perlasm/x86asm.pl $(PERL) asm/cmll-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ cmll-x86_64.s: asm/cmll-x86_64.pl $(PERL) asm/cmll-x86_64.pl $(PERLASM_SCHEME) > $@ -cmllt4-sparcv9.s: asm/cmllt4-sparcv9.pl +cmllt4-sparcv9.s: asm/cmllt4-sparcv9.pl ../perlasm/sparcv9_modes.pl $(PERL) asm/cmllt4-sparcv9.pl $(CFLAGS) > $@ files: diff --git a/crypto/perlasm/sparcv9_modes.pl b/crypto/perlasm/sparcv9_modes.pl index f5474a2..74544fb 100644 --- a/crypto/perlasm/sparcv9_modes.pl +++ b/crypto/perlasm/sparcv9_modes.pl @@ -1249,6 +1249,7 @@ $code.=<<___; fxor %f8, %f4, %f4 fxor %f10, %f6, %f6 + subcc $len, 2, $len stda %f0, [$out]0xe2 ! ASI_BLK_INIT, T4-specific add $out, 8, $out stda %f2, [$out]0xe2 ! ASI_BLK_INIT, T4-specific From steve at openssl.org Tue Feb 24 15:28:09 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 24 Feb 2015 16:28:09 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150224152809.4D90C1DF124@butler.localdomain> The branch master has been updated via 384dee51242e950c56b3bac32145957bfbf3cd4b (commit) from 775b669de3ba84d8dce16ff5e2bdffe263c05c4b (commit) - Log ----------------------------------------------------------------- commit 384dee51242e950c56b3bac32145957bfbf3cd4b Author: Dr. Stephen Henson Date: Tue Feb 24 13:52:21 2015 +0000 Document -no_explicit Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: doc/apps/ocsp.pod | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/doc/apps/ocsp.pod b/doc/apps/ocsp.pod index 296b13c..b32086c 100644 --- a/doc/apps/ocsp.pod +++ b/doc/apps/ocsp.pod @@ -66,6 +66,7 @@ B B [B<-no_cert_verify>] [B<-no_chain>] [B<-no_cert_checks>] +[B<-no_explicit>] [B<-port num>] [B<-index file>] [B<-CA file>] @@ -226,6 +227,10 @@ testing purposes. do not use certificates in the response as additional untrusted CA certificates. +=item B<-no_explicit> + +do not explicitly trust the root CA if it is set to be trusted for OCSP signing. + =item B<-no_cert_checks> don't perform any additional checks on the OCSP response signers certificate. @@ -338,8 +343,9 @@ CA certificate in the request. If there is a match and the OCSPSigning extended key usage is present in the OCSP responder certificate then the OCSP verify succeeds. -Otherwise the root CA of the OCSP responders CA is checked to see if it -is trusted for OCSP signing. If it is the OCSP verify succeeds. +Otherwise, if B<-no_explicit> is B set the root CA of the OCSP responders +CA is checked to see if it is trusted for OCSP signing. If it is the OCSP +verify succeeds. If none of these checks is successful then the OCSP verify fails. From steve at openssl.org Tue Feb 24 15:29:29 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 24 Feb 2015 16:29:29 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <20150224152929.8AADC1DF124@butler.localdomain> The branch OpenSSL_1_0_0-stable has been updated via 6e161ee39ede0686dc6ae9af115bf1c132f05db0 (commit) from 0e5e7af95584281548841cc8f3da5298a84eb5f9 (commit) - Log ----------------------------------------------------------------- commit 6e161ee39ede0686dc6ae9af115bf1c132f05db0 Author: Dr. Stephen Henson Date: Tue Feb 24 13:52:21 2015 +0000 Document -no_explicit Reviewed-by: Rich Salz (cherry picked from commit 384dee51242e950c56b3bac32145957bfbf3cd4b) ----------------------------------------------------------------------- Summary of changes: doc/apps/ocsp.pod | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/doc/apps/ocsp.pod b/doc/apps/ocsp.pod index 38f026a..2372b37 100644 --- a/doc/apps/ocsp.pod +++ b/doc/apps/ocsp.pod @@ -40,6 +40,7 @@ B B [B<-no_cert_verify>] [B<-no_chain>] [B<-no_cert_checks>] +[B<-no_explicit>] [B<-port num>] [B<-index file>] [B<-CA file>] @@ -189,6 +190,10 @@ testing purposes. do not use certificates in the response as additional untrusted CA certificates. +=item B<-no_explicit> + +do not explicitly trust the root CA if it is set to be trusted for OCSP signing. + =item B<-no_cert_checks> don't perform any additional checks on the OCSP response signers certificate. @@ -301,8 +306,9 @@ CA certificate in the request. If there is a match and the OCSPSigning extended key usage is present in the OCSP responder certificate then the OCSP verify succeeds. -Otherwise the root CA of the OCSP responders CA is checked to see if it -is trusted for OCSP signing. If it is the OCSP verify succeeds. +Otherwise, if B<-no_explicit> is B set the root CA of the OCSP responders +CA is checked to see if it is trusted for OCSP signing. If it is the OCSP +verify succeeds. If none of these checks is successful then the OCSP verify fails. From steve at openssl.org Tue Feb 24 15:29:29 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 24 Feb 2015 16:29:29 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150224152929.A37101DF12A@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via 36b619a06e5a2a296058f8dbf11a74f95cb3f71d (commit) from 13c1807041c9e2a502ee9af418f723bbf135e24c (commit) - Log ----------------------------------------------------------------- commit 36b619a06e5a2a296058f8dbf11a74f95cb3f71d Author: Dr. Stephen Henson Date: Tue Feb 24 13:52:21 2015 +0000 Document -no_explicit Reviewed-by: Rich Salz (cherry picked from commit 384dee51242e950c56b3bac32145957bfbf3cd4b) ----------------------------------------------------------------------- Summary of changes: doc/apps/ocsp.pod | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/doc/apps/ocsp.pod b/doc/apps/ocsp.pod index 38f026a..2372b37 100644 --- a/doc/apps/ocsp.pod +++ b/doc/apps/ocsp.pod @@ -40,6 +40,7 @@ B B [B<-no_cert_verify>] [B<-no_chain>] [B<-no_cert_checks>] +[B<-no_explicit>] [B<-port num>] [B<-index file>] [B<-CA file>] @@ -189,6 +190,10 @@ testing purposes. do not use certificates in the response as additional untrusted CA certificates. +=item B<-no_explicit> + +do not explicitly trust the root CA if it is set to be trusted for OCSP signing. + =item B<-no_cert_checks> don't perform any additional checks on the OCSP response signers certificate. @@ -301,8 +306,9 @@ CA certificate in the request. If there is a match and the OCSPSigning extended key usage is present in the OCSP responder certificate then the OCSP verify succeeds. -Otherwise the root CA of the OCSP responders CA is checked to see if it -is trusted for OCSP signing. If it is the OCSP verify succeeds. +Otherwise, if B<-no_explicit> is B set the root CA of the OCSP responders +CA is checked to see if it is trusted for OCSP signing. If it is the OCSP +verify succeeds. If none of these checks is successful then the OCSP verify fails. From steve at openssl.org Tue Feb 24 15:29:29 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 24 Feb 2015 16:29:29 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <20150224152929.96C1A1DF128@butler.localdomain> The branch OpenSSL_1_0_1-stable has been updated via 9cd061725b4057f06d2d091352123ce9da790815 (commit) from e347d80287f18fce0db4571d5ee7285f1b14b82b (commit) - Log ----------------------------------------------------------------- commit 9cd061725b4057f06d2d091352123ce9da790815 Author: Dr. Stephen Henson Date: Tue Feb 24 13:52:21 2015 +0000 Document -no_explicit Reviewed-by: Rich Salz (cherry picked from commit 384dee51242e950c56b3bac32145957bfbf3cd4b) ----------------------------------------------------------------------- Summary of changes: doc/apps/ocsp.pod | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/doc/apps/ocsp.pod b/doc/apps/ocsp.pod index 38f026a..2372b37 100644 --- a/doc/apps/ocsp.pod +++ b/doc/apps/ocsp.pod @@ -40,6 +40,7 @@ B B [B<-no_cert_verify>] [B<-no_chain>] [B<-no_cert_checks>] +[B<-no_explicit>] [B<-port num>] [B<-index file>] [B<-CA file>] @@ -189,6 +190,10 @@ testing purposes. do not use certificates in the response as additional untrusted CA certificates. +=item B<-no_explicit> + +do not explicitly trust the root CA if it is set to be trusted for OCSP signing. + =item B<-no_cert_checks> don't perform any additional checks on the OCSP response signers certificate. @@ -301,8 +306,9 @@ CA certificate in the request. If there is a match and the OCSPSigning extended key usage is present in the OCSP responder certificate then the OCSP verify succeeds. -Otherwise the root CA of the OCSP responders CA is checked to see if it -is trusted for OCSP signing. If it is the OCSP verify succeeds. +Otherwise, if B<-no_explicit> is B set the root CA of the OCSP responders +CA is checked to see if it is trusted for OCSP signing. If it is the OCSP +verify succeeds. If none of these checks is successful then the OCSP verify fails. From rsalz at openssl.org Tue Feb 24 22:42:02 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 24 Feb 2015 23:42:02 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150224224203.3FB121DF124@butler.localdomain> The branch master has been updated via f09e7ca94bd428203da770a874604754dace1b02 (commit) from 384dee51242e950c56b3bac32145957bfbf3cd4b (commit) - Log ----------------------------------------------------------------- commit f09e7ca94bd428203da770a874604754dace1b02 Author: Rich Salz Date: Tue Feb 24 17:40:22 2015 -0500 Move build config table to separate files. Move the build configuration table into separate files. The Configurations file is standard configs, and Configurations.team is for openssl-team members. Any other file, Configurations*, found in the same directory as the Configure script, is loaded. To add another file, use --config=FILE flags (which should probably be an absolute path). Written by Stefen Eissing and Rich Salz , contributed by Akamai Technologies. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: Configurations | 431 +++++++++++++++++++++++++++++++++++++++++++ Configurations.team | 47 +++++ Configure | 509 ++++----------------------------------------------- Makefile.org | 2 +- 4 files changed, 513 insertions(+), 476 deletions(-) create mode 100644 Configurations create mode 100644 Configurations.team diff --git a/Configurations b/Configurations new file mode 100644 index 0000000..47a5a3f --- /dev/null +++ b/Configurations @@ -0,0 +1,431 @@ +## Standard openssl configuration targets. +## +## If you edit this file, run this command before committing +## make -f Makefile.org TABLE +## This file is interpolated by the Configure script. + +# Filler used for when there are no asm files. +my $no_asm_filler="::::::::::::::::void"; + +%targets = ( + +# Basic configs that should work on any (32 and less bit) box +"gcc", "gcc:-O3::(unknown):::BN_LLONG:::", +"cc", "cc:-O::(unknown)::::::", + +####VOS Configurations +"vos-gcc","gcc:-O3 -Wall -DOPENSSL_SYS_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm_filler}:::::.so:", +"debug-vos-gcc","gcc:-O0 -g -Wall -DOPENSSL_SYS_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm_filler}:::::.so:", + +#### Solaris x86 with GNU C setups +# -DOPENSSL_NO_INLINE_ASM switches off inline assembler. We have to do it +# here because whenever GNU C instantiates an assembler template it +# surrounds it with #APP #NO_APP comment pair which (at least Solaris +# 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic" +# error message. +"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -march=pentium -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# -shared -static-libgcc might appear controversial, but modules taken +# from static libgcc do not have relocations and linking them into our +# shared objects doesn't have any negative side-effects. On the contrary, +# doing so makes it possible to use gcc shared build with Sun C. Given +# that gcc generates faster code [thanks to inline assembler], I would +# actually recommend to consider using gcc shared build even with vendor +# compiler:-) +# +"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", + +#### Solaris x86 with Sun C setups +"solaris-x86-cc","cc:-fast -xarch=generic -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm_filler}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", + +#### SPARC Solaris with GNU C setups +"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm_filler}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc +"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", +#### +"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +#### SPARC Solaris with Sun C setups +# SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2. +# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8 +# SC5.0 note: Compiler common patch 107357-01 or later is required! +"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${no_asm_filler}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", +#### +"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +#### IRIX 5.x configs +# -mips2 flag is added by ./config when appropriate. +"irix-gcc","gcc:-O3 -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"irix-cc", "cc:-O2 -use_readonly_const -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +#### IRIX 6.x configs +# Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke +# './Configure irix-cc -o32' manually. +"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", +"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", +# N64 ABI builds. +"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", + +#### Unified HP-UX ANSI C configs. +# Special notes: +# - Originally we were optimizing at +O4 level. It should be noted +# that the only difference between +O3 and +O4 is global inter- +# procedural analysis. As it has to be performed during the link +# stage the compiler leaves behind certain pseudo-code in lib*.a +# which might be release or even patch level specific. Generating +# the machine code for and analyzing the *whole* program appears +# to be *extremely* memory demanding while the performance gain is +# actually questionable. The situation is intensified by the default +# HP-UX data set size limit (infamous 'maxdsiz' tunable) of 64MB +# which is way too low for +O4. In other words, doesn't +O3 make +# more sense? +# - Keep in mind that the HP compiler by default generates code +# suitable for execution on the host you're currently compiling at. +# If the toolkit is ment to be used on various PA-RISC processors +# consider './config +DAportable'. +# - +DD64 is chosen in favour of +DA2.0W because it's meant to be +# compatible with *future* releases. +# - If you run ./Configure hpux-parisc-[g]cc manually don't forget to +# pass -D_REENTRANT on HP-UX 10 and later. +# - -DMD32_XARRAY triggers workaround for compiler bug we ran into in +# 32-bit message digests. (For the moment of this writing) HP C +# doesn't seem to "digest" too many local variables (they make "him" +# chew forever:-). For more details look-up MD32_XARRAY comment in +# crypto/sha/sha_lcl.h. +# +# +# Since there is mention of this in shlib/hpux10-cc.sh +"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm_filler}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm_filler}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-parisc1_1-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${parisc11_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa1.1", +"hpux-parisc2-gcc","gcc:-march=2.0 -O3 -DB_ENDIAN -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1:".eval{my $asm=$parisc20_asm;$asm=~s/2W\./2\./;$asm=~s/:64/:32/;$asm}.":dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_32", +"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o:::::::::::::::void:dlfcn:hpux-shared:-fpic:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64", + +# More attempts at unified 10.X and 11.X targets for HP C compiler. +# +# Chris Ruemmler +# Kevin Steves +"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${no_asm_filler}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-parisc1_1-cc","cc:+DA1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${parisc11_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa1.1", +"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:".eval{my $asm=$parisc20_asm;$asm=~s/2W\./2\./;$asm=~s/:64/:32/;$asm}.":dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_32", +"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${parisc20_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64", + +# HP/UX IA-64 targets +"hpux-ia64-cc","cc:-Ae +DD32 +O2 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD32 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux32", +# Frank Geurts has patiently assisted with +# with debugging of the following config. +"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux64", +# GCC builds... +"hpux-ia64-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux32", +"hpux64-ia64-gcc","gcc:-mlp64 -O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-mlp64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux64", + +# Legacy HPUX 9.X configs... +"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O2 -z::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm_filler}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm_filler}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +#### HP MPE/iX http://jazz.external.hp.com/src/openssl/ +"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::", + +# DEC Alpha OSF/1/Tru64 targets. +# +# "What's in a name? That which we call a rose +# By any other word would smell as sweet." +# +# - William Shakespeare, "Romeo & Juliet", Act II, scene II. +# +# For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version +# +"osf1-alpha-gcc", "gcc:-O3::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", +"osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", +"tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so", + +#### +#### Variety of LINUX:-) +#### +# *-generic* is endian-neutral target, but ./config is free to +# throw in -D[BL]_ENDIAN, whichever appropriate... +"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm_filler}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-ppc", "gcc:-DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +####################################################################### +# Note that -march is not among compiler options in below linux-armv4 +# target line. Not specifying one is intentional to give you choice to: +# +# a) rely on your compiler default by not specifying one; +# b) specify your target platform explicitly for optimal performance, +# e.g. -march=armv6 or -march=armv7-a; +# c) build "universal" binary that targets *range* of platforms by +# specifying minimum and maximum supported architecture; +# +# As for c) option. It actually makes no sense to specify maximum to be +# less than ARMv7, because it's the least requirement for run-time +# switch between platform-specific code paths. And without run-time +# switch performance would be equivalent to one for minimum. Secondly, +# there are some natural limitations that you'd have to accept and +# respect. Most notably you can *not* build "universal" binary for +# big-endian platform. This is because ARMv7 processor always picks +# instructions in little-endian order. Another similar limitation is +# that -mthumb can't "cross" -march=armv6t2 boundary, because that's +# where it became Thumb-2. Well, this limitation is a bit artificial, +# because it's not really impossible, but it's deemed too tricky to +# support. And of course you have to be sure that your binutils are +# actually up to the task of handling maximum target platform. With all +# this in mind here is an example of how to configure "universal" build: +# +# ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8 +# +"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-aarch64","gcc: -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# Configure script adds minimally required -march for assembly support, +# if no -march was specified at command line. mips32 and mips64 below +# refer to contemporary MIPS Architecture specifications, MIPS32 and +# MIPS64, rather than to kernel bitness. +"linux-mips32", "gcc:-mabi=32 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-mips64", "gcc:-mabi=n32 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:n32:dlfcn:linux-shared:-fPIC:-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", +"linux64-mips64", "gcc:-mabi=64 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +#### IA-32 targets... +"linux-ia32-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-aout", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out", +#### +"linux-generic64","gcc:-O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm_filler}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-ppc64", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux-ppc64le","gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:$ppc64_asm:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::", +"linux-ia64", "gcc:-DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux-x86_64-clang", "clang: -m64 -DL_ENDIAN -O3 -Weverything $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux-x86_64-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux-x32", "gcc:-mx32 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32:", +"linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +#### So called "highgprs" target for z/Architecture CPUs +# "Highgprs" is kernel feature first implemented in Linux 2.6.32, see +# /proc/cpuinfo. The idea is to preserve most significant bits of +# general purpose registers not only upon 32-bit process context +# switch, but even on asynchronous signal delivery to such process. +# This makes it possible to deploy 64-bit instructions even in legacy +# application context and achieve better [or should we say adequate] +# performance. The build is binary compatible with linux-generic32, +# and the idea is to be able to install the resulting libcrypto.so +# alongside generic one, e.g. as /lib/highgprs/libcrypto.so.x.y, for +# ldconfig and run-time linker to autodiscover. Unfortunately it +# doesn't work just yet, because of couple of bugs in glibc +# sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1... +"linux32-s390x", "gcc:-m31 -Wa,-mzarch -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs", +#### SPARC Linux setups +# Ray Miller has patiently +# assisted with debugging of following two configs. +"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# it's a real mess with -mcpu=ultrasparc option under Linux, but +# -Wa,-Av8plus should do the trick no matter what. +"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# GCC 3.1 is a requirement +"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +#### Alpha Linux with GNU C and Compaq C setups +# Special notes: +# - linux-alpha+bwx-gcc is ment to be used from ./config only. If you +# ought to run './Configure linux-alpha+bwx-gcc' manually, do +# complement the command line with -mcpu=ev56, -mcpu=ev6 or whatever +# which is appropriate. +# - If you use ccc keep in mind that -fast implies -arch host and the +# compiler is free to issue instructions which gonna make elder CPU +# choke. If you wish to build "blended" toolkit, add -arch generic +# *after* -fast and invoke './Configure linux-alpha-ccc' manually. +"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", +"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", +# +# TI_CGT_C6000_7.3.x is a requirement +"linux-c64xplus","cl6x:--linux -ea=.s -eo=.o -mv6400+ -o2 -ox -ms -pden -DOPENSSL_SMALL_FOOTPRINT::-D_REENTRANT:::BN_LLONG:c64xpluscpuid.o:bn-c64xplus.o c64xplus-gf2m.o:::aes-c64xplus.o aes_cbc.o aes_ctr.o:::sha1-c64xplus.o sha256-c64xplus.o sha512-c64xplus.o::rc4-c64xplus.o:::::ghash-c64xplus.o::void:dlfcn:linux-shared:--pic:-z --sysv --shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):true", + +# Android: linux-* but without pointers to headers and libs. +"android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm_filler}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"android-armv7","gcc:-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"android-mips","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +#### *BSD [do see comment about ${BSDthreads} in Configure!] +"BSD-generic32","gcc:-O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm_filler}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-x86", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-sparcv8", "gcc:-DB_ENDIAN -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +"BSD-generic64","gcc:-O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm_filler}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# -DMD32_REG_T=int doesn't actually belong in sparc64 target, it +# simply *happens* to work around a compiler bug in gcc 3.3.3, +# triggered by RIPEMD160 code. +"BSD-sparc64", "gcc:-DB_ENDIAN -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-ia64", "gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-x86_64", "gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +"bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +"nextstep", "cc:-O -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", +"nextstep3.3", "cc:-O3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", + +# QNX +"qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:", +"QNX6", "gcc:::::-lsocket::${no_asm_filler}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"QNX6-i386", "gcc:-DL_ENDIAN -O2 -Wall::::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +#### SCO/Caldera targets. +# +# Originally we had like unixware-*, unixware-*-pentium, unixware-*-p6, etc. +# Now we only have blended unixware-* as it's the only one used by ./config. +# If you want to optimize for particular microarchitecture, bypass ./config +# and './Configure unixware-7 -Kpentium_pro' or whatever appropriate. +# Note that not all targets include assembler support. Mostly because of +# lack of motivation to support out-of-date platforms with out-of-date +# compiler drivers and assemblers. Tim Rice has +# patiently assisted to debug most of it. +# +# UnixWare 2.0x fails destest with -O. +"unixware-2.0","cc:-DFILIO_H -DNO_STRINGS_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::", +"unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::", +"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}-1:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -march=pentium -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}-1:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# SCO 5 - Ben Laurie says the -O breaks the SCO cc. +"sco5-cc", "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}-1:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}-1:dlfcn:svr3-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +#### IBM's AIX. +"aix3-cc", "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::", +"aix-gcc", "gcc:-O -DB_ENDIAN::-pthread:AIX::BN_LLONG RC4_CHAR:$ppc32_asm:aix32:dlfcn:aix-shared::-shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X32", +"aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-pthread:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:$ppc64_asm:aix64:dlfcn:aix-shared::-maix64 -shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64", +# Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE +# at build time. $OBJECT_MODE is respected at ./config stage! +"aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR:$ppc32_asm:aix32:dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32", +"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:$ppc64_asm:aix64:dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64", + +# SIEMENS BS2000/OSD: an EBCDIC-based mainframe +"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::", + +# OS/390 Unix an EBCDIC-based Unix system on IBM mainframe +# You need to compile using the c89.sh wrapper in the tools directory, because the +# IBM compiler does not like the -L switch after any object modules. +# +"OS390-Unix","c89.sh:-O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H -D_ALL_SOURCE::(unknown):::THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::", + +# Visual C targets +# +# Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64 +# +# Note about -wd4090, disable warning C4090. This warning returns false +# positives in some situations. Disabling it altogether masks both +# legitimate and false cases, but as we compile on multiple platforms, +# we rely on other compilers to catch legitimate cases. +"VC-WIN64I","cl:-W3 -wd4090 -Gs0 -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o ia64-mont.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32", +"VC-WIN64A","cl:-W3 -wd4090 -Gs0 -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32", +"debug-VC-WIN64I","cl:-W3 -wd4090 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32", +"debug-VC-WIN64A","cl:-W3 -wd4090 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32", +# x86 Win32 target defaults to ANSI API, if you want UNICODE, complement +# 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE' +"VC-WIN32","cl:-W3 -wd4090 -Gs0 -GF -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", +"debug-VC-WIN32","cl:-W3 -wd4090 -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", +# Unified CE target +"VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm_filler}:win32", + +# Borland C++ 4.5 +"BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN:${no_asm_filler}:win32", + +# MinGW +"mingw", "gcc:-mno-cygwin -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -fomit-frame-pointer -O3 -march=i486 -Wall::-D_MT:MINGW32:-lws2_32 -lgdi32 -lcrypt32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_asm}:coff:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin:.dll.a", +# As for OPENSSL_USE_APPLINK. Applink makes it possible to use .dll +# compiled with one compiler with application compiled with another +# compiler. It's possible to engage Applink support in mingw64 build, +# but it's not done, because till mingw64 supports structured exception +# handling, one can't seriously consider its binaries for using with +# non-mingw64 run-time environment. And as mingw64 is always consistent +# with itself, Applink is never engaged and can as well be omitted. +"mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE::-D_MT:MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a", + +# UWIN +"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm_filler}:win32", + +# Cygwin +"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:coff:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", +"Cygwin-x86_64", "gcc:-DTERMIOS -DL_ENDIAN -O3 -Wall:::CYGWIN::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:mingw64:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", + +# NetWare from David Ward (dsward at novell.com) +# requires either MetroWerks NLM development tools, or gcc / nlmconv +# NetWare defaults socket bio to WinSock sockets. However, +# the builds can be configured to use BSD sockets instead. +# netware-clib => legacy CLib c-runtime support +"netware-clib", "mwccnlm::::::${x86_gcc_opts}::", +"netware-clib-bsdsock", "mwccnlm::::::${x86_gcc_opts}::", +"netware-clib-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -I/ndk/ws295sdk/include -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYS_NETWARE -O2 -Wall:::::${x86_gcc_opts}::", +"netware-clib-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -DNETWARE_BSDSOCK -DNETDB_USE_INTERNET -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYS_NETWARE -O2 -Wall:::::${x86_gcc_opts}::", +# netware-libc => LibC/NKS support +"netware-libc", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::", +"netware-libc-bsdsock", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::", +"netware-libc-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -I/ndk/libc/include/winsock -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYS_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::", +"netware-libc-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYS_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::", + +# DJGPP +"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIO -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:", + +# Ultrix from Bernhard Simon +"ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::", +"ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown):::BN_LLONG::::", +# K&R C is no longer supported; you need gcc on old Ultrix installations +##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown):::::::", + +##### MacOS X (a.k.a. Darwin) setup +"darwin-ppc-cc","cc:-arch ppc -O3 -DB_ENDIAN -Wa,-force_cpusubtype_ALL::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc64_asm}:osx64:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:".eval{my $asm=$x86_asm;$asm=~s/cast\-586\.o//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"debug-darwin-i386-cc","cc:-arch i386 -g3 -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:${x86_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"debug-darwin64-x86_64-cc","cc:-arch x86_64 -ggdb -g2 -O0 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +# iPhoneOS/iOS +# +# It takes three prior-set environment variables to make it work: +# +# CROSS_COMPILE=/where/toolchain/is/usr/bin/ [note ending slash] +# CROSS_TOP=/where/SDKs/are +# CROSS_SDK=iPhoneOSx.y.sdk +# +# Exact paths vary with Xcode releases, but for couple of last ones +# they would look like this: +# +# CROSS_COMPILE=`xcode-select --print-path`/Toolchains/XcodeDefault.xctoolchain/usr/bin/ +# CROSS_TOP=`xcode-select --print-path`/Platforms/iPhoneOS.platform/Developer +# CROSS_SDK=iPhoneOS7.0.sdk +# +"iphoneos-cross","cc:-O3 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fomit-frame-pointer -fno-common::-D_REENTRANT:iOS:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm_filler}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"ios64-cross","cc:-O3 -arch arm64 -mios-version-min=7.0.0 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common::-D_REENTRANT:iOS:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:ios64:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", + +##### A/UX +"aux3-gcc","gcc:-O2 -DTERMIO::(unknown):AUX:-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::", + +##### GNU Hurd +"hurd-x86", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC", + +##### OS/2 EMX +"OS2-EMX", "gcc::::::::", + +##### VxWorks for various targets +"vxworks-ppc60x","ccppc:-D_REENTRANT -mrtp -mhard-float -mstrict-align -fno-implicit-fp -DPPC32_fp60x -O2 -fstrength-reduce -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/usr/h/wrn/coreip:::VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/common:::::", +"vxworks-ppcgen","ccppc:-D_REENTRANT -mrtp -msoft-float -mstrict-align -O1 -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/usr/h/wrn/coreip:::VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/sfcommon:::::", +"vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", +"vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::", +"vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::", +"vxworks-ppc860","ccppc:-nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", +"vxworks-simlinux","ccpentium:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DL_ENDIAN -DCPU=SIMLINUX -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/h -I\$(WIND_BASE)/target/h/wrn/coreip -DOPENSSL_NO_HW_PADLOCK:::VXWORKS:-r::${no_asm_filler}::::::ranlibpentium:", +"vxworks-mips","ccmips:-mrtp -mips2 -O -G 0 -B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DCPU=MIPS32 -msoft-float -mno-branch-likely -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/h/wrn/coreip::-D_REENTRANT:VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/mips/MIPSI32/sfcommon::${mips32_asm}:o32::::::ranlibmips:", + +# uClinux +"uClinux-dist","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):BN_LLONG:${no_asm_filler}:$ENV{'LIBSSL_dlfcn'}:linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}::", +"uClinux-dist64","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):SIXTY_FOUR_BIT_LONG:${no_asm_filler}:$ENV{'LIBSSL_dlfcn'}:linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}::", + +); diff --git a/Configurations.team b/Configurations.team new file mode 100644 index 0000000..cfc2b16 --- /dev/null +++ b/Configurations.team @@ -0,0 +1,47 @@ +## Build configuration targets for openssl-team members +## +## If you edit this file, run this command before committing +## make -f Makefile.org TABLE +## This file is interpolated by the Configure script. + +# Filler used for when there are no asm files. +my $no_asm_filler="::::::::::::::::void"; + +%targets = ( +"purify", "purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::", +"debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::", +"debug-ben", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DDEBUG_SAFESTACK -O2 -pipe::(unknown):::::", +"debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", +"debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", +"debug-ben-debug", "gcc:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DOPENSSL_NO_HW_PADLOCK -g3 -O2 -pipe::(unknown)::::::", +"debug-ben-debug-64", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-ben-debug-64-clang", "clang:$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-ben-debug-64-noopt", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-ben-macos", "cc:$gcc_devteam_warn -DOPENSSL_NO_ASM -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch i386 -O3 -DL_ENDIAN -g3 -pipe::(unknown)::::::", +"debug-ben-no-opt", "gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -Wall -g3::(unknown)::::::", +"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", +"debug-ben-darwin64","cc:$gcc_devteam_warn -Wno-language-extension-token -Wno-extended-offsetof -arch x86_64 -O3 -DL_ENDIAN -DMD32_REG_T=int -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:$x86_64_asm:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"debug-rse","cc:-DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", +"debug-bodo", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"debug-erbridge", "gcc:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm_filler}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm_filler}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-geoff32","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG:${no_asm_filler}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-geoff64","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm_filler}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", +"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", +"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o::des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o:e_padlock-x86.o:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm_filler}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm_filler}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"dist", "cc:-O::(unknown)::::::", +"debug-test-64-clang", "clang:$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"darwin64-debug-test-64-clang", "clang:-arch x86_64 -DL_ENDIAN $gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:MACOSX::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +); diff --git a/Configure b/Configure index 1ea3a60..5dbfa6c 100755 --- a/Configure +++ b/Configure @@ -9,13 +9,18 @@ eval 'exec perl -S $0 ${1+"$@"}' require 5.000; use strict; +use File::Basename; +use File::Spec::Functions; # see INSTALL for instructions. -my $usage="Usage: Configure [no- ...] [enable- ...] [experimental- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; +my $usage="Usage: Configure [no- ...] [enable- ...] [experimental- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] [--config=FILE] os/compiler[:flags]\n"; # Options: # +# --config add the given configuration file, which will be read after +# any "Configurations*" files that are found in the same +# directory as this script. # --openssldir install OpenSSL in OPENSSLDIR (Default: DIR/ssl if the # --prefix option is given; /usr/local/ssl otherwise) # --prefix prefix for the OpenSSL include, lib and bin directories @@ -146,7 +151,6 @@ my $parisc11_asm="pariscid.o:bn_asm.o parisc-mont.o:::aes_core.o aes_cbc.o aes-p my $parisc20_asm="pariscid.o:pa-risc2W.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::64"; my $ppc64_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o:::aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o:::sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o:::::::ghashp8-ppc.o:"; my $ppc32_asm=$ppc64_asm; -my $no_asm="::::::::::::::::void"; # As for $BSDthreads. Idea is to maintain "collective" set of flags, # which would cover all BSD flavors. -pthread applies to them all, @@ -159,477 +163,31 @@ my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT"; #config-string $cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $cpuid_obj : $bn_obj : $ec_obj : $des_obj : $aes_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $wp_obj : $cmll_obj : $modes_obj : $engines_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags : $multilib +# table of known configurations, read in from files my %table=( -# File 'TABLE' (created by 'make TABLE') contains the data from this list, -# formatted for better readability. - - -#"b", "${tcc}:${tflags}::${tlib}:${bits1}:${tbn_mul}::", -#"bl-4c-2c", "${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:${tbn_mul}::", -#"bl-4c-ri", "${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:${tbn_mul}::", -#"b2-is-ri-dp", "${tcc}:${tflags}::${tlib}:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:${tbn_mul}::", - -# Our development configs -"purify", "purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::", -"debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::", -"debug-ben", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DDEBUG_SAFESTACK -O2 -pipe::(unknown):::::", -"debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", -"debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", -"debug-ben-debug", "gcc:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DOPENSSL_NO_HW_PADLOCK -g3 -O2 -pipe::(unknown)::::::", -"debug-ben-debug-64", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-ben-debug-64-clang", "clang:$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-ben-debug-64-noopt", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-ben-macos", "cc:$gcc_devteam_warn -DOPENSSL_NO_ASM -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch i386 -O3 -DL_ENDIAN -g3 -pipe::(unknown)::::::", -"debug-ben-no-opt", "gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -Wall -g3::(unknown)::::::", -"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", -"debug-ben-darwin64","cc:$gcc_devteam_warn -Wno-language-extension-token -Wno-extended-offsetof -arch x86_64 -O3 -DL_ENDIAN -DMD32_REG_T=int -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:$x86_64_asm:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"debug-rse","cc:-DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", -"debug-bodo", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"debug-erbridge", "gcc:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-geoff32","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-geoff64","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", -"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", -"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o::des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o:e_padlock-x86.o:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"dist", "cc:-O::(unknown)::::::", -"debug-test-64-clang", "clang:$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"darwin64-debug-test-64-clang", "clang:-arch x86_64 -DL_ENDIAN $gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:MACOSX::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", - -# Basic configs that should work on any (32 and less bit) box -"gcc", "gcc:-O3::(unknown):::BN_LLONG:::", -"cc", "cc:-O::(unknown)::::::", - -####VOS Configurations -"vos-gcc","gcc:-O3 -Wall -DOPENSSL_SYS_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:", -"debug-vos-gcc","gcc:-O0 -g -Wall -DOPENSSL_SYS_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:", - -#### Solaris x86 with GNU C setups -# -DOPENSSL_NO_INLINE_ASM switches off inline assembler. We have to do it -# here because whenever GNU C instantiates an assembler template it -# surrounds it with #APP #NO_APP comment pair which (at least Solaris -# 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic" -# error message. -"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -march=pentium -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# -shared -static-libgcc might appear controversial, but modules taken -# from static libgcc do not have relocations and linking them into our -# shared objects doesn't have any negative side-effects. On the contrary, -# doing so makes it possible to use gcc shared build with Sun C. Given -# that gcc generates faster code [thanks to inline assembler], I would -# actually recommend to consider using gcc shared build even with vendor -# compiler:-) -# -"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", - -#### Solaris x86 with Sun C setups -"solaris-x86-cc","cc:-fast -xarch=generic -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", - -#### SPARC Solaris with GNU C setups -"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc -"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", -#### -"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -#### SPARC Solaris with Sun C setups -# SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2. -# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8 -# SC5.0 note: Compiler common patch 107357-01 or later is required! -"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", -#### -"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -#### IRIX 5.x configs -# -mips2 flag is added by ./config when appropriate. -"irix-gcc","gcc:-O3 -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"irix-cc", "cc:-O2 -use_readonly_const -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -#### IRIX 6.x configs -# Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke -# './Configure irix-cc -o32' manually. -"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", -"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", -# N64 ABI builds. -"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", - -#### Unified HP-UX ANSI C configs. -# Special notes: -# - Originally we were optimizing at +O4 level. It should be noted -# that the only difference between +O3 and +O4 is global inter- -# procedural analysis. As it has to be performed during the link -# stage the compiler leaves behind certain pseudo-code in lib*.a -# which might be release or even patch level specific. Generating -# the machine code for and analyzing the *whole* program appears -# to be *extremely* memory demanding while the performance gain is -# actually questionable. The situation is intensified by the default -# HP-UX data set size limit (infamous 'maxdsiz' tunable) of 64MB -# which is way too low for +O4. In other words, doesn't +O3 make -# more sense? -# - Keep in mind that the HP compiler by default generates code -# suitable for execution on the host you're currently compiling at. -# If the toolkit is ment to be used on various PA-RISC processors -# consider './config +DAportable'. -# - +DD64 is chosen in favour of +DA2.0W because it's meant to be -# compatible with *future* releases. -# - If you run ./Configure hpux-parisc-[g]cc manually don't forget to -# pass -D_REENTRANT on HP-UX 10 and later. -# - -DMD32_XARRAY triggers workaround for compiler bug we ran into in -# 32-bit message digests. (For the moment of this writing) HP C -# doesn't seem to "digest" too many local variables (they make "him" -# chew forever:-). For more details look-up MD32_XARRAY comment in -# crypto/sha/sha_lcl.h. -# -# -# Since there is mention of this in shlib/hpux10-cc.sh -"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux-parisc1_1-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${parisc11_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa1.1", -"hpux-parisc2-gcc","gcc:-march=2.0 -O3 -DB_ENDIAN -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1:".eval{my $asm=$parisc20_asm;$asm=~s/2W\./2\./;$asm=~s/:64/:32/;$asm}.":dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_32", -"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o:::::::::::::::void:dlfcn:hpux-shared:-fpic:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64", - -# More attempts at unified 10.X and 11.X targets for HP C compiler. -# -# Chris Ruemmler -# Kevin Steves -"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux-parisc1_1-cc","cc:+DA1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${parisc11_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa1.1", -"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:".eval{my $asm=$parisc20_asm;$asm=~s/2W\./2\./;$asm=~s/:64/:32/;$asm}.":dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_32", -"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${parisc20_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64", - -# HP/UX IA-64 targets -"hpux-ia64-cc","cc:-Ae +DD32 +O2 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD32 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux32", -# Frank Geurts has patiently assisted with -# with debugging of the following config. -"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux64", -# GCC builds... -"hpux-ia64-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux32", -"hpux64-ia64-gcc","gcc:-mlp64 -O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-mlp64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux64", - -# Legacy HPUX 9.X configs... -"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O2 -z::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -#### HP MPE/iX http://jazz.external.hp.com/src/openssl/ -"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::", - -# DEC Alpha OSF/1/Tru64 targets. -# -# "What's in a name? That which we call a rose -# By any other word would smell as sweet." -# -# - William Shakespeare, "Romeo & Juliet", Act II, scene II. -# -# For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version -# -"osf1-alpha-gcc", "gcc:-O3::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", -"osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", -"tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so", - -#### -#### Variety of LINUX:-) -#### -# *-generic* is endian-neutral target, but ./config is free to -# throw in -D[BL]_ENDIAN, whichever appropriate... -"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-ppc", "gcc:-DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -####################################################################### -# Note that -march is not among compiler options in below linux-armv4 -# target line. Not specifying one is intentional to give you choice to: -# -# a) rely on your compiler default by not specifying one; -# b) specify your target platform explicitly for optimal performance, -# e.g. -march=armv6 or -march=armv7-a; -# c) build "universal" binary that targets *range* of platforms by -# specifying minimum and maximum supported architecture; -# -# As for c) option. It actually makes no sense to specify maximum to be -# less than ARMv7, because it's the least requirement for run-time -# switch between platform-specific code paths. And without run-time -# switch performance would be equivalent to one for minimum. Secondly, -# there are some natural limitations that you'd have to accept and -# respect. Most notably you can *not* build "universal" binary for -# big-endian platform. This is because ARMv7 processor always picks -# instructions in little-endian order. Another similar limitation is -# that -mthumb can't "cross" -march=armv6t2 boundary, because that's -# where it became Thumb-2. Well, this limitation is a bit artificial, -# because it's not really impossible, but it's deemed too tricky to -# support. And of course you have to be sure that your binutils are -# actually up to the task of handling maximum target platform. With all -# this in mind here is an example of how to configure "universal" build: -# -# ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8 -# -"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-aarch64","gcc: -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# Configure script adds minimally required -march for assembly support, -# if no -march was specified at command line. mips32 and mips64 below -# refer to contemporary MIPS Architecture specifications, MIPS32 and -# MIPS64, rather than to kernel bitness. -"linux-mips32", "gcc:-mabi=32 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-mips64", "gcc:-mabi=n32 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:n32:dlfcn:linux-shared:-fPIC:-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", -"linux64-mips64", "gcc:-mabi=64 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -#### IA-32 targets... -"linux-ia32-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-aout", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out", -#### -"linux-generic64","gcc:-O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-ppc64", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"linux-ppc64le","gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:$ppc64_asm:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::", -"linux-ia64", "gcc:-DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"linux-x86_64-clang", "clang: -m64 -DL_ENDIAN -O3 -Weverything $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"linux-x86_64-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"linux-x32", "gcc:-mx32 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32:", -"linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -#### So called "highgprs" target for z/Architecture CPUs -# "Highgprs" is kernel feature first implemented in Linux 2.6.32, see -# /proc/cpuinfo. The idea is to preserve most significant bits of -# general purpose registers not only upon 32-bit process context -# switch, but even on asynchronous signal delivery to such process. -# This makes it possible to deploy 64-bit instructions even in legacy -# application context and achieve better [or should we say adequate] -# performance. The build is binary compatible with linux-generic32, -# and the idea is to be able to install the resulting libcrypto.so -# alongside generic one, e.g. as /lib/highgprs/libcrypto.so.x.y, for -# ldconfig and run-time linker to autodiscover. Unfortunately it -# doesn't work just yet, because of couple of bugs in glibc -# sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1... -"linux32-s390x", "gcc:-m31 -Wa,-mzarch -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs", -#### SPARC Linux setups -# Ray Miller has patiently -# assisted with debugging of following two configs. -"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# it's a real mess with -mcpu=ultrasparc option under Linux, but -# -Wa,-Av8plus should do the trick no matter what. -"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# GCC 3.1 is a requirement -"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -#### Alpha Linux with GNU C and Compaq C setups -# Special notes: -# - linux-alpha+bwx-gcc is ment to be used from ./config only. If you -# ought to run './Configure linux-alpha+bwx-gcc' manually, do -# complement the command line with -mcpu=ev56, -mcpu=ev6 or whatever -# which is appropriate. -# - If you use ccc keep in mind that -fast implies -arch host and the -# compiler is free to issue instructions which gonna make elder CPU -# choke. If you wish to build "blended" toolkit, add -arch generic -# *after* -fast and invoke './Configure linux-alpha-ccc' manually. -# -# -# -"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", -"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", -# -# TI_CGT_C6000_7.3.x is a requirement -"linux-c64xplus","cl6x:--linux -ea=.s -eo=.o -mv6400+ -o2 -ox -ms -pden -DOPENSSL_SMALL_FOOTPRINT::-D_REENTRANT:::BN_LLONG:c64xpluscpuid.o:bn-c64xplus.o c64xplus-gf2m.o:::aes-c64xplus.o aes_cbc.o aes_ctr.o:::sha1-c64xplus.o sha256-c64xplus.o sha512-c64xplus.o::rc4-c64xplus.o:::::ghash-c64xplus.o::void:dlfcn:linux-shared:--pic:-z --sysv --shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):true", - -# Android: linux-* but without pointers to headers and libs. -"android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"android-armv7","gcc:-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"android-mips","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -#### *BSD [do see comment about ${BSDthreads} above!] -"BSD-generic32","gcc:-O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-x86", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-sparcv8", "gcc:-DB_ENDIAN -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -"BSD-generic64","gcc:-O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# -DMD32_REG_T=int doesn't actually belong in sparc64 target, it -# simply *happens* to work around a compiler bug in gcc 3.3.3, -# triggered by RIPEMD160 code. -"BSD-sparc64", "gcc:-DB_ENDIAN -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-ia64", "gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-x86_64", "gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -"bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -"nextstep", "cc:-O -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", -"nextstep3.3", "cc:-O3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", - -# QNX -"qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:", -"QNX6", "gcc:::::-lsocket::${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"QNX6-i386", "gcc:-DL_ENDIAN -O2 -Wall::::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -#### SCO/Caldera targets. -# -# Originally we had like unixware-*, unixware-*-pentium, unixware-*-p6, etc. -# Now we only have blended unixware-* as it's the only one used by ./config. -# If you want to optimize for particular microarchitecture, bypass ./config -# and './Configure unixware-7 -Kpentium_pro' or whatever appropriate. -# Note that not all targets include assembler support. Mostly because of -# lack of motivation to support out-of-date platforms with out-of-date -# compiler drivers and assemblers. Tim Rice has -# patiently assisted to debug most of it. -# -# UnixWare 2.0x fails destest with -O. -"unixware-2.0","cc:-DFILIO_H -DNO_STRINGS_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::", -"unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::", -"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}-1:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -march=pentium -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}-1:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# SCO 5 - Ben Laurie says the -O breaks the SCO cc. -"sco5-cc", "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}-1:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}-1:dlfcn:svr3-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -#### IBM's AIX. -"aix3-cc", "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::", -"aix-gcc", "gcc:-O -DB_ENDIAN::-pthread:AIX::BN_LLONG RC4_CHAR:$ppc32_asm:aix32:dlfcn:aix-shared::-shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X32", -"aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-pthread:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:$ppc64_asm:aix64:dlfcn:aix-shared::-maix64 -shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64", -# Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE -# at build time. $OBJECT_MODE is respected at ./config stage! -"aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR:$ppc32_asm:aix32:dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32", -"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:$ppc64_asm:aix64:dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64", - -# SIEMENS BS2000/OSD: an EBCDIC-based mainframe -"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::", - -# OS/390 Unix an EBCDIC-based Unix system on IBM mainframe -# You need to compile using the c89.sh wrapper in the tools directory, because the -# IBM compiler does not like the -L switch after any object modules. -# -"OS390-Unix","c89.sh:-O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H -D_ALL_SOURCE::(unknown):::THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::", - -# Visual C targets -# -# Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64 -# -# Note about -wd4090, disable warning C4090. This warning returns false -# positives in some situations. Disabling it altogether masks both -# legitimate and false cases, but as we compile on multiple platforms, -# we rely on other compilers to catch legitimate cases. -"VC-WIN64I","cl:-W3 -wd4090 -Gs0 -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o ia64-mont.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32", -"VC-WIN64A","cl:-W3 -wd4090 -Gs0 -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32", -"debug-VC-WIN64I","cl:-W3 -wd4090 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32", -"debug-VC-WIN64A","cl:-W3 -wd4090 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32", -# x86 Win32 target defaults to ANSI API, if you want UNICODE, complement -# 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE' -"VC-WIN32","cl:-W3 -wd4090 -Gs0 -GF -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", -"debug-VC-WIN32","cl:-W3 -wd4090 -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", -# Unified CE target -"VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32", - -# Borland C++ 4.5 -"BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN:${no_asm}:win32", - -# MinGW -"mingw", "gcc:-mno-cygwin -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -fomit-frame-pointer -O3 -march=i486 -Wall::-D_MT:MINGW32:-lws2_32 -lgdi32 -lcrypt32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_asm}:coff:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin:.dll.a", -# As for OPENSSL_USE_APPLINK. Applink makes it possible to use .dll -# compiled with one compiler with application compiled with another -# compiler. It's possible to engage Applink support in mingw64 build, -# but it's not done, because till mingw64 supports structured exception -# handling, one can't seriously consider its binaries for using with -# non-mingw64 run-time environment. And as mingw64 is always consistent -# with itself, Applink is never engaged and can as well be omitted. -"mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE::-D_MT:MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a", - -# UWIN -"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", - -# Cygwin -"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:coff:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", -"Cygwin-x86_64", "gcc:-DTERMIOS -DL_ENDIAN -O3 -Wall:::CYGWIN::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:mingw64:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", - -# NetWare from David Ward (dsward at novell.com) -# requires either MetroWerks NLM development tools, or gcc / nlmconv -# NetWare defaults socket bio to WinSock sockets. However, -# the builds can be configured to use BSD sockets instead. -# netware-clib => legacy CLib c-runtime support -"netware-clib", "mwccnlm::::::${x86_gcc_opts}::", -"netware-clib-bsdsock", "mwccnlm::::::${x86_gcc_opts}::", -"netware-clib-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -I/ndk/ws295sdk/include -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYS_NETWARE -O2 -Wall:::::${x86_gcc_opts}::", -"netware-clib-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -DNETWARE_BSDSOCK -DNETDB_USE_INTERNET -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYS_NETWARE -O2 -Wall:::::${x86_gcc_opts}::", -# netware-libc => LibC/NKS support -"netware-libc", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::", -"netware-libc-bsdsock", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::", -"netware-libc-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -I/ndk/libc/include/winsock -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYS_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::", -"netware-libc-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYS_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::", - -# DJGPP -"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIO -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:", - -# Ultrix from Bernhard Simon -"ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::", -"ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown):::BN_LLONG::::", -# K&R C is no longer supported; you need gcc on old Ultrix installations -##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown):::::::", - -##### MacOS X (a.k.a. Darwin) setup -"darwin-ppc-cc","cc:-arch ppc -O3 -DB_ENDIAN -Wa,-force_cpusubtype_ALL::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc64_asm}:osx64:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:".eval{my $asm=$x86_asm;$asm=~s/cast\-586\.o//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"debug-darwin-i386-cc","cc:-arch i386 -g3 -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:${x86_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"debug-darwin64-x86_64-cc","cc:-arch x86_64 -ggdb -g2 -O0 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -# iPhoneOS/iOS -# -# It takes three prior-set environment variables to make it work: -# -# CROSS_COMPILE=/where/toolchain/is/usr/bin/ [note ending slash] -# CROSS_TOP=/where/SDKs/are -# CROSS_SDK=iPhoneOSx.y.sdk -# -# Exact paths vary with Xcode releases, but for couple of last ones -# they would look like this: -# -# CROSS_COMPILE=`xcode-select --print-path`/Toolchains/XcodeDefault.xctoolchain/usr/bin/ -# CROSS_TOP=`xcode-select --print-path`/Platforms/iPhoneOS.platform/Developer -# CROSS_SDK=iPhoneOS7.0.sdk -# -"iphoneos-cross","cc:-O3 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fomit-frame-pointer -fno-common::-D_REENTRANT:iOS:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"ios64-cross","cc:-O3 -arch arm64 -mios-version-min=7.0.0 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common::-D_REENTRANT:iOS:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:ios64:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", - -##### A/UX -"aux3-gcc","gcc:-O2 -DTERMIO::(unknown):AUX:-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::", - -##### GNU Hurd -"hurd-x86", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC", - -##### OS/2 EMX -"OS2-EMX", "gcc::::::::", - -##### VxWorks for various targets -"vxworks-ppc60x","ccppc:-D_REENTRANT -mrtp -mhard-float -mstrict-align -fno-implicit-fp -DPPC32_fp60x -O2 -fstrength-reduce -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/usr/h/wrn/coreip:::VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/common:::::", -"vxworks-ppcgen","ccppc:-D_REENTRANT -mrtp -msoft-float -mstrict-align -O1 -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/usr/h/wrn/coreip:::VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/sfcommon:::::", -"vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", -"vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::", -"vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::", -"vxworks-ppc860","ccppc:-nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", -"vxworks-simlinux","ccpentium:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DL_ENDIAN -DCPU=SIMLINUX -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/h -I\$(WIND_BASE)/target/h/wrn/coreip -DOPENSSL_NO_HW_PADLOCK:::VXWORKS:-r::${no_asm}::::::ranlibpentium:", -"vxworks-mips","ccmips:-mrtp -mips2 -O -G 0 -B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DCPU=MIPS32 -msoft-float -mno-branch-likely -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/h/wrn/coreip::-D_REENTRANT:VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/mips/MIPSI32/sfcommon::${mips32_asm}:o32::::::ranlibmips:", +); -# uClinux -"uClinux-dist","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):BN_LLONG:${no_asm}:$ENV{'LIBSSL_dlfcn'}:linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}::", -"uClinux-dist64","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):SIXTY_FOUR_BIT_LONG:${no_asm}:$ENV{'LIBSSL_dlfcn'}:linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}::", +# Read configuration target stanzas from a file, so that people can have +# local files with their own definitions +sub read_config { + my $fname = shift; + open(CONFFILE, "< $fname") + or die "Can't open configuration file '$fname'!\n"; + my $x = $/; + undef $/; + my $content = ; + $/ = $x; + close(CONFFILE); + my %targets = (); + eval $content; + %table = (%table, %targets); +} -); +my ($vol, $dir, $dummy) = File::Spec->splitpath($0); +my $pattern = File::Spec->catpath($vol, $dir, "Configurations*"); +foreach ( glob($pattern) ) { + &read_config($_); +} my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A debug-VC-WIN64I debug-VC-WIN64A @@ -708,9 +266,6 @@ my $bf_enc ="bf_enc.o"; my $cast_enc="c_enc.o"; my $rc4_enc="rc4_enc.o rc4_skey.o"; my $rc5_enc="rc5_enc.o"; -my $md5_obj=""; -my $sha1_obj=""; -my $rmd160_obj=""; my $cmll_enc="camellia.o cmll_misc.o cmll_cbc.o"; my $processor=""; my $default_ranlib; @@ -928,6 +483,10 @@ PROCESS_ARGS: { $cross_compile_prefix=$1; } + elsif (/^--config=(.*)$/) + { + read_config $1; + } elsif (/^-[lL](.*)$/ or /^-Wl,/) { $libs.=$_." "; @@ -1099,8 +658,8 @@ foreach (sort (keys %disabled)) { push @skip, $algo; # fix-up crypto/directory name(s) - @skip[$#skip]="whrlpool" if $algo eq "whirlpool"; - @skip[$#skip]="ripemd" if $algo eq "rmd160"; + $skip[$#skip]="whrlpool" if $algo eq "whirlpool"; + $skip[$#skip]="ripemd" if $algo eq "rmd160"; print " (skip dir)"; diff --git a/Makefile.org b/Makefile.org index f60ecf3..c932a6a 100644 --- a/Makefile.org +++ b/Makefile.org @@ -500,7 +500,7 @@ crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl $(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h -TABLE: Configure +TABLE: Configure Configurations Configurations.team (echo 'Output of `Configure TABLE'"':"; \ $(PERL) Configure TABLE) > TABLE From rsalz at openssl.org Tue Feb 24 22:45:26 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 24 Feb 2015 23:45:26 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150224224526.4835D1DF124@butler.localdomain> The branch master has been updated via 5b8aa1a2af738f93b535798bfc07069aada264e1 (commit) from f09e7ca94bd428203da770a874604754dace1b02 (commit) - Log ----------------------------------------------------------------- commit 5b8aa1a2af738f93b535798bfc07069aada264e1 Author: Rich Salz Date: Tue Feb 24 17:45:08 2015 -0500 Remove CVS filtering from find targets Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: Makefile.org | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile.org b/Makefile.org index c932a6a..4f5bff9 100644 --- a/Makefile.org +++ b/Makefile.org @@ -515,7 +515,7 @@ tar: find . -type d -print | xargs chmod 755 find . -type f -print | xargs chmod a+r find . -type f -perm -0100 -print | xargs chmod a+x - find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \ + find * \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \ $(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \ tardy --user_number=0 --user_name=openssl \ --group_number=0 --group_name=openssl \ @@ -526,7 +526,7 @@ tar: tar-snap: @$(TAR) $(TARFLAGS) -cvf - \ - `find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\ + `find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\ tardy --user_number=0 --user_name=openssl \ --group_number=0 --group_name=openssl \ --prefix=openssl-$(VERSION) - > ../$(TARFILE);\ From openssl-git at openssl.org Tue Feb 24 23:36:44 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Tue, 24 Feb 2015 23:36:44 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1424821004.561593.4285.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via 6e161ee39ede0686dc6ae9af115bf1c132f05db0 (commit) from 0e5e7af95584281548841cc8f3da5298a84eb5f9 (commit) - Log ----------------------------------------------------------------- commit 6e161ee39ede0686dc6ae9af115bf1c132f05db0 Author: Dr. Stephen Henson Date: Tue Feb 24 13:52:21 2015 +0000 Document -no_explicit Reviewed-by: Rich Salz (cherry picked from commit 384dee51242e950c56b3bac32145957bfbf3cd4b) ----------------------------------------------------------------------- Summary of changes: doc/apps/ocsp.pod | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/doc/apps/ocsp.pod b/doc/apps/ocsp.pod index 38f026a..2372b37 100644 --- a/doc/apps/ocsp.pod +++ b/doc/apps/ocsp.pod @@ -40,6 +40,7 @@ B B [B<-no_cert_verify>] [B<-no_chain>] [B<-no_cert_checks>] +[B<-no_explicit>] [B<-port num>] [B<-index file>] [B<-CA file>] @@ -189,6 +190,10 @@ testing purposes. do not use certificates in the response as additional untrusted CA certificates. +=item B<-no_explicit> + +do not explicitly trust the root CA if it is set to be trusted for OCSP signing. + =item B<-no_cert_checks> don't perform any additional checks on the OCSP response signers certificate. @@ -301,8 +306,9 @@ CA certificate in the request. If there is a match and the OCSPSigning extended key usage is present in the OCSP responder certificate then the OCSP verify succeeds. -Otherwise the root CA of the OCSP responders CA is checked to see if it -is trusted for OCSP signing. If it is the OCSP verify succeeds. +Otherwise, if B<-no_explicit> is B set the root CA of the OCSP responders +CA is checked to see if it is trusted for OCSP signing. If it is the OCSP +verify succeeds. If none of these checks is successful then the OCSP verify fails. From openssl-git at openssl.org Tue Feb 24 23:36:44 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Tue, 24 Feb 2015 23:36:44 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1424821004.615212.4308.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 9cd061725b4057f06d2d091352123ce9da790815 (commit) from e347d80287f18fce0db4571d5ee7285f1b14b82b (commit) - Log ----------------------------------------------------------------- commit 9cd061725b4057f06d2d091352123ce9da790815 Author: Dr. Stephen Henson Date: Tue Feb 24 13:52:21 2015 +0000 Document -no_explicit Reviewed-by: Rich Salz (cherry picked from commit 384dee51242e950c56b3bac32145957bfbf3cd4b) ----------------------------------------------------------------------- Summary of changes: doc/apps/ocsp.pod | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/doc/apps/ocsp.pod b/doc/apps/ocsp.pod index 38f026a..2372b37 100644 --- a/doc/apps/ocsp.pod +++ b/doc/apps/ocsp.pod @@ -40,6 +40,7 @@ B B [B<-no_cert_verify>] [B<-no_chain>] [B<-no_cert_checks>] +[B<-no_explicit>] [B<-port num>] [B<-index file>] [B<-CA file>] @@ -189,6 +190,10 @@ testing purposes. do not use certificates in the response as additional untrusted CA certificates. +=item B<-no_explicit> + +do not explicitly trust the root CA if it is set to be trusted for OCSP signing. + =item B<-no_cert_checks> don't perform any additional checks on the OCSP response signers certificate. @@ -301,8 +306,9 @@ CA certificate in the request. If there is a match and the OCSPSigning extended key usage is present in the OCSP responder certificate then the OCSP verify succeeds. -Otherwise the root CA of the OCSP responders CA is checked to see if it -is trusted for OCSP signing. If it is the OCSP verify succeeds. +Otherwise, if B<-no_explicit> is B set the root CA of the OCSP responders +CA is checked to see if it is trusted for OCSP signing. If it is the OCSP +verify succeeds. If none of these checks is successful then the OCSP verify fails. From openssl-git at openssl.org Tue Feb 24 23:36:44 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Tue, 24 Feb 2015 23:36:44 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1424821004.664858.4335.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 36b619a06e5a2a296058f8dbf11a74f95cb3f71d (commit) via 13c1807041c9e2a502ee9af418f723bbf135e24c (commit) from f243def213b24256db997bb30f729bc23d2c9d0a (commit) - Log ----------------------------------------------------------------- commit 36b619a06e5a2a296058f8dbf11a74f95cb3f71d Author: Dr. Stephen Henson Date: Tue Feb 24 13:52:21 2015 +0000 Document -no_explicit Reviewed-by: Rich Salz (cherry picked from commit 384dee51242e950c56b3bac32145957bfbf3cd4b) commit 13c1807041c9e2a502ee9af418f723bbf135e24c Author: Andy Polyakov Date: Sun Feb 22 17:43:11 2015 +0100 Fix crash in SPARC T4 XTS. Reviewed-by: Tim Hudson (cherry picked from commit 775b669de3ba84d8dce16ff5e2bdffe263c05c4b) ----------------------------------------------------------------------- Summary of changes: crypto/aes/Makefile | 2 +- crypto/camellia/Makefile | 2 +- crypto/perlasm/sparcv9_modes.pl | 1 + doc/apps/ocsp.pod | 10 ++++++++-- 4 files changed, 11 insertions(+), 4 deletions(-) diff --git a/crypto/aes/Makefile b/crypto/aes/Makefile index 709b1af..b94ca72 100644 --- a/crypto/aes/Makefile +++ b/crypto/aes/Makefile @@ -72,7 +72,7 @@ aesni-mb-x86_64.s: asm/aesni-mb-x86_64.pl aes-sparcv9.s: asm/aes-sparcv9.pl $(PERL) asm/aes-sparcv9.pl $(CFLAGS) > $@ -aest4-sparcv9.s: asm/aest4-sparcv9.pl +aest4-sparcv9.s: asm/aest4-sparcv9.pl ../perlasm/sparcv9_modes.pl $(PERL) asm/aest4-sparcv9.pl $(CFLAGS) > $@ aes-ppc.s: asm/aes-ppc.pl diff --git a/crypto/camellia/Makefile b/crypto/camellia/Makefile index 88535f9..60e8960 100644 --- a/crypto/camellia/Makefile +++ b/crypto/camellia/Makefile @@ -48,7 +48,7 @@ cmll-x86.s: asm/cmll-x86.pl ../perlasm/x86asm.pl $(PERL) asm/cmll-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ cmll-x86_64.s: asm/cmll-x86_64.pl $(PERL) asm/cmll-x86_64.pl $(PERLASM_SCHEME) > $@ -cmllt4-sparcv9.s: asm/cmllt4-sparcv9.pl +cmllt4-sparcv9.s: asm/cmllt4-sparcv9.pl ../perlasm/sparcv9_modes.pl $(PERL) asm/cmllt4-sparcv9.pl $(CFLAGS) > $@ files: diff --git a/crypto/perlasm/sparcv9_modes.pl b/crypto/perlasm/sparcv9_modes.pl index dc55b34..eb267a5 100644 --- a/crypto/perlasm/sparcv9_modes.pl +++ b/crypto/perlasm/sparcv9_modes.pl @@ -1249,6 +1249,7 @@ $code.=<<___; fxor %f8, %f4, %f4 fxor %f10, %f6, %f6 + subcc $len, 2, $len stda %f0, [$out]0xe2 ! ASI_BLK_INIT, T4-specific add $out, 8, $out stda %f2, [$out]0xe2 ! ASI_BLK_INIT, T4-specific diff --git a/doc/apps/ocsp.pod b/doc/apps/ocsp.pod index 38f026a..2372b37 100644 --- a/doc/apps/ocsp.pod +++ b/doc/apps/ocsp.pod @@ -40,6 +40,7 @@ B B [B<-no_cert_verify>] [B<-no_chain>] [B<-no_cert_checks>] +[B<-no_explicit>] [B<-port num>] [B<-index file>] [B<-CA file>] @@ -189,6 +190,10 @@ testing purposes. do not use certificates in the response as additional untrusted CA certificates. +=item B<-no_explicit> + +do not explicitly trust the root CA if it is set to be trusted for OCSP signing. + =item B<-no_cert_checks> don't perform any additional checks on the OCSP response signers certificate. @@ -301,8 +306,9 @@ CA certificate in the request. If there is a match and the OCSPSigning extended key usage is present in the OCSP responder certificate then the OCSP verify succeeds. -Otherwise the root CA of the OCSP responders CA is checked to see if it -is trusted for OCSP signing. If it is the OCSP verify succeeds. +Otherwise, if B<-no_explicit> is B set the root CA of the OCSP responders +CA is checked to see if it is trusted for OCSP signing. If it is the OCSP +verify succeeds. If none of these checks is successful then the OCSP verify fails. From openssl-git at openssl.org Tue Feb 24 23:36:44 2015 From: openssl-git at openssl.org (OpenSSL git user) Date: Tue, 24 Feb 2015 23:36:44 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1424821004.706154.4358.nullmailer@dev.openssl.org> The branch master has been updated via 5b8aa1a2af738f93b535798bfc07069aada264e1 (commit) via f09e7ca94bd428203da770a874604754dace1b02 (commit) via 384dee51242e950c56b3bac32145957bfbf3cd4b (commit) via 775b669de3ba84d8dce16ff5e2bdffe263c05c4b (commit) via e620e5ae37bc3fc5e457ebf3edcdd01b20f8c5dd (commit) via ccc227565da59c4d6c707925c4230ab2afa2cf87 (commit) from 2f8d82d6418c4de8330e2870c1ca6386dc9e1b34 (commit) - Log ----------------------------------------------------------------- commit 5b8aa1a2af738f93b535798bfc07069aada264e1 Author: Rich Salz Date: Tue Feb 24 17:45:08 2015 -0500 Remove CVS filtering from find targets Reviewed-by: Richard Levitte commit f09e7ca94bd428203da770a874604754dace1b02 Author: Rich Salz Date: Tue Feb 24 17:40:22 2015 -0500 Move build config table to separate files. Move the build configuration table into separate files. The Configurations file is standard configs, and Configurations.team is for openssl-team members. Any other file, Configurations*, found in the same directory as the Configure script, is loaded. To add another file, use --config=FILE flags (which should probably be an absolute path). Written by Stefen Eissing and Rich Salz , contributed by Akamai Technologies. Reviewed-by: Richard Levitte commit 384dee51242e950c56b3bac32145957bfbf3cd4b Author: Dr. Stephen Henson Date: Tue Feb 24 13:52:21 2015 +0000 Document -no_explicit Reviewed-by: Rich Salz commit 775b669de3ba84d8dce16ff5e2bdffe263c05c4b Author: Andy Polyakov Date: Sun Feb 22 17:43:11 2015 +0100 Fix crash in SPARC T4 XTS. Reviewed-by: Tim Hudson commit e620e5ae37bc3fc5e457ebf3edcdd01b20f8c5dd Author: Andy Polyakov Date: Tue Feb 24 10:07:22 2015 +0100 aes/asm/bsaes-armv7: fix kernel-side XTS and harmonize with Linux. XTS bug spotted and fix suggested by Adrian Kotelba. Reviewed-by: Tim Hudson commit ccc227565da59c4d6c707925c4230ab2afa2cf87 Author: Dr. Stephen Henson Date: Tue Feb 24 02:27:51 2015 +0000 Don't set no_protocol if -tls1 selected. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: Configurations | 431 ++++++++++++++++++++++++++++++++++ Configurations.team | 47 ++++ Configure | 509 +++------------------------------------- Makefile.org | 6 +- crypto/aes/Makefile | 2 +- crypto/aes/asm/bsaes-armv7.pl | 4 +- crypto/camellia/Makefile | 2 +- crypto/perlasm/sparcv9_modes.pl | 1 + doc/apps/ocsp.pod | 10 +- ssl/ssltest.c | 1 - 10 files changed, 529 insertions(+), 484 deletions(-) create mode 100644 Configurations create mode 100644 Configurations.team diff --git a/Configurations b/Configurations new file mode 100644 index 0000000..47a5a3f --- /dev/null +++ b/Configurations @@ -0,0 +1,431 @@ +## Standard openssl configuration targets. +## +## If you edit this file, run this command before committing +## make -f Makefile.org TABLE +## This file is interpolated by the Configure script. + +# Filler used for when there are no asm files. +my $no_asm_filler="::::::::::::::::void"; + +%targets = ( + +# Basic configs that should work on any (32 and less bit) box +"gcc", "gcc:-O3::(unknown):::BN_LLONG:::", +"cc", "cc:-O::(unknown)::::::", + +####VOS Configurations +"vos-gcc","gcc:-O3 -Wall -DOPENSSL_SYS_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm_filler}:::::.so:", +"debug-vos-gcc","gcc:-O0 -g -Wall -DOPENSSL_SYS_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm_filler}:::::.so:", + +#### Solaris x86 with GNU C setups +# -DOPENSSL_NO_INLINE_ASM switches off inline assembler. We have to do it +# here because whenever GNU C instantiates an assembler template it +# surrounds it with #APP #NO_APP comment pair which (at least Solaris +# 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic" +# error message. +"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -march=pentium -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# -shared -static-libgcc might appear controversial, but modules taken +# from static libgcc do not have relocations and linking them into our +# shared objects doesn't have any negative side-effects. On the contrary, +# doing so makes it possible to use gcc shared build with Sun C. Given +# that gcc generates faster code [thanks to inline assembler], I would +# actually recommend to consider using gcc shared build even with vendor +# compiler:-) +# +"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", + +#### Solaris x86 with Sun C setups +"solaris-x86-cc","cc:-fast -xarch=generic -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm_filler}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", + +#### SPARC Solaris with GNU C setups +"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm_filler}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc +"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", +#### +"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +#### SPARC Solaris with Sun C setups +# SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2. +# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8 +# SC5.0 note: Compiler common patch 107357-01 or later is required! +"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${no_asm_filler}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", +#### +"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +#### IRIX 5.x configs +# -mips2 flag is added by ./config when appropriate. +"irix-gcc","gcc:-O3 -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"irix-cc", "cc:-O2 -use_readonly_const -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +#### IRIX 6.x configs +# Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke +# './Configure irix-cc -o32' manually. +"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", +"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", +# N64 ABI builds. +"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", + +#### Unified HP-UX ANSI C configs. +# Special notes: +# - Originally we were optimizing at +O4 level. It should be noted +# that the only difference between +O3 and +O4 is global inter- +# procedural analysis. As it has to be performed during the link +# stage the compiler leaves behind certain pseudo-code in lib*.a +# which might be release or even patch level specific. Generating +# the machine code for and analyzing the *whole* program appears +# to be *extremely* memory demanding while the performance gain is +# actually questionable. The situation is intensified by the default +# HP-UX data set size limit (infamous 'maxdsiz' tunable) of 64MB +# which is way too low for +O4. In other words, doesn't +O3 make +# more sense? +# - Keep in mind that the HP compiler by default generates code +# suitable for execution on the host you're currently compiling at. +# If the toolkit is ment to be used on various PA-RISC processors +# consider './config +DAportable'. +# - +DD64 is chosen in favour of +DA2.0W because it's meant to be +# compatible with *future* releases. +# - If you run ./Configure hpux-parisc-[g]cc manually don't forget to +# pass -D_REENTRANT on HP-UX 10 and later. +# - -DMD32_XARRAY triggers workaround for compiler bug we ran into in +# 32-bit message digests. (For the moment of this writing) HP C +# doesn't seem to "digest" too many local variables (they make "him" +# chew forever:-). For more details look-up MD32_XARRAY comment in +# crypto/sha/sha_lcl.h. +# +# +# Since there is mention of this in shlib/hpux10-cc.sh +"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm_filler}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm_filler}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-parisc1_1-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${parisc11_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa1.1", +"hpux-parisc2-gcc","gcc:-march=2.0 -O3 -DB_ENDIAN -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1:".eval{my $asm=$parisc20_asm;$asm=~s/2W\./2\./;$asm=~s/:64/:32/;$asm}.":dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_32", +"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o:::::::::::::::void:dlfcn:hpux-shared:-fpic:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64", + +# More attempts at unified 10.X and 11.X targets for HP C compiler. +# +# Chris Ruemmler +# Kevin Steves +"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${no_asm_filler}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-parisc1_1-cc","cc:+DA1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${parisc11_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa1.1", +"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:".eval{my $asm=$parisc20_asm;$asm=~s/2W\./2\./;$asm=~s/:64/:32/;$asm}.":dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_32", +"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${parisc20_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64", + +# HP/UX IA-64 targets +"hpux-ia64-cc","cc:-Ae +DD32 +O2 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD32 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux32", +# Frank Geurts has patiently assisted with +# with debugging of the following config. +"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux64", +# GCC builds... +"hpux-ia64-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux32", +"hpux64-ia64-gcc","gcc:-mlp64 -O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-mlp64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux64", + +# Legacy HPUX 9.X configs... +"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O2 -z::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm_filler}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm_filler}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +#### HP MPE/iX http://jazz.external.hp.com/src/openssl/ +"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::", + +# DEC Alpha OSF/1/Tru64 targets. +# +# "What's in a name? That which we call a rose +# By any other word would smell as sweet." +# +# - William Shakespeare, "Romeo & Juliet", Act II, scene II. +# +# For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version +# +"osf1-alpha-gcc", "gcc:-O3::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", +"osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", +"tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so", + +#### +#### Variety of LINUX:-) +#### +# *-generic* is endian-neutral target, but ./config is free to +# throw in -D[BL]_ENDIAN, whichever appropriate... +"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm_filler}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-ppc", "gcc:-DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +####################################################################### +# Note that -march is not among compiler options in below linux-armv4 +# target line. Not specifying one is intentional to give you choice to: +# +# a) rely on your compiler default by not specifying one; +# b) specify your target platform explicitly for optimal performance, +# e.g. -march=armv6 or -march=armv7-a; +# c) build "universal" binary that targets *range* of platforms by +# specifying minimum and maximum supported architecture; +# +# As for c) option. It actually makes no sense to specify maximum to be +# less than ARMv7, because it's the least requirement for run-time +# switch between platform-specific code paths. And without run-time +# switch performance would be equivalent to one for minimum. Secondly, +# there are some natural limitations that you'd have to accept and +# respect. Most notably you can *not* build "universal" binary for +# big-endian platform. This is because ARMv7 processor always picks +# instructions in little-endian order. Another similar limitation is +# that -mthumb can't "cross" -march=armv6t2 boundary, because that's +# where it became Thumb-2. Well, this limitation is a bit artificial, +# because it's not really impossible, but it's deemed too tricky to +# support. And of course you have to be sure that your binutils are +# actually up to the task of handling maximum target platform. With all +# this in mind here is an example of how to configure "universal" build: +# +# ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8 +# +"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-aarch64","gcc: -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# Configure script adds minimally required -march for assembly support, +# if no -march was specified at command line. mips32 and mips64 below +# refer to contemporary MIPS Architecture specifications, MIPS32 and +# MIPS64, rather than to kernel bitness. +"linux-mips32", "gcc:-mabi=32 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-mips64", "gcc:-mabi=n32 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:n32:dlfcn:linux-shared:-fPIC:-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", +"linux64-mips64", "gcc:-mabi=64 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +#### IA-32 targets... +"linux-ia32-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-aout", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out", +#### +"linux-generic64","gcc:-O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm_filler}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-ppc64", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux-ppc64le","gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:$ppc64_asm:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::", +"linux-ia64", "gcc:-DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux-x86_64-clang", "clang: -m64 -DL_ENDIAN -O3 -Weverything $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux-x86_64-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux-x32", "gcc:-mx32 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32:", +"linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +#### So called "highgprs" target for z/Architecture CPUs +# "Highgprs" is kernel feature first implemented in Linux 2.6.32, see +# /proc/cpuinfo. The idea is to preserve most significant bits of +# general purpose registers not only upon 32-bit process context +# switch, but even on asynchronous signal delivery to such process. +# This makes it possible to deploy 64-bit instructions even in legacy +# application context and achieve better [or should we say adequate] +# performance. The build is binary compatible with linux-generic32, +# and the idea is to be able to install the resulting libcrypto.so +# alongside generic one, e.g. as /lib/highgprs/libcrypto.so.x.y, for +# ldconfig and run-time linker to autodiscover. Unfortunately it +# doesn't work just yet, because of couple of bugs in glibc +# sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1... +"linux32-s390x", "gcc:-m31 -Wa,-mzarch -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs", +#### SPARC Linux setups +# Ray Miller has patiently +# assisted with debugging of following two configs. +"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# it's a real mess with -mcpu=ultrasparc option under Linux, but +# -Wa,-Av8plus should do the trick no matter what. +"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# GCC 3.1 is a requirement +"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +#### Alpha Linux with GNU C and Compaq C setups +# Special notes: +# - linux-alpha+bwx-gcc is ment to be used from ./config only. If you +# ought to run './Configure linux-alpha+bwx-gcc' manually, do +# complement the command line with -mcpu=ev56, -mcpu=ev6 or whatever +# which is appropriate. +# - If you use ccc keep in mind that -fast implies -arch host and the +# compiler is free to issue instructions which gonna make elder CPU +# choke. If you wish to build "blended" toolkit, add -arch generic +# *after* -fast and invoke './Configure linux-alpha-ccc' manually. +"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", +"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", +# +# TI_CGT_C6000_7.3.x is a requirement +"linux-c64xplus","cl6x:--linux -ea=.s -eo=.o -mv6400+ -o2 -ox -ms -pden -DOPENSSL_SMALL_FOOTPRINT::-D_REENTRANT:::BN_LLONG:c64xpluscpuid.o:bn-c64xplus.o c64xplus-gf2m.o:::aes-c64xplus.o aes_cbc.o aes_ctr.o:::sha1-c64xplus.o sha256-c64xplus.o sha512-c64xplus.o::rc4-c64xplus.o:::::ghash-c64xplus.o::void:dlfcn:linux-shared:--pic:-z --sysv --shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):true", + +# Android: linux-* but without pointers to headers and libs. +"android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm_filler}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"android-armv7","gcc:-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"android-mips","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +#### *BSD [do see comment about ${BSDthreads} in Configure!] +"BSD-generic32","gcc:-O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm_filler}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-x86", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-sparcv8", "gcc:-DB_ENDIAN -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +"BSD-generic64","gcc:-O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm_filler}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# -DMD32_REG_T=int doesn't actually belong in sparc64 target, it +# simply *happens* to work around a compiler bug in gcc 3.3.3, +# triggered by RIPEMD160 code. +"BSD-sparc64", "gcc:-DB_ENDIAN -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-ia64", "gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-x86_64", "gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +"bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +"nextstep", "cc:-O -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", +"nextstep3.3", "cc:-O3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", + +# QNX +"qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:", +"QNX6", "gcc:::::-lsocket::${no_asm_filler}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"QNX6-i386", "gcc:-DL_ENDIAN -O2 -Wall::::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +#### SCO/Caldera targets. +# +# Originally we had like unixware-*, unixware-*-pentium, unixware-*-p6, etc. +# Now we only have blended unixware-* as it's the only one used by ./config. +# If you want to optimize for particular microarchitecture, bypass ./config +# and './Configure unixware-7 -Kpentium_pro' or whatever appropriate. +# Note that not all targets include assembler support. Mostly because of +# lack of motivation to support out-of-date platforms with out-of-date +# compiler drivers and assemblers. Tim Rice has +# patiently assisted to debug most of it. +# +# UnixWare 2.0x fails destest with -O. +"unixware-2.0","cc:-DFILIO_H -DNO_STRINGS_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::", +"unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::", +"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}-1:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -march=pentium -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}-1:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# SCO 5 - Ben Laurie says the -O breaks the SCO cc. +"sco5-cc", "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}-1:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}-1:dlfcn:svr3-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +#### IBM's AIX. +"aix3-cc", "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::", +"aix-gcc", "gcc:-O -DB_ENDIAN::-pthread:AIX::BN_LLONG RC4_CHAR:$ppc32_asm:aix32:dlfcn:aix-shared::-shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X32", +"aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-pthread:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:$ppc64_asm:aix64:dlfcn:aix-shared::-maix64 -shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64", +# Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE +# at build time. $OBJECT_MODE is respected at ./config stage! +"aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR:$ppc32_asm:aix32:dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32", +"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:$ppc64_asm:aix64:dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64", + +# SIEMENS BS2000/OSD: an EBCDIC-based mainframe +"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::", + +# OS/390 Unix an EBCDIC-based Unix system on IBM mainframe +# You need to compile using the c89.sh wrapper in the tools directory, because the +# IBM compiler does not like the -L switch after any object modules. +# +"OS390-Unix","c89.sh:-O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H -D_ALL_SOURCE::(unknown):::THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::", + +# Visual C targets +# +# Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64 +# +# Note about -wd4090, disable warning C4090. This warning returns false +# positives in some situations. Disabling it altogether masks both +# legitimate and false cases, but as we compile on multiple platforms, +# we rely on other compilers to catch legitimate cases. +"VC-WIN64I","cl:-W3 -wd4090 -Gs0 -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o ia64-mont.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32", +"VC-WIN64A","cl:-W3 -wd4090 -Gs0 -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32", +"debug-VC-WIN64I","cl:-W3 -wd4090 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32", +"debug-VC-WIN64A","cl:-W3 -wd4090 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32", +# x86 Win32 target defaults to ANSI API, if you want UNICODE, complement +# 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE' +"VC-WIN32","cl:-W3 -wd4090 -Gs0 -GF -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", +"debug-VC-WIN32","cl:-W3 -wd4090 -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", +# Unified CE target +"VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm_filler}:win32", + +# Borland C++ 4.5 +"BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN:${no_asm_filler}:win32", + +# MinGW +"mingw", "gcc:-mno-cygwin -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -fomit-frame-pointer -O3 -march=i486 -Wall::-D_MT:MINGW32:-lws2_32 -lgdi32 -lcrypt32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_asm}:coff:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin:.dll.a", +# As for OPENSSL_USE_APPLINK. Applink makes it possible to use .dll +# compiled with one compiler with application compiled with another +# compiler. It's possible to engage Applink support in mingw64 build, +# but it's not done, because till mingw64 supports structured exception +# handling, one can't seriously consider its binaries for using with +# non-mingw64 run-time environment. And as mingw64 is always consistent +# with itself, Applink is never engaged and can as well be omitted. +"mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE::-D_MT:MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a", + +# UWIN +"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm_filler}:win32", + +# Cygwin +"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:coff:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", +"Cygwin-x86_64", "gcc:-DTERMIOS -DL_ENDIAN -O3 -Wall:::CYGWIN::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:mingw64:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", + +# NetWare from David Ward (dsward at novell.com) +# requires either MetroWerks NLM development tools, or gcc / nlmconv +# NetWare defaults socket bio to WinSock sockets. However, +# the builds can be configured to use BSD sockets instead. +# netware-clib => legacy CLib c-runtime support +"netware-clib", "mwccnlm::::::${x86_gcc_opts}::", +"netware-clib-bsdsock", "mwccnlm::::::${x86_gcc_opts}::", +"netware-clib-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -I/ndk/ws295sdk/include -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYS_NETWARE -O2 -Wall:::::${x86_gcc_opts}::", +"netware-clib-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -DNETWARE_BSDSOCK -DNETDB_USE_INTERNET -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYS_NETWARE -O2 -Wall:::::${x86_gcc_opts}::", +# netware-libc => LibC/NKS support +"netware-libc", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::", +"netware-libc-bsdsock", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::", +"netware-libc-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -I/ndk/libc/include/winsock -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYS_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::", +"netware-libc-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYS_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::", + +# DJGPP +"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIO -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:", + +# Ultrix from Bernhard Simon +"ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::", +"ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown):::BN_LLONG::::", +# K&R C is no longer supported; you need gcc on old Ultrix installations +##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown):::::::", + +##### MacOS X (a.k.a. Darwin) setup +"darwin-ppc-cc","cc:-arch ppc -O3 -DB_ENDIAN -Wa,-force_cpusubtype_ALL::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc64_asm}:osx64:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:".eval{my $asm=$x86_asm;$asm=~s/cast\-586\.o//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"debug-darwin-i386-cc","cc:-arch i386 -g3 -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:${x86_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"debug-darwin64-x86_64-cc","cc:-arch x86_64 -ggdb -g2 -O0 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +# iPhoneOS/iOS +# +# It takes three prior-set environment variables to make it work: +# +# CROSS_COMPILE=/where/toolchain/is/usr/bin/ [note ending slash] +# CROSS_TOP=/where/SDKs/are +# CROSS_SDK=iPhoneOSx.y.sdk +# +# Exact paths vary with Xcode releases, but for couple of last ones +# they would look like this: +# +# CROSS_COMPILE=`xcode-select --print-path`/Toolchains/XcodeDefault.xctoolchain/usr/bin/ +# CROSS_TOP=`xcode-select --print-path`/Platforms/iPhoneOS.platform/Developer +# CROSS_SDK=iPhoneOS7.0.sdk +# +"iphoneos-cross","cc:-O3 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fomit-frame-pointer -fno-common::-D_REENTRANT:iOS:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm_filler}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"ios64-cross","cc:-O3 -arch arm64 -mios-version-min=7.0.0 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common::-D_REENTRANT:iOS:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:ios64:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", + +##### A/UX +"aux3-gcc","gcc:-O2 -DTERMIO::(unknown):AUX:-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::", + +##### GNU Hurd +"hurd-x86", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC", + +##### OS/2 EMX +"OS2-EMX", "gcc::::::::", + +##### VxWorks for various targets +"vxworks-ppc60x","ccppc:-D_REENTRANT -mrtp -mhard-float -mstrict-align -fno-implicit-fp -DPPC32_fp60x -O2 -fstrength-reduce -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/usr/h/wrn/coreip:::VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/common:::::", +"vxworks-ppcgen","ccppc:-D_REENTRANT -mrtp -msoft-float -mstrict-align -O1 -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/usr/h/wrn/coreip:::VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/sfcommon:::::", +"vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", +"vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::", +"vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::", +"vxworks-ppc860","ccppc:-nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", +"vxworks-simlinux","ccpentium:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DL_ENDIAN -DCPU=SIMLINUX -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/h -I\$(WIND_BASE)/target/h/wrn/coreip -DOPENSSL_NO_HW_PADLOCK:::VXWORKS:-r::${no_asm_filler}::::::ranlibpentium:", +"vxworks-mips","ccmips:-mrtp -mips2 -O -G 0 -B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DCPU=MIPS32 -msoft-float -mno-branch-likely -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/h/wrn/coreip::-D_REENTRANT:VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/mips/MIPSI32/sfcommon::${mips32_asm}:o32::::::ranlibmips:", + +# uClinux +"uClinux-dist","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):BN_LLONG:${no_asm_filler}:$ENV{'LIBSSL_dlfcn'}:linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}::", +"uClinux-dist64","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):SIXTY_FOUR_BIT_LONG:${no_asm_filler}:$ENV{'LIBSSL_dlfcn'}:linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}::", + +); diff --git a/Configurations.team b/Configurations.team new file mode 100644 index 0000000..cfc2b16 --- /dev/null +++ b/Configurations.team @@ -0,0 +1,47 @@ +## Build configuration targets for openssl-team members +## +## If you edit this file, run this command before committing +## make -f Makefile.org TABLE +## This file is interpolated by the Configure script. + +# Filler used for when there are no asm files. +my $no_asm_filler="::::::::::::::::void"; + +%targets = ( +"purify", "purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::", +"debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::", +"debug-ben", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DDEBUG_SAFESTACK -O2 -pipe::(unknown):::::", +"debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", +"debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", +"debug-ben-debug", "gcc:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DOPENSSL_NO_HW_PADLOCK -g3 -O2 -pipe::(unknown)::::::", +"debug-ben-debug-64", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-ben-debug-64-clang", "clang:$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-ben-debug-64-noopt", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-ben-macos", "cc:$gcc_devteam_warn -DOPENSSL_NO_ASM -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch i386 -O3 -DL_ENDIAN -g3 -pipe::(unknown)::::::", +"debug-ben-no-opt", "gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -Wall -g3::(unknown)::::::", +"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", +"debug-ben-darwin64","cc:$gcc_devteam_warn -Wno-language-extension-token -Wno-extended-offsetof -arch x86_64 -O3 -DL_ENDIAN -DMD32_REG_T=int -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:$x86_64_asm:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"debug-rse","cc:-DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", +"debug-bodo", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"debug-erbridge", "gcc:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm_filler}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm_filler}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-geoff32","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG:${no_asm_filler}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-geoff64","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm_filler}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", +"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", +"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o::des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o:e_padlock-x86.o:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm_filler}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm_filler}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"dist", "cc:-O::(unknown)::::::", +"debug-test-64-clang", "clang:$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"darwin64-debug-test-64-clang", "clang:-arch x86_64 -DL_ENDIAN $gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:MACOSX::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +); diff --git a/Configure b/Configure index 1ea3a60..5dbfa6c 100755 --- a/Configure +++ b/Configure @@ -9,13 +9,18 @@ eval 'exec perl -S $0 ${1+"$@"}' require 5.000; use strict; +use File::Basename; +use File::Spec::Functions; # see INSTALL for instructions. -my $usage="Usage: Configure [no- ...] [enable- ...] [experimental- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; +my $usage="Usage: Configure [no- ...] [enable- ...] [experimental- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] [--config=FILE] os/compiler[:flags]\n"; # Options: # +# --config add the given configuration file, which will be read after +# any "Configurations*" files that are found in the same +# directory as this script. # --openssldir install OpenSSL in OPENSSLDIR (Default: DIR/ssl if the # --prefix option is given; /usr/local/ssl otherwise) # --prefix prefix for the OpenSSL include, lib and bin directories @@ -146,7 +151,6 @@ my $parisc11_asm="pariscid.o:bn_asm.o parisc-mont.o:::aes_core.o aes_cbc.o aes-p my $parisc20_asm="pariscid.o:pa-risc2W.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::64"; my $ppc64_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o:::aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o:::sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o:::::::ghashp8-ppc.o:"; my $ppc32_asm=$ppc64_asm; -my $no_asm="::::::::::::::::void"; # As for $BSDthreads. Idea is to maintain "collective" set of flags, # which would cover all BSD flavors. -pthread applies to them all, @@ -159,477 +163,31 @@ my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT"; #config-string $cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $cpuid_obj : $bn_obj : $ec_obj : $des_obj : $aes_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $wp_obj : $cmll_obj : $modes_obj : $engines_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags : $multilib +# table of known configurations, read in from files my %table=( -# File 'TABLE' (created by 'make TABLE') contains the data from this list, -# formatted for better readability. - - -#"b", "${tcc}:${tflags}::${tlib}:${bits1}:${tbn_mul}::", -#"bl-4c-2c", "${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:${tbn_mul}::", -#"bl-4c-ri", "${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:${tbn_mul}::", -#"b2-is-ri-dp", "${tcc}:${tflags}::${tlib}:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:${tbn_mul}::", - -# Our development configs -"purify", "purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::", -"debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::", -"debug-ben", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DDEBUG_SAFESTACK -O2 -pipe::(unknown):::::", -"debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", -"debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", -"debug-ben-debug", "gcc:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DOPENSSL_NO_HW_PADLOCK -g3 -O2 -pipe::(unknown)::::::", -"debug-ben-debug-64", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-ben-debug-64-clang", "clang:$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-ben-debug-64-noopt", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-ben-macos", "cc:$gcc_devteam_warn -DOPENSSL_NO_ASM -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch i386 -O3 -DL_ENDIAN -g3 -pipe::(unknown)::::::", -"debug-ben-no-opt", "gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -Wall -g3::(unknown)::::::", -"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", -"debug-ben-darwin64","cc:$gcc_devteam_warn -Wno-language-extension-token -Wno-extended-offsetof -arch x86_64 -O3 -DL_ENDIAN -DMD32_REG_T=int -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:$x86_64_asm:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"debug-rse","cc:-DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", -"debug-bodo", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"debug-erbridge", "gcc:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-geoff32","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-geoff64","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", -"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", -"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o::des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o:e_padlock-x86.o:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"dist", "cc:-O::(unknown)::::::", -"debug-test-64-clang", "clang:$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"darwin64-debug-test-64-clang", "clang:-arch x86_64 -DL_ENDIAN $gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:MACOSX::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", - -# Basic configs that should work on any (32 and less bit) box -"gcc", "gcc:-O3::(unknown):::BN_LLONG:::", -"cc", "cc:-O::(unknown)::::::", - -####VOS Configurations -"vos-gcc","gcc:-O3 -Wall -DOPENSSL_SYS_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:", -"debug-vos-gcc","gcc:-O0 -g -Wall -DOPENSSL_SYS_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:", - -#### Solaris x86 with GNU C setups -# -DOPENSSL_NO_INLINE_ASM switches off inline assembler. We have to do it -# here because whenever GNU C instantiates an assembler template it -# surrounds it with #APP #NO_APP comment pair which (at least Solaris -# 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic" -# error message. -"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -march=pentium -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# -shared -static-libgcc might appear controversial, but modules taken -# from static libgcc do not have relocations and linking them into our -# shared objects doesn't have any negative side-effects. On the contrary, -# doing so makes it possible to use gcc shared build with Sun C. Given -# that gcc generates faster code [thanks to inline assembler], I would -# actually recommend to consider using gcc shared build even with vendor -# compiler:-) -# -"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", - -#### Solaris x86 with Sun C setups -"solaris-x86-cc","cc:-fast -xarch=generic -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", - -#### SPARC Solaris with GNU C setups -"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc -"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", -#### -"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -#### SPARC Solaris with Sun C setups -# SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2. -# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8 -# SC5.0 note: Compiler common patch 107357-01 or later is required! -"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", -#### -"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -#### IRIX 5.x configs -# -mips2 flag is added by ./config when appropriate. -"irix-gcc","gcc:-O3 -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"irix-cc", "cc:-O2 -use_readonly_const -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -#### IRIX 6.x configs -# Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke -# './Configure irix-cc -o32' manually. -"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", -"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", -# N64 ABI builds. -"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", - -#### Unified HP-UX ANSI C configs. -# Special notes: -# - Originally we were optimizing at +O4 level. It should be noted -# that the only difference between +O3 and +O4 is global inter- -# procedural analysis. As it has to be performed during the link -# stage the compiler leaves behind certain pseudo-code in lib*.a -# which might be release or even patch level specific. Generating -# the machine code for and analyzing the *whole* program appears -# to be *extremely* memory demanding while the performance gain is -# actually questionable. The situation is intensified by the default -# HP-UX data set size limit (infamous 'maxdsiz' tunable) of 64MB -# which is way too low for +O4. In other words, doesn't +O3 make -# more sense? -# - Keep in mind that the HP compiler by default generates code -# suitable for execution on the host you're currently compiling at. -# If the toolkit is ment to be used on various PA-RISC processors -# consider './config +DAportable'. -# - +DD64 is chosen in favour of +DA2.0W because it's meant to be -# compatible with *future* releases. -# - If you run ./Configure hpux-parisc-[g]cc manually don't forget to -# pass -D_REENTRANT on HP-UX 10 and later. -# - -DMD32_XARRAY triggers workaround for compiler bug we ran into in -# 32-bit message digests. (For the moment of this writing) HP C -# doesn't seem to "digest" too many local variables (they make "him" -# chew forever:-). For more details look-up MD32_XARRAY comment in -# crypto/sha/sha_lcl.h. -# -# -# Since there is mention of this in shlib/hpux10-cc.sh -"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux-parisc1_1-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${parisc11_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa1.1", -"hpux-parisc2-gcc","gcc:-march=2.0 -O3 -DB_ENDIAN -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1:".eval{my $asm=$parisc20_asm;$asm=~s/2W\./2\./;$asm=~s/:64/:32/;$asm}.":dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_32", -"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o:::::::::::::::void:dlfcn:hpux-shared:-fpic:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64", - -# More attempts at unified 10.X and 11.X targets for HP C compiler. -# -# Chris Ruemmler -# Kevin Steves -"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux-parisc1_1-cc","cc:+DA1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${parisc11_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa1.1", -"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:".eval{my $asm=$parisc20_asm;$asm=~s/2W\./2\./;$asm=~s/:64/:32/;$asm}.":dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_32", -"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${parisc20_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64", - -# HP/UX IA-64 targets -"hpux-ia64-cc","cc:-Ae +DD32 +O2 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD32 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux32", -# Frank Geurts has patiently assisted with -# with debugging of the following config. -"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux64", -# GCC builds... -"hpux-ia64-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux32", -"hpux64-ia64-gcc","gcc:-mlp64 -O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-mlp64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux64", - -# Legacy HPUX 9.X configs... -"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O2 -z::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -#### HP MPE/iX http://jazz.external.hp.com/src/openssl/ -"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::", - -# DEC Alpha OSF/1/Tru64 targets. -# -# "What's in a name? That which we call a rose -# By any other word would smell as sweet." -# -# - William Shakespeare, "Romeo & Juliet", Act II, scene II. -# -# For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version -# -"osf1-alpha-gcc", "gcc:-O3::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", -"osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", -"tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so", - -#### -#### Variety of LINUX:-) -#### -# *-generic* is endian-neutral target, but ./config is free to -# throw in -D[BL]_ENDIAN, whichever appropriate... -"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-ppc", "gcc:-DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -####################################################################### -# Note that -march is not among compiler options in below linux-armv4 -# target line. Not specifying one is intentional to give you choice to: -# -# a) rely on your compiler default by not specifying one; -# b) specify your target platform explicitly for optimal performance, -# e.g. -march=armv6 or -march=armv7-a; -# c) build "universal" binary that targets *range* of platforms by -# specifying minimum and maximum supported architecture; -# -# As for c) option. It actually makes no sense to specify maximum to be -# less than ARMv7, because it's the least requirement for run-time -# switch between platform-specific code paths. And without run-time -# switch performance would be equivalent to one for minimum. Secondly, -# there are some natural limitations that you'd have to accept and -# respect. Most notably you can *not* build "universal" binary for -# big-endian platform. This is because ARMv7 processor always picks -# instructions in little-endian order. Another similar limitation is -# that -mthumb can't "cross" -march=armv6t2 boundary, because that's -# where it became Thumb-2. Well, this limitation is a bit artificial, -# because it's not really impossible, but it's deemed too tricky to -# support. And of course you have to be sure that your binutils are -# actually up to the task of handling maximum target platform. With all -# this in mind here is an example of how to configure "universal" build: -# -# ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8 -# -"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-aarch64","gcc: -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# Configure script adds minimally required -march for assembly support, -# if no -march was specified at command line. mips32 and mips64 below -# refer to contemporary MIPS Architecture specifications, MIPS32 and -# MIPS64, rather than to kernel bitness. -"linux-mips32", "gcc:-mabi=32 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-mips64", "gcc:-mabi=n32 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:n32:dlfcn:linux-shared:-fPIC:-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", -"linux64-mips64", "gcc:-mabi=64 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -#### IA-32 targets... -"linux-ia32-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-aout", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out", -#### -"linux-generic64","gcc:-O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-ppc64", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"linux-ppc64le","gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:$ppc64_asm:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::", -"linux-ia64", "gcc:-DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"linux-x86_64-clang", "clang: -m64 -DL_ENDIAN -O3 -Weverything $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"linux-x86_64-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"linux-x32", "gcc:-mx32 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32:", -"linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -#### So called "highgprs" target for z/Architecture CPUs -# "Highgprs" is kernel feature first implemented in Linux 2.6.32, see -# /proc/cpuinfo. The idea is to preserve most significant bits of -# general purpose registers not only upon 32-bit process context -# switch, but even on asynchronous signal delivery to such process. -# This makes it possible to deploy 64-bit instructions even in legacy -# application context and achieve better [or should we say adequate] -# performance. The build is binary compatible with linux-generic32, -# and the idea is to be able to install the resulting libcrypto.so -# alongside generic one, e.g. as /lib/highgprs/libcrypto.so.x.y, for -# ldconfig and run-time linker to autodiscover. Unfortunately it -# doesn't work just yet, because of couple of bugs in glibc -# sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1... -"linux32-s390x", "gcc:-m31 -Wa,-mzarch -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs", -#### SPARC Linux setups -# Ray Miller has patiently -# assisted with debugging of following two configs. -"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# it's a real mess with -mcpu=ultrasparc option under Linux, but -# -Wa,-Av8plus should do the trick no matter what. -"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# GCC 3.1 is a requirement -"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -#### Alpha Linux with GNU C and Compaq C setups -# Special notes: -# - linux-alpha+bwx-gcc is ment to be used from ./config only. If you -# ought to run './Configure linux-alpha+bwx-gcc' manually, do -# complement the command line with -mcpu=ev56, -mcpu=ev6 or whatever -# which is appropriate. -# - If you use ccc keep in mind that -fast implies -arch host and the -# compiler is free to issue instructions which gonna make elder CPU -# choke. If you wish to build "blended" toolkit, add -arch generic -# *after* -fast and invoke './Configure linux-alpha-ccc' manually. -# -# -# -"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", -"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", -# -# TI_CGT_C6000_7.3.x is a requirement -"linux-c64xplus","cl6x:--linux -ea=.s -eo=.o -mv6400+ -o2 -ox -ms -pden -DOPENSSL_SMALL_FOOTPRINT::-D_REENTRANT:::BN_LLONG:c64xpluscpuid.o:bn-c64xplus.o c64xplus-gf2m.o:::aes-c64xplus.o aes_cbc.o aes_ctr.o:::sha1-c64xplus.o sha256-c64xplus.o sha512-c64xplus.o::rc4-c64xplus.o:::::ghash-c64xplus.o::void:dlfcn:linux-shared:--pic:-z --sysv --shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):true", - -# Android: linux-* but without pointers to headers and libs. -"android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"android-armv7","gcc:-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"android-mips","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -#### *BSD [do see comment about ${BSDthreads} above!] -"BSD-generic32","gcc:-O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-x86", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-sparcv8", "gcc:-DB_ENDIAN -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -"BSD-generic64","gcc:-O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# -DMD32_REG_T=int doesn't actually belong in sparc64 target, it -# simply *happens* to work around a compiler bug in gcc 3.3.3, -# triggered by RIPEMD160 code. -"BSD-sparc64", "gcc:-DB_ENDIAN -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-ia64", "gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-x86_64", "gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -"bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -"nextstep", "cc:-O -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", -"nextstep3.3", "cc:-O3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", - -# QNX -"qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:", -"QNX6", "gcc:::::-lsocket::${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"QNX6-i386", "gcc:-DL_ENDIAN -O2 -Wall::::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -#### SCO/Caldera targets. -# -# Originally we had like unixware-*, unixware-*-pentium, unixware-*-p6, etc. -# Now we only have blended unixware-* as it's the only one used by ./config. -# If you want to optimize for particular microarchitecture, bypass ./config -# and './Configure unixware-7 -Kpentium_pro' or whatever appropriate. -# Note that not all targets include assembler support. Mostly because of -# lack of motivation to support out-of-date platforms with out-of-date -# compiler drivers and assemblers. Tim Rice has -# patiently assisted to debug most of it. -# -# UnixWare 2.0x fails destest with -O. -"unixware-2.0","cc:-DFILIO_H -DNO_STRINGS_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::", -"unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::", -"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}-1:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -march=pentium -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}-1:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# SCO 5 - Ben Laurie says the -O breaks the SCO cc. -"sco5-cc", "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}-1:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}-1:dlfcn:svr3-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -#### IBM's AIX. -"aix3-cc", "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::", -"aix-gcc", "gcc:-O -DB_ENDIAN::-pthread:AIX::BN_LLONG RC4_CHAR:$ppc32_asm:aix32:dlfcn:aix-shared::-shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X32", -"aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-pthread:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:$ppc64_asm:aix64:dlfcn:aix-shared::-maix64 -shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64", -# Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE -# at build time. $OBJECT_MODE is respected at ./config stage! -"aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR:$ppc32_asm:aix32:dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32", -"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:$ppc64_asm:aix64:dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64", - -# SIEMENS BS2000/OSD: an EBCDIC-based mainframe -"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::", - -# OS/390 Unix an EBCDIC-based Unix system on IBM mainframe -# You need to compile using the c89.sh wrapper in the tools directory, because the -# IBM compiler does not like the -L switch after any object modules. -# -"OS390-Unix","c89.sh:-O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H -D_ALL_SOURCE::(unknown):::THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::", - -# Visual C targets -# -# Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64 -# -# Note about -wd4090, disable warning C4090. This warning returns false -# positives in some situations. Disabling it altogether masks both -# legitimate and false cases, but as we compile on multiple platforms, -# we rely on other compilers to catch legitimate cases. -"VC-WIN64I","cl:-W3 -wd4090 -Gs0 -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o ia64-mont.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32", -"VC-WIN64A","cl:-W3 -wd4090 -Gs0 -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32", -"debug-VC-WIN64I","cl:-W3 -wd4090 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32", -"debug-VC-WIN64A","cl:-W3 -wd4090 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32", -# x86 Win32 target defaults to ANSI API, if you want UNICODE, complement -# 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE' -"VC-WIN32","cl:-W3 -wd4090 -Gs0 -GF -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", -"debug-VC-WIN32","cl:-W3 -wd4090 -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", -# Unified CE target -"VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32", - -# Borland C++ 4.5 -"BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN:${no_asm}:win32", - -# MinGW -"mingw", "gcc:-mno-cygwin -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -fomit-frame-pointer -O3 -march=i486 -Wall::-D_MT:MINGW32:-lws2_32 -lgdi32 -lcrypt32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_asm}:coff:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin:.dll.a", -# As for OPENSSL_USE_APPLINK. Applink makes it possible to use .dll -# compiled with one compiler with application compiled with another -# compiler. It's possible to engage Applink support in mingw64 build, -# but it's not done, because till mingw64 supports structured exception -# handling, one can't seriously consider its binaries for using with -# non-mingw64 run-time environment. And as mingw64 is always consistent -# with itself, Applink is never engaged and can as well be omitted. -"mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE::-D_MT:MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a", - -# UWIN -"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", - -# Cygwin -"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:coff:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", -"Cygwin-x86_64", "gcc:-DTERMIOS -DL_ENDIAN -O3 -Wall:::CYGWIN::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:mingw64:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", - -# NetWare from David Ward (dsward at novell.com) -# requires either MetroWerks NLM development tools, or gcc / nlmconv -# NetWare defaults socket bio to WinSock sockets. However, -# the builds can be configured to use BSD sockets instead. -# netware-clib => legacy CLib c-runtime support -"netware-clib", "mwccnlm::::::${x86_gcc_opts}::", -"netware-clib-bsdsock", "mwccnlm::::::${x86_gcc_opts}::", -"netware-clib-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -I/ndk/ws295sdk/include -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYS_NETWARE -O2 -Wall:::::${x86_gcc_opts}::", -"netware-clib-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -DNETWARE_BSDSOCK -DNETDB_USE_INTERNET -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYS_NETWARE -O2 -Wall:::::${x86_gcc_opts}::", -# netware-libc => LibC/NKS support -"netware-libc", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::", -"netware-libc-bsdsock", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::", -"netware-libc-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -I/ndk/libc/include/winsock -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYS_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::", -"netware-libc-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYS_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::", - -# DJGPP -"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIO -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:", - -# Ultrix from Bernhard Simon -"ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::", -"ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown):::BN_LLONG::::", -# K&R C is no longer supported; you need gcc on old Ultrix installations -##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown):::::::", - -##### MacOS X (a.k.a. Darwin) setup -"darwin-ppc-cc","cc:-arch ppc -O3 -DB_ENDIAN -Wa,-force_cpusubtype_ALL::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc64_asm}:osx64:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:".eval{my $asm=$x86_asm;$asm=~s/cast\-586\.o//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"debug-darwin-i386-cc","cc:-arch i386 -g3 -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:${x86_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"debug-darwin64-x86_64-cc","cc:-arch x86_64 -ggdb -g2 -O0 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -# iPhoneOS/iOS -# -# It takes three prior-set environment variables to make it work: -# -# CROSS_COMPILE=/where/toolchain/is/usr/bin/ [note ending slash] -# CROSS_TOP=/where/SDKs/are -# CROSS_SDK=iPhoneOSx.y.sdk -# -# Exact paths vary with Xcode releases, but for couple of last ones -# they would look like this: -# -# CROSS_COMPILE=`xcode-select --print-path`/Toolchains/XcodeDefault.xctoolchain/usr/bin/ -# CROSS_TOP=`xcode-select --print-path`/Platforms/iPhoneOS.platform/Developer -# CROSS_SDK=iPhoneOS7.0.sdk -# -"iphoneos-cross","cc:-O3 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fomit-frame-pointer -fno-common::-D_REENTRANT:iOS:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"ios64-cross","cc:-O3 -arch arm64 -mios-version-min=7.0.0 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common::-D_REENTRANT:iOS:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:ios64:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", - -##### A/UX -"aux3-gcc","gcc:-O2 -DTERMIO::(unknown):AUX:-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::", - -##### GNU Hurd -"hurd-x86", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC", - -##### OS/2 EMX -"OS2-EMX", "gcc::::::::", - -##### VxWorks for various targets -"vxworks-ppc60x","ccppc:-D_REENTRANT -mrtp -mhard-float -mstrict-align -fno-implicit-fp -DPPC32_fp60x -O2 -fstrength-reduce -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/usr/h/wrn/coreip:::VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/common:::::", -"vxworks-ppcgen","ccppc:-D_REENTRANT -mrtp -msoft-float -mstrict-align -O1 -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/usr/h/wrn/coreip:::VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/sfcommon:::::", -"vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", -"vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::", -"vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::", -"vxworks-ppc860","ccppc:-nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", -"vxworks-simlinux","ccpentium:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DL_ENDIAN -DCPU=SIMLINUX -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/h -I\$(WIND_BASE)/target/h/wrn/coreip -DOPENSSL_NO_HW_PADLOCK:::VXWORKS:-r::${no_asm}::::::ranlibpentium:", -"vxworks-mips","ccmips:-mrtp -mips2 -O -G 0 -B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DCPU=MIPS32 -msoft-float -mno-branch-likely -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/h/wrn/coreip::-D_REENTRANT:VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/mips/MIPSI32/sfcommon::${mips32_asm}:o32::::::ranlibmips:", +); -# uClinux -"uClinux-dist","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):BN_LLONG:${no_asm}:$ENV{'LIBSSL_dlfcn'}:linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}::", -"uClinux-dist64","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):SIXTY_FOUR_BIT_LONG:${no_asm}:$ENV{'LIBSSL_dlfcn'}:linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}::", +# Read configuration target stanzas from a file, so that people can have +# local files with their own definitions +sub read_config { + my $fname = shift; + open(CONFFILE, "< $fname") + or die "Can't open configuration file '$fname'!\n"; + my $x = $/; + undef $/; + my $content = ; + $/ = $x; + close(CONFFILE); + my %targets = (); + eval $content; + %table = (%table, %targets); +} -); +my ($vol, $dir, $dummy) = File::Spec->splitpath($0); +my $pattern = File::Spec->catpath($vol, $dir, "Configurations*"); +foreach ( glob($pattern) ) { + &read_config($_); +} my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A debug-VC-WIN64I debug-VC-WIN64A @@ -708,9 +266,6 @@ my $bf_enc ="bf_enc.o"; my $cast_enc="c_enc.o"; my $rc4_enc="rc4_enc.o rc4_skey.o"; my $rc5_enc="rc5_enc.o"; -my $md5_obj=""; -my $sha1_obj=""; -my $rmd160_obj=""; my $cmll_enc="camellia.o cmll_misc.o cmll_cbc.o"; my $processor=""; my $default_ranlib; @@ -928,6 +483,10 @@ PROCESS_ARGS: { $cross_compile_prefix=$1; } + elsif (/^--config=(.*)$/) + { + read_config $1; + } elsif (/^-[lL](.*)$/ or /^-Wl,/) { $libs.=$_." "; @@ -1099,8 +658,8 @@ foreach (sort (keys %disabled)) { push @skip, $algo; # fix-up crypto/directory name(s) - @skip[$#skip]="whrlpool" if $algo eq "whirlpool"; - @skip[$#skip]="ripemd" if $algo eq "rmd160"; + $skip[$#skip]="whrlpool" if $algo eq "whirlpool"; + $skip[$#skip]="ripemd" if $algo eq "rmd160"; print " (skip dir)"; diff --git a/Makefile.org b/Makefile.org index f60ecf3..4f5bff9 100644 --- a/Makefile.org +++ b/Makefile.org @@ -500,7 +500,7 @@ crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl $(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h -TABLE: Configure +TABLE: Configure Configurations Configurations.team (echo 'Output of `Configure TABLE'"':"; \ $(PERL) Configure TABLE) > TABLE @@ -515,7 +515,7 @@ tar: find . -type d -print | xargs chmod 755 find . -type f -print | xargs chmod a+r find . -type f -perm -0100 -print | xargs chmod a+x - find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \ + find * \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \ $(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \ tardy --user_number=0 --user_name=openssl \ --group_number=0 --group_name=openssl \ @@ -526,7 +526,7 @@ tar: tar-snap: @$(TAR) $(TARFLAGS) -cvf - \ - `find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\ + `find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\ tardy --user_number=0 --user_name=openssl \ --group_number=0 --group_name=openssl \ --prefix=openssl-$(VERSION) - > ../$(TARFILE);\ diff --git a/crypto/aes/Makefile b/crypto/aes/Makefile index 6cf7363..72fe789 100644 --- a/crypto/aes/Makefile +++ b/crypto/aes/Makefile @@ -72,7 +72,7 @@ aesni-mb-x86_64.s: asm/aesni-mb-x86_64.pl aes-sparcv9.s: asm/aes-sparcv9.pl $(PERL) asm/aes-sparcv9.pl $(CFLAGS) > $@ -aest4-sparcv9.s: asm/aest4-sparcv9.pl +aest4-sparcv9.s: asm/aest4-sparcv9.pl ../perlasm/sparcv9_modes.pl $(PERL) asm/aest4-sparcv9.pl $(CFLAGS) > $@ aes-ppc.s: asm/aes-ppc.pl diff --git a/crypto/aes/asm/bsaes-armv7.pl b/crypto/aes/asm/bsaes-armv7.pl index fcc81d1..a4d3856 100644 --- a/crypto/aes/asm/bsaes-armv7.pl +++ b/crypto/aes/asm/bsaes-armv7.pl @@ -702,7 +702,7 @@ $code.=<<___; # define BSAES_ASM_EXTENDED_KEY # define XTS_CHAIN_TWEAK # define __ARM_ARCH__ __LINUX_ARM_ARCH__ -# define __ARM_MAX_ARCH__ __LINUX_ARM_ARCH__ +# define __ARM_MAX_ARCH__ 7 #endif #ifdef __thumb__ @@ -2078,9 +2078,11 @@ bsaes_xts_decrypt: vld1.8 {@XMM[8]}, [r0] @ initial tweak adr $magic, .Lxts_magic +#ifndef XTS_CHAIN_TWEAK tst $len, #0xf @ if not multiple of 16 it ne @ Thumb2 thing, sanity check in ARM subne $len, #0x10 @ subtract another 16 bytes +#endif subs $len, #0x80 blo .Lxts_dec_short diff --git a/crypto/camellia/Makefile b/crypto/camellia/Makefile index 5923099..a5b983b 100644 --- a/crypto/camellia/Makefile +++ b/crypto/camellia/Makefile @@ -48,7 +48,7 @@ cmll-x86.s: asm/cmll-x86.pl ../perlasm/x86asm.pl $(PERL) asm/cmll-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ cmll-x86_64.s: asm/cmll-x86_64.pl $(PERL) asm/cmll-x86_64.pl $(PERLASM_SCHEME) > $@ -cmllt4-sparcv9.s: asm/cmllt4-sparcv9.pl +cmllt4-sparcv9.s: asm/cmllt4-sparcv9.pl ../perlasm/sparcv9_modes.pl $(PERL) asm/cmllt4-sparcv9.pl $(CFLAGS) > $@ files: diff --git a/crypto/perlasm/sparcv9_modes.pl b/crypto/perlasm/sparcv9_modes.pl index f5474a2..74544fb 100644 --- a/crypto/perlasm/sparcv9_modes.pl +++ b/crypto/perlasm/sparcv9_modes.pl @@ -1249,6 +1249,7 @@ $code.=<<___; fxor %f8, %f4, %f4 fxor %f10, %f6, %f6 + subcc $len, 2, $len stda %f0, [$out]0xe2 ! ASI_BLK_INIT, T4-specific add $out, 8, $out stda %f2, [$out]0xe2 ! ASI_BLK_INIT, T4-specific diff --git a/doc/apps/ocsp.pod b/doc/apps/ocsp.pod index 296b13c..b32086c 100644 --- a/doc/apps/ocsp.pod +++ b/doc/apps/ocsp.pod @@ -66,6 +66,7 @@ B B [B<-no_cert_verify>] [B<-no_chain>] [B<-no_cert_checks>] +[B<-no_explicit>] [B<-port num>] [B<-index file>] [B<-CA file>] @@ -226,6 +227,10 @@ testing purposes. do not use certificates in the response as additional untrusted CA certificates. +=item B<-no_explicit> + +do not explicitly trust the root CA if it is set to be trusted for OCSP signing. + =item B<-no_cert_checks> don't perform any additional checks on the OCSP response signers certificate. @@ -338,8 +343,9 @@ CA certificate in the request. If there is a match and the OCSPSigning extended key usage is present in the OCSP responder certificate then the OCSP verify succeeds. -Otherwise the root CA of the OCSP responders CA is checked to see if it -is trusted for OCSP signing. If it is the OCSP verify succeeds. +Otherwise, if B<-no_explicit> is B set the root CA of the OCSP responders +CA is checked to see if it is trusted for OCSP signing. If it is the OCSP +verify succeeds. If none of these checks is successful then the OCSP verify fails. diff --git a/ssl/ssltest.c b/ssl/ssltest.c index fb51ddd..89fb44a 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -1130,7 +1130,6 @@ int main(int argc, char *argv[]) } #endif else if (strcmp(*argv, "-tls1") == 0) { - no_protocol = 1; tls1 = 1; } else if (strcmp(*argv, "-ssl3") == 0) { #ifdef OPENSSL_NO_SSL3_METHOD From matt at openssl.org Wed Feb 25 09:16:05 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 25 Feb 2015 10:16:05 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150225091605.5E2371DF124@butler.localdomain> The branch master has been updated via fa7b01115bc33d9b40936688bb3c952dc93b645a (commit) via 25690b7f5f3d78a52c1377b823b40c6a0e12022b (commit) via 15dba5be6a4482a9ad7e5b846291f31e97e338ca (commit) via da084a5ec6cebd67ae27f2463ebe4a50bb840fa5 (commit) from 5b8aa1a2af738f93b535798bfc07069aada264e1 (commit) - Log ----------------------------------------------------------------- commit fa7b01115bc33d9b40936688bb3c952dc93b645a Author: Matt Caswell Date: Tue Jan 27 11:15:15 2015 +0000 Add documentation for the -no_alt_chains option for various apps, as well as the X509_V_FLAG_NO_ALT_CHAINS flag. Reviewed-by: Dr. Stephen Henson commit 25690b7f5f3d78a52c1377b823b40c6a0e12022b Author: Matt Caswell Date: Tue Jan 27 10:50:38 2015 +0000 Add -no_alt_chains option to apps to implement the new X509_V_FLAG_NO_ALT_CHAINS flag. Using this option means that when building certificate chains, the first chain found will be the one used. Without this flag, if the first chain found is not trusted then we will keep looking to see if we can build an alternative chain instead. Reviewed-by: Dr. Stephen Henson commit 15dba5be6a4482a9ad7e5b846291f31e97e338ca Author: Matt Caswell Date: Tue Jan 27 10:35:27 2015 +0000 Add flag to inhibit checking for alternate certificate chains. Setting this behaviour will force behaviour as per previous versions of OpenSSL Reviewed-by: Dr. Stephen Henson commit da084a5ec6cebd67ae27f2463ebe4a50bb840fa5 Author: Matt Caswell Date: Tue Jan 27 10:03:29 2015 +0000 In certain situations the server provided certificate chain may no longer be valid. However the issuer of the leaf, or some intermediate cert is in fact in the trust store. When building a trust chain if the first attempt fails, then try to see if alternate chains could be constructed that are trusted. RT3637 RT3621 Reviewed-by: Dr. Stephen Henson ----------------------------------------------------------------------- Summary of changes: apps/apps.c | 2 + apps/cms.c | 2 + apps/ocsp.c | 2 + apps/s_client.c | 2 + apps/s_server.c | 2 + apps/smime.c | 2 + apps/verify.c | 2 +- crypto/x509/x509_vfy.c | 177 +++++++++++++++++----------- crypto/x509/x509_vfy.h | 6 + doc/apps/cms.pod | 11 +- doc/apps/ocsp.pod | 13 +- doc/apps/s_client.pod | 14 ++- doc/apps/s_server.pod | 9 +- doc/apps/smime.pod | 8 +- doc/apps/verify.pod | 13 ++ doc/crypto/X509_VERIFY_PARAM_set_flags.pod | 8 +- 16 files changed, 184 insertions(+), 89 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index bf044d4..8412e24 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -2362,6 +2362,8 @@ int args_verify(char ***pargs, int *pargc, flags |= X509_V_FLAG_SUITEB_192_LOS; else if (!strcmp(arg, "-partial_chain")) flags |= X509_V_FLAG_PARTIAL_CHAIN; + else if (!strcmp(arg, "-no_alt_chains")) + flags |= X509_V_FLAG_NO_ALT_CHAINS; else return 0; diff --git a/apps/cms.c b/apps/cms.c index fbb5607..479d1dd 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -646,6 +646,8 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "-trusted_first use locally trusted certificates first when building trust chain\n"); BIO_printf(bio_err, + "-no_alt_chains only ever use the first certificate chain found\n"); + BIO_printf(bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n"); BIO_printf(bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n"); diff --git a/apps/ocsp.c b/apps/ocsp.c index 4b9d6f6..b0b3069 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -538,6 +538,8 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "-trusted_first use locally trusted CA's first when building trust chain\n"); BIO_printf(bio_err, + "-no_alt_chains only ever use the first certificate chain found\n"); + BIO_printf(bio_err, "-VAfile file validator certificates file\n"); BIO_printf(bio_err, "-validity_period n maximum validity discrepancy in seconds\n"); diff --git a/apps/s_client.c b/apps/s_client.c index 1607c6e..bc82239 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -321,6 +321,8 @@ static void sc_usage(void) BIO_printf(bio_err, " -trusted_first - Use local CA's first when building trust chain\n"); BIO_printf(bio_err, + " -no_alt_chains - only ever use the first certificate chain found\n"); + BIO_printf(bio_err, " -reconnect - Drop and re-make the connection with the same Session-ID\n"); BIO_printf(bio_err, " -pause - sleep(1) after each read(2) and write(2) system call\n"); diff --git a/apps/s_server.c b/apps/s_server.c index 573bc87..4311d6d 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -509,6 +509,8 @@ static void sv_usage(void) BIO_printf(bio_err, " -trusted_first - Use locally trusted CA's first when building trust chain\n"); BIO_printf(bio_err, + " -no_alt_chains - only ever use the first certificate chain found\n"); + BIO_printf(bio_err, " -nocert - Don't use any certificates (Anon-DH)\n"); BIO_printf(bio_err, " -cipher arg - play with 'openssl ciphers' to see what goes here\n"); diff --git a/apps/smime.c b/apps/smime.c index 5efe51f..930978f 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -444,6 +444,8 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "-trusted_first use locally trusted CA's first when building trust chain\n"); BIO_printf(bio_err, + "-no_alt_chains only ever use the first certificate chain found\n"); + BIO_printf(bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n"); BIO_printf(bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n"); diff --git a/apps/verify.c b/apps/verify.c index 8f963f8..e771be2 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -236,7 +236,7 @@ int MAIN(int argc, char **argv) end: if (ret == 1) { BIO_printf(bio_err, - "usage: verify [-verbose] [-CApath path] [-CAfile file] [-trusted_first] [-purpose purpose] [-crl_check]"); + "usage: verify [-verbose] [-CApath path] [-CAfile file] [-trusted_first] [-purpose purpose] [-crl_check] [-no_alt_chains]"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, " [-engine e]"); #endif diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index cc9665e..bb6e1ce 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -182,11 +182,11 @@ static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) int X509_verify_cert(X509_STORE_CTX *ctx) { - X509 *x, *xtmp, *chain_ss = NULL; + X509 *x, *xtmp, *xtmp2, *chain_ss = NULL; int bad_chain = 0; X509_VERIFY_PARAM *param = ctx->param; int depth, i, ok = 0; - int num; + int num, j, retry; int (*cb) (int xok, X509_STORE_CTX *xctx); STACK_OF(X509) *sktmp = NULL; if (ctx->cert == NULL) { @@ -271,91 +271,128 @@ int X509_verify_cert(X509_STORE_CTX *ctx) break; } + /* Remember how many untrusted certs we have */ + j = num; /* * at this point, chain should contain a list of untrusted certificates. * We now need to add at least one trusted one, if possible, otherwise we * complain. */ - /* - * Examine last certificate in chain and see if it is self signed. - */ - - i = sk_X509_num(ctx->chain); - x = sk_X509_value(ctx->chain, i - 1); - if (cert_self_signed(x)) { - /* we have a self signed certificate */ - if (sk_X509_num(ctx->chain) == 1) { - /* - * We have a single self signed certificate: see if we can find - * it in the store. We must have an exact match to avoid possible - * impersonation. - */ - ok = ctx->get_issuer(&xtmp, ctx, x); - if ((ok <= 0) || X509_cmp(x, xtmp)) { - ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; - ctx->current_cert = x; - ctx->error_depth = i - 1; - if (ok == 1) - X509_free(xtmp); - bad_chain = 1; - ok = cb(0, ctx); - if (!ok) - goto end; + do { + /* + * Examine last certificate in chain and see if it is self signed. + */ + i = sk_X509_num(ctx->chain); + x = sk_X509_value(ctx->chain, i - 1); + if (cert_self_signed(x)) { + /* we have a self signed certificate */ + if (sk_X509_num(ctx->chain) == 1) { + /* + * We have a single self signed certificate: see if we can + * find it in the store. We must have an exact match to avoid + * possible impersonation. + */ + ok = ctx->get_issuer(&xtmp, ctx, x); + if ((ok <= 0) || X509_cmp(x, xtmp)) { + ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; + ctx->current_cert = x; + ctx->error_depth = i - 1; + if (ok == 1) + X509_free(xtmp); + bad_chain = 1; + ok = cb(0, ctx); + if (!ok) + goto end; + } else { + /* + * We have a match: replace certificate with store + * version so we get any trust settings. + */ + X509_free(x); + x = xtmp; + (void)sk_X509_set(ctx->chain, i - 1, x); + ctx->last_untrusted = 0; + } } else { /* - * We have a match: replace certificate with store version so - * we get any trust settings. + * extract and save self signed certificate for later use */ - X509_free(x); - x = xtmp; - (void)sk_X509_set(ctx->chain, i - 1, x); - ctx->last_untrusted = 0; + chain_ss = sk_X509_pop(ctx->chain); + ctx->last_untrusted--; + num--; + j--; + x = sk_X509_value(ctx->chain, num - 1); } - } else { - /* - * extract and save self signed certificate for later use - */ - chain_ss = sk_X509_pop(ctx->chain); - ctx->last_untrusted--; - num--; - x = sk_X509_value(ctx->chain, num - 1); } - } - - /* We now lookup certs from the certificate store */ - for (;;) { - /* If we have enough, we break */ - if (depth < num) - break; + /* We now lookup certs from the certificate store */ + for (;;) { + /* If we have enough, we break */ + if (depth < num) + break; + /* If we are self signed, we break */ + if (cert_self_signed(x)) + break; + ok = ctx->get_issuer(&xtmp, ctx, x); - /* If we are self signed, we break */ - if (cert_self_signed(x)) - break; + if (ok < 0) + return ok; + if (ok == 0) + break; + x = xtmp; + if (!sk_X509_push(ctx->chain, x)) { + X509_free(xtmp); + X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); + return 0; + } + num++; + } - ok = ctx->get_issuer(&xtmp, ctx, x); + /* we now have our chain, lets check it... */ + i = check_trust(ctx); - if (ok < 0) - return ok; - if (ok == 0) - break; + /* If explicitly rejected error */ + if (i == X509_TRUST_REJECTED) + goto end; + /* + * If it's not explicitly trusted then check if there is an alternative + * chain that could be used. We only do this if we haven't already + * checked via TRUSTED_FIRST and the user hasn't switched off alternate + * chain checking + */ + retry = 0; + if (i != X509_TRUST_TRUSTED + && !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) + && !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) { + while (j-- > 1) { + xtmp2 = sk_X509_value(ctx->chain, j - 1); + ok = ctx->get_issuer(&xtmp, ctx, xtmp2); + if (ok < 0) + goto end; + /* Check if we found an alternate chain */ + if (ok > 0) { + /* + * Free up the found cert we'll add it again later + */ + X509_free(xtmp); - x = xtmp; - if (!sk_X509_push(ctx->chain, x)) { - X509_free(xtmp); - X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); - return 0; + /* + * Dump all the certs above this point - we've found an + * alternate chain + */ + while (num > j) { + xtmp = sk_X509_pop(ctx->chain); + X509_free(xtmp); + num--; + ctx->last_untrusted--; + } + retry = 1; + break; + } + } } - num++; - } + } while (retry); - /* we now have our chain, lets check it... */ - - i = check_trust(ctx); - - /* If explicitly rejected error */ - if (i == X509_TRUST_REJECTED) - goto end; /* * If not explicitly trusted then indicate error unless it's a single * self signed certificate in which case we've indicated an error already diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h index 03e43e5..e41b5e2 100644 --- a/crypto/x509/x509_vfy.h +++ b/crypto/x509/x509_vfy.h @@ -419,6 +419,12 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); # define X509_V_FLAG_SUITEB_128_LOS 0x30000 /* Allow partial chains if at least one certificate is in trusted store */ # define X509_V_FLAG_PARTIAL_CHAIN 0x80000 +/* + * If the initial chain is not trusted, do not attempt to build an alternative + * chain. Alternate chain checking was introduced in 1.1.0. Setting this flag + * will force the behaviour to match that of previous versions. + */ +# define X509_V_FLAG_NO_ALT_CHAINS 0x100000 # define X509_VP_FLAG_DEFAULT 0x1 # define X509_VP_FLAG_OVERWRITE 0x2 diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod index 4dabd3b..af1240a 100644 --- a/doc/apps/cms.pod +++ b/doc/apps/cms.pod @@ -54,6 +54,7 @@ B B [B<-suiteB_128_only>] [B<-suiteB_192>] [B<-trusted_first>] +[B<-no_alt_chains>] [B<-use_deltas>] [B<-verify_depth num>] [B<-verify_email email>] @@ -459,11 +460,11 @@ address matches that specified in the From: address. B, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>, B<-inhibit_map>, B<-issuer_checks>, B<-partial_chain>, B<-policy>, B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>, -B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>, -B<-verify_depth>, B<-verify_email>, B<-verify_hostname>, B<-verify_ip>, -B<-verify_name>, B<-x509_strict> +B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-no_alt_chains>, +B<-use_deltas>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>, +B<-verify_ip>, B<-verify_name>, B<-x509_strict> -Set various certificate chain valiadition options. See the +Set various certificate chain validation options. See the L|verify(1)> manual page for details. =back @@ -697,4 +698,6 @@ Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.1.0. The use of non-RSA keys with B<-encrypt> and B<-decrypt> was first added to OpenSSL 1.1.0. +The -no_alt_chains options was first added to OpenSSL 1.1.0. + =cut diff --git a/doc/apps/ocsp.pod b/doc/apps/ocsp.pod index b32086c..d5565c9 100644 --- a/doc/apps/ocsp.pod +++ b/doc/apps/ocsp.pod @@ -48,6 +48,7 @@ B B [B<-suiteB_128_only>] [B<-suiteB_192>] [B<-trusted_first>] +[B<-no_alt_chains>] [B<-use_deltas>] [B<-verify_depth num>] [B<-verify_email email>] @@ -173,9 +174,9 @@ the signature on the OCSP response. B, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>, B<-inhibit_map>, B<-issuer_checks>, B<-partial_chain>, B<-policy>, B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>, -B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>, -B<-verify_depth>, B<-verify_email>, B<-verify_hostname>, B<-verify_ip>, -B<-verify_name>, B<-x509_strict> +B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-no_alt_chains>, +B<-use_deltas>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>, +B<-verify_ip>, B<-verify_name>, B<-x509_strict> Set different certificate verification options. See L|verify(1)> manual page for details. @@ -416,3 +417,9 @@ second file. openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA demoCA/cacert.pem -reqin req.der -respout resp.der + +=head1 HISTORY + +The -no_alt_chains options was first added to OpenSSL 1.1.0. + +=cut diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod index 17308b4..92f6e4a 100644 --- a/doc/apps/s_client.pod +++ b/doc/apps/s_client.pod @@ -19,7 +19,6 @@ B B [B<-pass arg>] [B<-CApath directory>] [B<-CAfile filename>] -[B<-trusted_first>] [B<-attime timestamp>] [B<-check_ss_sig>] [B<-crl_check>] @@ -39,6 +38,7 @@ B B [B<-suiteB_128_only>] [B<-suiteB_192>] [B<-trusted_first>] +[B<-no_alt_chains>] [B<-use_deltas>] [B<-verify_depth num>] [B<-verify_email email>] @@ -155,11 +155,11 @@ and to use when attempting to build the client certificate chain. B, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>, B<-inhibit_map>, B<-issuer_checks>, B<-partial_chain>, B<-policy>, B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>, -B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>, -B<-verify_depth>, B<-verify_email>, B<-verify_hostname>, B<-verify_ip>, -B<-verify_name>, B<-x509_strict> +B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-no_alt_chains>, +B<-use_deltas>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>, +B<-verify_ip>, B<-verify_name>, B<-x509_strict> -Set various certificate chain valiadition options. See the +Set various certificate chain validation options. See the L|verify(1)> manual page for details. =item B<-reconnect> @@ -411,4 +411,8 @@ information whenever a session is renegotiated. L, L, L +=head1 HISTORY + +The -no_alt_chains options was first added to OpenSSL 1.1.0. + =cut diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod index 1cc965f..a442452 100644 --- a/doc/apps/s_server.pod +++ b/doc/apps/s_server.pod @@ -51,6 +51,7 @@ B B [B<-suiteB_128_only>] [B<-suiteB_192>] [B<-trusted_first>] +[B<-no_alt_chains>] [B<-use_deltas>] [B<-verify_depth num>] [B<-verify_return_error>] @@ -218,8 +219,8 @@ anonymous ciphersuite or PSK) this option has no effect. B<-ignore_critical>, B<-inhibit_any>, B<-inhibit_map>, B<-issuer_checks>, B<-partial_chain>, B<-policy>, B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>, B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, -B<-use_deltas>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>, -B<-verify_ip>, B<-verify_name>, B<-x509_strict> +B<-no_alt_chains>, B<-use_deltas>, B<-verify_depth>, B<-verify_email>, +B<-verify_hostname>, B<-verify_ip>, B<-verify_name>, B<-x509_strict> Set different peer certificate verification options. See the L|verify(1)> manual page for details. @@ -481,4 +482,8 @@ unknown cipher suites a client says it supports. L, L, L +=head1 HISTORY + +The -no_alt_chains options was first added to OpenSSL 1.1.0. + =cut diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod index c85a44b..31a85fb 100644 --- a/doc/apps/smime.pod +++ b/doc/apps/smime.pod @@ -36,6 +36,7 @@ B B [B<-suiteB_128_only>] [B<-suiteB_192>] [B<-trusted_first>] +[B<-no_alt_chains>] [B<-use_deltas>] [B<-verify_depth num>] [B<-verify_email email>] @@ -291,9 +292,9 @@ address matches that specified in the From: address. B, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>, B<-inhibit_map>, B<-issuer_checks>, B<-partial_chain>, B<-policy>, B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>, -B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>, -B<-verify_depth>, B<-verify_email>, B<-verify_hostname>, B<-verify_ip>, -B<-verify_name>, B<-x509_strict> +B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-no_alt_chains>, +B<-use_deltas>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>, +B<-verify_ip>, B<-verify_name>, B<-x509_strict> Set various options of certificate chain verification. See L|verify(1)> manual page for details. @@ -475,5 +476,6 @@ structures may cause parsing errors. The use of multiple B<-signer> options and the B<-resign> command were first added in OpenSSL 1.0.0 +The -no_alt_chains options was first added to OpenSSL 1.1.0. =cut diff --git a/doc/apps/verify.pod b/doc/apps/verify.pod index a5a0063..d422913 100644 --- a/doc/apps/verify.pod +++ b/doc/apps/verify.pod @@ -30,6 +30,7 @@ B B [B<-suiteB_128_only>] [B<-suiteB_192>] [B<-trusted_first>] +[B<-no_alt_chains>] [B<-untrusted file>] [B<-use_deltas>] [B<-verbose>] @@ -164,6 +165,14 @@ Use certificates in CA file or CA directory before certificates in untrusted file when building the trust chain to verify certificates. This is mainly useful in environments with Bridge CA or Cross-Certified CAs. +=item B<-no_alt_chains> + +When building a certificate chain, if the first certificate chain found is not +trusted, then OpenSSL will continue to check to see if an alternative chain can +be found that is trusted. With this option that behaviour is suppressed so that +only the first chain found is ever used. Using this option will force the +behaviour to match that of OpenSSL versions prior to 1.1.0. + =item B<-untrusted file> A file of untrusted certificates. The file should contain multiple certificates @@ -469,4 +478,8 @@ B<20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY> error codes. L +=head1 HISTORY + +The -no_alt_chains options was first added to OpenSSL 1.1.0. + =cut diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod index 347d48d..d19dc12 100644 --- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod @@ -197,6 +197,12 @@ verification. If this flag is set then additional status codes will be sent to the verification callback and it B be prepared to handle such cases without assuming they are hard errors. +The B flag suppresses checking for alternative +chains. By default, when building a certificate chain, if the first certificate +chain found is not trusted, then OpenSSL will continue to check to see if an +alternative chain can be found that is trusted. With this flag set the behaviour +will match that of OpenSSL versions prior to 1.1.0. + =head1 NOTES The above functions should be used to manipulate verification parameters @@ -233,6 +239,6 @@ L =head1 HISTORY -TBA +The B flag was added in OpenSSL 1.1.0 =cut From matt at openssl.org Wed Feb 25 20:42:06 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 25 Feb 2015 21:42:06 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <20150225204206.74F361DF124@butler.localdomain> The branch OpenSSL_0_9_8-stable has been updated via 1b4a8df38fc9ab3c089ca5765075ee53ec5bd66a (commit) from 6d4655c27e4bc582836ae37accdb82833d6ddd00 (commit) - Log ----------------------------------------------------------------- commit 1b4a8df38fc9ab3c089ca5765075ee53ec5bd66a Author: Matt Caswell Date: Mon Feb 9 11:38:41 2015 +0000 Fix a failure to NULL a pointer freed on error. Inspired by BoringSSL commit 517073cd4b by Eric Roman CVE-2015-0209 Reviewed-by: Emilia K?sper ----------------------------------------------------------------------- Summary of changes: crypto/ec/ec_asn1.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 30b7df4..d3e8316 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -1014,8 +1014,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); goto err; } - if (a) - *a = ret; } else ret = *a; @@ -1067,10 +1065,12 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) } } + if (a) + *a = ret; ok = 1; err: if (!ok) { - if (ret) + if (ret && (a == NULL || *a != ret)) EC_KEY_free(ret); ret = NULL; } From matt at openssl.org Wed Feb 25 20:42:20 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 25 Feb 2015 21:42:20 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <20150225204220.3480D1DF124@butler.localdomain> The branch OpenSSL_1_0_0-stable has been updated via dac693c957dc40dbf839f0add91b824deba26dc3 (commit) from 6e161ee39ede0686dc6ae9af115bf1c132f05db0 (commit) - Log ----------------------------------------------------------------- commit dac693c957dc40dbf839f0add91b824deba26dc3 Author: Matt Caswell Date: Mon Feb 9 11:38:41 2015 +0000 Fix a failure to NULL a pointer freed on error. Inspired by BoringSSL commit 517073cd4b by Eric Roman CVE-2015-0209 Reviewed-by: Emilia K?sper ----------------------------------------------------------------------- Summary of changes: crypto/ec/ec_asn1.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index f16842b..6907436 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -1014,8 +1014,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); goto err; } - if (a) - *a = ret; } else ret = *a; @@ -1083,10 +1081,12 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) ret->enc_flag |= EC_PKEY_NO_PUBKEY; } + if (a) + *a = ret; ok = 1; err: if (!ok) { - if (ret) + if (ret && (a == NULL || *a != ret)) EC_KEY_free(ret); ret = NULL; } From matt at openssl.org Wed Feb 25 20:42:31 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 25 Feb 2015 21:42:31 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <20150225204231.A49391DF124@butler.localdomain> The branch OpenSSL_1_0_1-stable has been updated via 1aff39de763469385952910b4eede431c5c34e61 (commit) via eafdbd8ec3acc2ebbb13fe45874fe38eccdde38a (commit) via 1159e24d564e55826406c5f39a3881311c11d697 (commit) via b91058d2221bf4fe4f5322b6b85978baff7c3977 (commit) via 89117535f1bb3ea72a17933b703271587d7aaf0b (commit) via 08a2df480de1eae8d59ee4820257970f4158d912 (commit) from 9cd061725b4057f06d2d091352123ce9da790815 (commit) - Log ----------------------------------------------------------------- commit 1aff39de763469385952910b4eede431c5c34e61 Author: Matt Caswell Date: Fri Feb 20 09:18:29 2015 +0000 Fix some minor documentation issues Reviewed-by: Emilia K?sper commit eafdbd8ec3acc2ebbb13fe45874fe38eccdde38a Author: Matt Caswell Date: Tue Feb 10 16:21:30 2015 +0000 Remove pointless free, and use preferred way of calling d2i_* functions Reviewed-by: Emilia K?sper commit 1159e24d564e55826406c5f39a3881311c11d697 Author: Matt Caswell Date: Tue Feb 10 16:08:33 2015 +0000 Add dire warnings about the "reuse" capability of the d2i_* functions. Reviewed-by: Emilia K?sper commit b91058d2221bf4fe4f5322b6b85978baff7c3977 Author: Matt Caswell Date: Tue Feb 10 15:45:56 2015 +0000 Provide documentation for i2d_ECPrivateKey and d2i_ECPrivateKey Reviewed-by: Emilia K?sper Conflicts: doc/crypto/EC_KEY_new.pod doc/crypto/EC_POINT_new.pod commit 89117535f1bb3ea72a17933b703271587d7aaf0b Author: Matt Caswell Date: Mon Feb 9 11:38:41 2015 +0000 Fix a failure to NULL a pointer freed on error. Inspired by BoringSSL commit 517073cd4b by Eric Roman CVE-2015-0209 Reviewed-by: Emilia K?sper commit 08a2df480de1eae8d59ee4820257970f4158d912 Author: Matt Caswell Date: Mon Feb 9 09:45:35 2015 +0000 Import evp_test.c from BoringSSL. Unfortunately we already have a file called evp_test.c, so I have called this one evp_extra_test.c Reviewed-by: Emilia K?sper Conflicts: crypto/evp/Makefile test/Makefile Conflicts: test/Makefile crypto/evp/evp_extra_test.c ----------------------------------------------------------------------- Summary of changes: crypto/ec/ec_asn1.c | 14 +- crypto/evp/Makefile | 2 +- crypto/evp/evp_extra_test.c | 483 +++++++++++++++++++++++++++++++++++++++ doc/crypto/d2i_ECPrivateKey.pod | 67 ++++++ doc/crypto/d2i_X509.pod | 12 +- test/Makefile | 28 ++- 6 files changed, 588 insertions(+), 18 deletions(-) create mode 100644 crypto/evp/evp_extra_test.c create mode 100644 doc/crypto/d2i_ECPrivateKey.pod diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 2924374..6ff94a3 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -1017,14 +1017,8 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) EC_KEY *ret = NULL; EC_PRIVATEKEY *priv_key = NULL; - if ((priv_key = EC_PRIVATEKEY_new()) == NULL) { - ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); - return NULL; - } - - if ((priv_key = d2i_EC_PRIVATEKEY(&priv_key, in, len)) == NULL) { + if ((priv_key = d2i_EC_PRIVATEKEY(NULL, in, len)) == NULL) { ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); - EC_PRIVATEKEY_free(priv_key); return NULL; } @@ -1033,8 +1027,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); goto err; } - if (a) - *a = ret; } else ret = *a; @@ -1102,10 +1094,12 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) ret->enc_flag |= EC_PKEY_NO_PUBKEY; } + if (a) + *a = ret; ok = 1; err: if (!ok) { - if (ret) + if (ret && (a == NULL || *a != ret)) EC_KEY_free(ret); ret = NULL; } diff --git a/crypto/evp/Makefile b/crypto/evp/Makefile index 5d0c6b7..ef75678 100644 --- a/crypto/evp/Makefile +++ b/crypto/evp/Makefile @@ -13,7 +13,7 @@ AR= ar r CFLAGS= $(INCLUDES) $(CFLAG) GENERAL=Makefile -TEST=evp_test.c +TEST=evp_test.c evp_extra_test.c TESTDATA=evptests.txt APPS= diff --git a/crypto/evp/evp_extra_test.c b/crypto/evp/evp_extra_test.c new file mode 100644 index 0000000..9f8501c --- /dev/null +++ b/crypto/evp/evp_extra_test.c @@ -0,0 +1,483 @@ +/* Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ +/* ==================================================================== + * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core at openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay at cryptsoft.com). This product includes software written by Tim + * Hudson (tjh at cryptsoft.com). + * + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +/* + * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you + * should never use this key anywhere but in an example. + */ +static const unsigned char kExampleRSAKeyDER[] = { + 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8, + 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59, + 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37, + 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71, + 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a, + 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4, + 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec, + 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76, + 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8, + 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7, + 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c, + 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01, + 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7, + 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85, + 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee, + 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85, + 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a, + 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15, + 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83, + 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b, + 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73, + 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99, + 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02, + 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41, + 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59, + 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9, + 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef, + 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87, + 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf, + 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5, + 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5, + 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62, + 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64, + 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8, + 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba, + 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe, + 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7, + 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe, + 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb, + 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34, + 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27, + 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0, + 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba, + 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06, + 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c, + 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e, + 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf, + 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a, + 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17, + 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1, + 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, +}; + +static const unsigned char kMsg[] = { 1, 2, 3, 4 }; + +static const unsigned char kSignature[] = { + 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d, + 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e, + 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04, + 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09, + 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67, + 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a, + 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda, + 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48, + 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04, + 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7, + 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42, +}; + +/* + * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8 + * PrivateKeyInfo. + */ +static const unsigned char kExampleRSAKeyPKCS8[] = { + 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, + 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, + 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, + 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, + 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, + 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, + 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, + 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, + 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, + 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, + 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, + 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, + 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, + 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, + 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, + 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, + 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, + 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, + 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, + 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, + 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, + 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, + 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, + 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, + 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, + 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, + 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, + 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, + 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, + 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, + 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, + 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, + 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, + 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, + 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, + 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, + 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, + 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, + 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, + 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, + 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, + 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, + 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, + 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, + 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, + 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, + 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, + 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, + 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, + 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, + 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, + 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, +}; + +/* + * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey + * structure. + */ +static const unsigned char kExampleECKeyDER[] = { + 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a, + 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08, + 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a, + 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, + 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69, + 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c, + 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9, + 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18, + 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16, + 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22, + 0xc1, +}; + +/* + * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey + * structure. The private key is equal to the order and will fail to import + */ +static const unsigned char kExampleBadECKeyDER[] = { + 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, + 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, + 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF, + 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3, + 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00, + 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, + 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 +}; + +static EVP_PKEY *load_example_rsa_key(void) +{ + EVP_PKEY *ret = NULL; + const unsigned char *derp = kExampleRSAKeyDER; + EVP_PKEY *pkey = NULL; + RSA *rsa = NULL; + + if (!d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER))) { + return NULL; + } + + pkey = EVP_PKEY_new(); + if (pkey == NULL || !EVP_PKEY_set1_RSA(pkey, rsa)) { + goto out; + } + + ret = pkey; + pkey = NULL; + + out: + if (pkey) { + EVP_PKEY_free(pkey); + } + if (rsa) { + RSA_free(rsa); + } + + return ret; +} + +static int test_EVP_DigestSignInit(void) +{ + int ret = 0; + EVP_PKEY *pkey = NULL; + unsigned char *sig = NULL; + size_t sig_len = 0; + EVP_MD_CTX md_ctx, md_ctx_verify; + + EVP_MD_CTX_init(&md_ctx); + EVP_MD_CTX_init(&md_ctx_verify); + + pkey = load_example_rsa_key(); + if (pkey == NULL || + !EVP_DigestSignInit(&md_ctx, NULL, EVP_sha256(), NULL, pkey) || + !EVP_DigestSignUpdate(&md_ctx, kMsg, sizeof(kMsg))) { + goto out; + } + /* Determine the size of the signature. */ + if (!EVP_DigestSignFinal(&md_ctx, NULL, &sig_len)) { + goto out; + } + /* Sanity check for testing. */ + if (sig_len != (size_t)EVP_PKEY_size(pkey)) { + fprintf(stderr, "sig_len mismatch\n"); + goto out; + } + + sig = OPENSSL_malloc(sig_len); + if (sig == NULL || !EVP_DigestSignFinal(&md_ctx, sig, &sig_len)) { + goto out; + } + + /* Ensure that the signature round-trips. */ + if (!EVP_DigestVerifyInit(&md_ctx_verify, NULL, EVP_sha256(), NULL, pkey) + || !EVP_DigestVerifyUpdate(&md_ctx_verify, kMsg, sizeof(kMsg)) + || !EVP_DigestVerifyFinal(&md_ctx_verify, sig, sig_len)) { + goto out; + } + + ret = 1; + + out: + if (!ret) { + ERR_print_errors_fp(stderr); + } + + EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_cleanup(&md_ctx_verify); + if (pkey) { + EVP_PKEY_free(pkey); + } + if (sig) { + OPENSSL_free(sig); + } + + return ret; +} + +static int test_EVP_DigestVerifyInit(void) +{ + int ret = 0; + EVP_PKEY *pkey = NULL; + EVP_MD_CTX md_ctx; + + EVP_MD_CTX_init(&md_ctx); + + pkey = load_example_rsa_key(); + if (pkey == NULL || + !EVP_DigestVerifyInit(&md_ctx, NULL, EVP_sha256(), NULL, pkey) || + !EVP_DigestVerifyUpdate(&md_ctx, kMsg, sizeof(kMsg)) || + !EVP_DigestVerifyFinal(&md_ctx, (unsigned char *)kSignature, sizeof(kSignature))) { + goto out; + } + ret = 1; + + out: + if (!ret) { + ERR_print_errors_fp(stderr); + } + + EVP_MD_CTX_cleanup(&md_ctx); + if (pkey) { + EVP_PKEY_free(pkey); + } + + return ret; +} + +static int test_d2i_AutoPrivateKey(const unsigned char *input, + size_t input_len, int expected_id) +{ + int ret = 0; + const unsigned char *p; + EVP_PKEY *pkey = NULL; + + p = input; + pkey = d2i_AutoPrivateKey(NULL, &p, input_len); + if (pkey == NULL || p != input + input_len) { + fprintf(stderr, "d2i_AutoPrivateKey failed\n"); + goto done; + } + + if (EVP_PKEY_id(pkey) != expected_id) { + fprintf(stderr, "Did not decode expected type\n"); + goto done; + } + + ret = 1; + + done: + if (!ret) { + ERR_print_errors_fp(stderr); + } + + if (pkey != NULL) { + EVP_PKEY_free(pkey); + } + return ret; +} + +/* Tests loading a bad key in PKCS8 format */ +static int test_EVP_PKCS82PKEY(void) +{ + int ret = 0; + const unsigned char *derp = kExampleBadECKeyDER; + PKCS8_PRIV_KEY_INFO *p8inf = NULL; + EVP_PKEY *pkey = NULL; + + p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp, sizeof(kExampleBadECKeyDER)); + + if (!p8inf || derp != kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)) { + fprintf(stderr, "Failed to parse key\n"); + goto done; + } + + pkey = EVP_PKCS82PKEY(p8inf); + if (pkey) { + fprintf(stderr, "Imported invalid EC key\n"); + goto done; + } + + ret = 1; + + done: + if (p8inf != NULL) { + PKCS8_PRIV_KEY_INFO_free(p8inf); + } + + if (pkey != NULL) { + EVP_PKEY_free(pkey); + } + + return ret; +} + +int main(void) +{ + CRYPTO_malloc_debug_init(); + CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + ERR_load_crypto_strings(); + /* Load up the software EVP_CIPHER and EVP_MD definitions */ + OpenSSL_add_all_ciphers(); + OpenSSL_add_all_digests(); + + if (!test_EVP_DigestSignInit()) { + fprintf(stderr, "EVP_DigestSignInit failed\n"); + return 1; + } + + if (!test_EVP_DigestVerifyInit()) { + fprintf(stderr, "EVP_DigestVerifyInit failed\n"); + return 1; + } + + if (!test_d2i_AutoPrivateKey(kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), + EVP_PKEY_RSA)) { + fprintf(stderr, "d2i_AutoPrivateKey(kExampleRSAKeyDER) failed\n"); + return 1; + } + + if (!test_d2i_AutoPrivateKey + (kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA)) { + fprintf(stderr, "d2i_AutoPrivateKey(kExampleRSAKeyPKCS8) failed\n"); + return 1; + } + + if (!test_d2i_AutoPrivateKey(kExampleECKeyDER, sizeof(kExampleECKeyDER), + EVP_PKEY_EC)) { + fprintf(stderr, "d2i_AutoPrivateKey(kExampleECKeyDER) failed\n"); + return 1; + } + + if (!test_EVP_PKCS82PKEY()) { + fprintf(stderr, "test_EVP_PKCS82PKEY failed\n"); + return 1; + } + + EVP_cleanup(); + CRYPTO_cleanup_all_ex_data(); + ERR_remove_thread_state(NULL); + ERR_free_strings(); + CRYPTO_mem_leaks_fp(stderr); + + printf("PASS\n"); + return 0; +} diff --git a/doc/crypto/d2i_ECPrivateKey.pod b/doc/crypto/d2i_ECPrivateKey.pod new file mode 100644 index 0000000..adeffe6 --- /dev/null +++ b/doc/crypto/d2i_ECPrivateKey.pod @@ -0,0 +1,67 @@ +=pod + +=head1 NAME + +i2d_ECPrivateKey, d2i_ECPrivate_key - Encode and decode functions for saving and +reading EC_KEY structures + +=head1 SYNOPSIS + + #include + + EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len); + int i2d_ECPrivateKey(EC_KEY *key, unsigned char **out); + + unsigned int EC_KEY_get_enc_flags(const EC_KEY *key); + void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags); + +=head1 DESCRIPTION + +The ECPrivateKey encode and decode routines encode and parse an +B structure into a binary format (ASN.1 DER) and back again. + +These functions are similar to the d2i_X509() functions, and you should refer to +that page for a detailed description (see L). + +The format of the external representation of the public key written by +i2d_ECPrivateKey (such as whether it is stored in a compressed form or not) is +described by the point_conversion_form. See L +for a description of point_conversion_form. + +When reading a private key encoded without an associated public key (e.g. if +EC_PKEY_NO_PUBKEY has been used - see below), then d2i_ECPrivateKey generates +the missing public key automatically. Private keys encoded without parameters +(e.g. if EC_PKEY_NO_PARAMETERS has been used - see below) cannot be loaded using +d2i_ECPrivateKey. + +The functions EC_KEY_get_enc_flags and EC_KEY_set_enc_flags get and set the +value of the encoding flags for the B. There are two encoding flags +currently defined - EC_PKEY_NO_PARAMETERS and EC_PKEY_NO_PUBKEY. These flags +define the behaviour of how the B is converted into ASN1 in a call to +i2d_ECPrivateKey. If EC_PKEY_NO_PARAMETERS is set then the public parameters for +the curve are not encoded along with the private key. If EC_PKEY_NO_PUBKEY is +set then the public key is not encoded along with the private key. + +=head1 RETURN VALUES + +d2i_ECPrivateKey() returns a valid B structure or B if an error +occurs. The error code that can be obtained by +L. + +i2d_ECPrivateKey() returns the number of bytes successfully encoded or a +negative value if an error occurs. The error code can be obtained by +L. + +EC_KEY_get_enc_flags returns the value of the current encoding flags for the +EC_KEY. + +=head1 SEE ALSO + +L, L, L, +L, L, +L, +L, +L, +L + +=cut diff --git a/doc/crypto/d2i_X509.pod b/doc/crypto/d2i_X509.pod index 298ec54..e3dc238 100644 --- a/doc/crypto/d2i_X509.pod +++ b/doc/crypto/d2i_X509.pod @@ -28,8 +28,11 @@ successful a pointer to the B structure is returned. If an error occurred then B is returned. If B is not B then the returned structure is written to B<*px>. If B<*px> is not B then it is assumed that B<*px> contains a valid B -structure and an attempt is made to reuse it. If the call is -successful B<*in> is incremented to the byte following the +structure and an attempt is made to reuse it. This "reuse" capability is present +for historical compatibility but its use is B (see BUGS +below, and the discussion in the RETURN VALUES section). + +If the call is successful B<*in> is incremented to the byte following the parsed data. i2d_X509() encodes the structure pointed to by B into DER format. @@ -210,7 +213,10 @@ always succeed. d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B structure or B if an error occurs. The error code that can be obtained by -L. +L. If the "reuse" capability has been used +with a valid X509 structure being passed in via B then the object is not +freed in the event of error but may be in a potentially invalid or inconsistent +state. i2d_X509() returns the number of bytes successfully encoded or a negative value if an error occurs. The error code can be obtained by diff --git a/test/Makefile b/test/Makefile index 685a691..9aa920d 100644 --- a/test/Makefile +++ b/test/Makefile @@ -59,6 +59,7 @@ SSLTEST= ssltest RSATEST= rsa_test ENGINETEST= enginetest EVPTEST= evp_test +EVPEXTRATEST=evp_extra_test IGETEST= igetest JPAKETEST= jpaketest SRPTEST= srptest @@ -75,7 +76,7 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST) $(MDC2TEST)$(EXE_EXT) $(RMDTEST)$(EXE_EXT) \ $(RANDTEST)$(EXE_EXT) $(DHTEST)$(EXE_EXT) $(ENGINETEST)$(EXE_EXT) \ $(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \ - $(EVPTEST)$(EXE_EXT) $(IGETEST)$(EXE_EXT) $(JPAKETEST)$(EXE_EXT) $(SRPTEST)$(EXE_EXT) \ + $(EVPTEST)$(EXE_EXT) $(EVPEXTRATEST)$(EXE_EXT) $(IGETEST)$(EXE_EXT) $(JPAKETEST)$(EXE_EXT) $(SRPTEST)$(EXE_EXT) \ $(ASN1TEST)$(EXE_EXT) $(HEARTBEATTEST)$(EXE_EXT) $(CONSTTIMETEST)$(EXE_EXT) # $(METHTEST)$(EXE_EXT) @@ -88,7 +89,7 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \ $(MDC2TEST).o $(RMDTEST).o \ $(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \ $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \ - $(EVPTEST).o $(IGETEST).o $(JPAKETEST).o $(ASN1TEST).o \ + $(EVPTEST).o $(EVPEXTRATEST).o $(IGETEST).o $(JPAKETEST).o $(ASN1TEST).o \ $(HEARTBEATTEST).o $(CONSTTIMETEST).o SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ @@ -98,7 +99,7 @@ SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ $(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \ $(RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \ $(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c $(RSATEST).c \ - $(EVPTEST).c $(IGETEST).c $(JPAKETEST).c $(SRPTEST).c $(ASN1TEST).c \ + $(EVPTEST).c $(EVPEXTRATEST).c $(IGETEST).c $(JPAKETEST).c $(SRPTEST).c $(ASN1TEST).c \ $(HEARTBEATTEST).c $(CONSTTIMETEST).c EXHEADER= @@ -141,12 +142,15 @@ alltests: \ test_rand test_bn test_ec test_ecdsa test_ecdh \ test_enc test_x509 test_rsa test_crl test_sid \ test_gen test_req test_pkcs7 test_verify test_dh test_dsa \ - test_ss test_ca test_engine test_evp test_ssl test_tsa test_ige \ + test_ss test_ca test_engine test_evp test_evp_extra test_ssl test_tsa test_ige \ test_jpake test_srp test_cms test_heartbeat test_constant_time test_evp: ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt +test_evp_extra: + ../util/shlib_wrap.sh ./$(EVPEXTRATEST) + test_des: ../util/shlib_wrap.sh ./$(DESTEST) @@ -470,6 +474,9 @@ $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO) $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO) @target=$(EVPTEST); $(BUILD_CMD) +$(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO) + @target=$(EVPEXTRATEST); $(BUILD_CMD) + $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO) @target=$(ECDSATEST); $(BUILD_CMD) @@ -612,6 +619,19 @@ enginetest.o: ../include/openssl/safestack.h ../include/openssl/sha.h enginetest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h enginetest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h enginetest.o: enginetest.c +evp_extra_test.o: ../include/openssl/asn1.h ../include/openssl/bio.h +evp_extra_test.o: ../include/openssl/buffer.h ../include/openssl/crypto.h +evp_extra_test.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +evp_extra_test.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +evp_extra_test.o: ../include/openssl/err.h ../include/openssl/evp.h +evp_extra_test.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +evp_extra_test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +evp_extra_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +evp_extra_test.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +evp_extra_test.o: ../include/openssl/safestack.h ../include/openssl/sha.h +evp_extra_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +evp_extra_test.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +evp_extra_test.o: evp_extra_test.c evp_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h evp_test.o: ../include/openssl/buffer.h ../include/openssl/conf.h evp_test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h From matt at openssl.org Wed Feb 25 20:42:43 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 25 Feb 2015 21:42:43 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150225204243.66DB31DF124@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via bfb14d724bd4f5d53145046e31b061672a4a9815 (commit) via 4d2207f097ebd50d3f23568b013539930bbdf910 (commit) via b42e4a9f6ba30ed0ce74018e9548f523e703f8be (commit) via 78a6b77976df1313c17f164e5e539fc75aee6b1a (commit) via ba5d0113e8bcb26857ae58a11b219aeb7bc2408a (commit) via f747572547c97dc590fcd33fb9051931106adaee (commit) from 36b619a06e5a2a296058f8dbf11a74f95cb3f71d (commit) - Log ----------------------------------------------------------------- commit bfb14d724bd4f5d53145046e31b061672a4a9815 Author: Matt Caswell Date: Fri Feb 20 09:18:29 2015 +0000 Fix some minor documentation issues Reviewed-by: Emilia K?sper commit 4d2207f097ebd50d3f23568b013539930bbdf910 Author: Matt Caswell Date: Tue Feb 10 16:21:30 2015 +0000 Remove pointless free, and use preferred way of calling d2i_* functions Reviewed-by: Emilia K?sper commit b42e4a9f6ba30ed0ce74018e9548f523e703f8be Author: Matt Caswell Date: Tue Feb 10 16:08:33 2015 +0000 Add dire warnings about the "reuse" capability of the d2i_* functions. Reviewed-by: Emilia K?sper commit 78a6b77976df1313c17f164e5e539fc75aee6b1a Author: Matt Caswell Date: Tue Feb 10 15:45:56 2015 +0000 Provide documentation for i2d_ECPrivateKey and d2i_ECPrivateKey Reviewed-by: Emilia K?sper commit ba5d0113e8bcb26857ae58a11b219aeb7bc2408a Author: Matt Caswell Date: Mon Feb 9 11:38:41 2015 +0000 Fix a failure to NULL a pointer freed on error. Inspired by BoringSSL commit 517073cd4b by Eric Roman CVE-2015-0209 Reviewed-by: Emilia K?sper commit f747572547c97dc590fcd33fb9051931106adaee Author: Matt Caswell Date: Mon Feb 9 09:45:35 2015 +0000 Import evp_test.c from BoringSSL. Unfortunately we already have a file called evp_test.c, so I have called this one evp_extra_test.c Reviewed-by: Emilia K?sper Conflicts: crypto/evp/Makefile test/Makefile ----------------------------------------------------------------------- Summary of changes: crypto/ec/ec_asn1.c | 14 +- crypto/evp/Makefile | 2 +- crypto/evp/evp_extra_test.c | 483 +++++++++++++++++++++++++++++++++++++++ doc/crypto/EC_KEY_new.pod | 22 +- doc/crypto/EC_POINT_new.pod | 9 +- doc/crypto/d2i_ECPrivateKey.pod | 67 ++++++ doc/crypto/d2i_X509.pod | 12 +- test/Makefile | 28 ++- 8 files changed, 600 insertions(+), 37 deletions(-) create mode 100644 crypto/evp/evp_extra_test.c create mode 100644 doc/crypto/d2i_ECPrivateKey.pod diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 2924374..6ff94a3 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -1017,14 +1017,8 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) EC_KEY *ret = NULL; EC_PRIVATEKEY *priv_key = NULL; - if ((priv_key = EC_PRIVATEKEY_new()) == NULL) { - ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); - return NULL; - } - - if ((priv_key = d2i_EC_PRIVATEKEY(&priv_key, in, len)) == NULL) { + if ((priv_key = d2i_EC_PRIVATEKEY(NULL, in, len)) == NULL) { ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); - EC_PRIVATEKEY_free(priv_key); return NULL; } @@ -1033,8 +1027,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); goto err; } - if (a) - *a = ret; } else ret = *a; @@ -1102,10 +1094,12 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) ret->enc_flag |= EC_PKEY_NO_PUBKEY; } + if (a) + *a = ret; ok = 1; err: if (!ok) { - if (ret) + if (ret && (a == NULL || *a != ret)) EC_KEY_free(ret); ret = NULL; } diff --git a/crypto/evp/Makefile b/crypto/evp/Makefile index 30590d5..c9afca7 100644 --- a/crypto/evp/Makefile +++ b/crypto/evp/Makefile @@ -13,7 +13,7 @@ AR= ar r CFLAGS= $(INCLUDES) $(CFLAG) GENERAL=Makefile -TEST=evp_test.c +TEST=evp_test.c evp_extra_test.c TESTDATA=evptests.txt APPS= diff --git a/crypto/evp/evp_extra_test.c b/crypto/evp/evp_extra_test.c new file mode 100644 index 0000000..d9a4106 --- /dev/null +++ b/crypto/evp/evp_extra_test.c @@ -0,0 +1,483 @@ +/* Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ +/* ==================================================================== + * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core at openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay at cryptsoft.com). This product includes software written by Tim + * Hudson (tjh at cryptsoft.com). + * + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +/* + * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you + * should never use this key anywhere but in an example. + */ +static const unsigned char kExampleRSAKeyDER[] = { + 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8, + 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59, + 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37, + 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71, + 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a, + 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4, + 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec, + 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76, + 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8, + 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7, + 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c, + 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01, + 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7, + 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85, + 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee, + 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85, + 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a, + 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15, + 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83, + 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b, + 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73, + 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99, + 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02, + 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41, + 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59, + 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9, + 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef, + 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87, + 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf, + 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5, + 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5, + 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62, + 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64, + 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8, + 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba, + 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe, + 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7, + 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe, + 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb, + 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34, + 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27, + 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0, + 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba, + 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06, + 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c, + 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e, + 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf, + 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a, + 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17, + 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1, + 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, +}; + +static const unsigned char kMsg[] = { 1, 2, 3, 4 }; + +static const unsigned char kSignature[] = { + 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d, + 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e, + 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04, + 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09, + 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67, + 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a, + 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda, + 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48, + 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04, + 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7, + 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42, +}; + +/* + * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8 + * PrivateKeyInfo. + */ +static const unsigned char kExampleRSAKeyPKCS8[] = { + 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, + 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, + 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, + 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, + 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, + 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, + 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, + 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, + 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, + 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, + 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, + 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, + 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, + 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, + 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, + 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, + 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, + 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, + 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, + 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, + 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, + 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, + 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, + 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, + 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, + 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, + 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, + 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, + 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, + 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, + 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, + 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, + 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, + 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, + 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, + 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, + 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, + 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, + 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, + 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, + 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, + 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, + 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, + 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, + 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, + 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, + 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, + 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, + 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, + 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, + 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, + 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, +}; + +/* + * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey + * structure. + */ +static const unsigned char kExampleECKeyDER[] = { + 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a, + 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08, + 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a, + 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, + 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69, + 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c, + 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9, + 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18, + 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16, + 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22, + 0xc1, +}; + +/* + * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey + * structure. The private key is equal to the order and will fail to import + */ +static const unsigned char kExampleBadECKeyDER[] = { + 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, + 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, + 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF, + 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3, + 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00, + 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, + 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 +}; + +static EVP_PKEY *load_example_rsa_key(void) +{ + EVP_PKEY *ret = NULL; + const unsigned char *derp = kExampleRSAKeyDER; + EVP_PKEY *pkey = NULL; + RSA *rsa = NULL; + + if (!d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER))) { + return NULL; + } + + pkey = EVP_PKEY_new(); + if (pkey == NULL || !EVP_PKEY_set1_RSA(pkey, rsa)) { + goto out; + } + + ret = pkey; + pkey = NULL; + + out: + if (pkey) { + EVP_PKEY_free(pkey); + } + if (rsa) { + RSA_free(rsa); + } + + return ret; +} + +static int test_EVP_DigestSignInit(void) +{ + int ret = 0; + EVP_PKEY *pkey = NULL; + unsigned char *sig = NULL; + size_t sig_len = 0; + EVP_MD_CTX md_ctx, md_ctx_verify; + + EVP_MD_CTX_init(&md_ctx); + EVP_MD_CTX_init(&md_ctx_verify); + + pkey = load_example_rsa_key(); + if (pkey == NULL || + !EVP_DigestSignInit(&md_ctx, NULL, EVP_sha256(), NULL, pkey) || + !EVP_DigestSignUpdate(&md_ctx, kMsg, sizeof(kMsg))) { + goto out; + } + /* Determine the size of the signature. */ + if (!EVP_DigestSignFinal(&md_ctx, NULL, &sig_len)) { + goto out; + } + /* Sanity check for testing. */ + if (sig_len != (size_t)EVP_PKEY_size(pkey)) { + fprintf(stderr, "sig_len mismatch\n"); + goto out; + } + + sig = OPENSSL_malloc(sig_len); + if (sig == NULL || !EVP_DigestSignFinal(&md_ctx, sig, &sig_len)) { + goto out; + } + + /* Ensure that the signature round-trips. */ + if (!EVP_DigestVerifyInit(&md_ctx_verify, NULL, EVP_sha256(), NULL, pkey) + || !EVP_DigestVerifyUpdate(&md_ctx_verify, kMsg, sizeof(kMsg)) + || !EVP_DigestVerifyFinal(&md_ctx_verify, sig, sig_len)) { + goto out; + } + + ret = 1; + + out: + if (!ret) { + ERR_print_errors_fp(stderr); + } + + EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_cleanup(&md_ctx_verify); + if (pkey) { + EVP_PKEY_free(pkey); + } + if (sig) { + OPENSSL_free(sig); + } + + return ret; +} + +static int test_EVP_DigestVerifyInit(void) +{ + int ret = 0; + EVP_PKEY *pkey = NULL; + EVP_MD_CTX md_ctx; + + EVP_MD_CTX_init(&md_ctx); + + pkey = load_example_rsa_key(); + if (pkey == NULL || + !EVP_DigestVerifyInit(&md_ctx, NULL, EVP_sha256(), NULL, pkey) || + !EVP_DigestVerifyUpdate(&md_ctx, kMsg, sizeof(kMsg)) || + !EVP_DigestVerifyFinal(&md_ctx, kSignature, sizeof(kSignature))) { + goto out; + } + ret = 1; + + out: + if (!ret) { + ERR_print_errors_fp(stderr); + } + + EVP_MD_CTX_cleanup(&md_ctx); + if (pkey) { + EVP_PKEY_free(pkey); + } + + return ret; +} + +static int test_d2i_AutoPrivateKey(const unsigned char *input, + size_t input_len, int expected_id) +{ + int ret = 0; + const unsigned char *p; + EVP_PKEY *pkey = NULL; + + p = input; + pkey = d2i_AutoPrivateKey(NULL, &p, input_len); + if (pkey == NULL || p != input + input_len) { + fprintf(stderr, "d2i_AutoPrivateKey failed\n"); + goto done; + } + + if (EVP_PKEY_id(pkey) != expected_id) { + fprintf(stderr, "Did not decode expected type\n"); + goto done; + } + + ret = 1; + + done: + if (!ret) { + ERR_print_errors_fp(stderr); + } + + if (pkey != NULL) { + EVP_PKEY_free(pkey); + } + return ret; +} + +/* Tests loading a bad key in PKCS8 format */ +static int test_EVP_PKCS82PKEY(void) +{ + int ret = 0; + const unsigned char *derp = kExampleBadECKeyDER; + PKCS8_PRIV_KEY_INFO *p8inf = NULL; + EVP_PKEY *pkey = NULL; + + p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp, sizeof(kExampleBadECKeyDER)); + + if (!p8inf || derp != kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)) { + fprintf(stderr, "Failed to parse key\n"); + goto done; + } + + pkey = EVP_PKCS82PKEY(p8inf); + if (pkey) { + fprintf(stderr, "Imported invalid EC key\n"); + goto done; + } + + ret = 1; + + done: + if (p8inf != NULL) { + PKCS8_PRIV_KEY_INFO_free(p8inf); + } + + if (pkey != NULL) { + EVP_PKEY_free(pkey); + } + + return ret; +} + +int main(void) +{ + CRYPTO_malloc_debug_init(); + CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + ERR_load_crypto_strings(); + /* Load up the software EVP_CIPHER and EVP_MD definitions */ + OpenSSL_add_all_ciphers(); + OpenSSL_add_all_digests(); + + if (!test_EVP_DigestSignInit()) { + fprintf(stderr, "EVP_DigestSignInit failed\n"); + return 1; + } + + if (!test_EVP_DigestVerifyInit()) { + fprintf(stderr, "EVP_DigestVerifyInit failed\n"); + return 1; + } + + if (!test_d2i_AutoPrivateKey(kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), + EVP_PKEY_RSA)) { + fprintf(stderr, "d2i_AutoPrivateKey(kExampleRSAKeyDER) failed\n"); + return 1; + } + + if (!test_d2i_AutoPrivateKey + (kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA)) { + fprintf(stderr, "d2i_AutoPrivateKey(kExampleRSAKeyPKCS8) failed\n"); + return 1; + } + + if (!test_d2i_AutoPrivateKey(kExampleECKeyDER, sizeof(kExampleECKeyDER), + EVP_PKEY_EC)) { + fprintf(stderr, "d2i_AutoPrivateKey(kExampleECKeyDER) failed\n"); + return 1; + } + + if (!test_EVP_PKCS82PKEY()) { + fprintf(stderr, "test_EVP_PKCS82PKEY failed\n"); + return 1; + } + + EVP_cleanup(); + CRYPTO_cleanup_all_ex_data(); + ERR_remove_thread_state(NULL); + ERR_free_strings(); + CRYPTO_mem_leaks_fp(stderr); + + printf("PASS\n"); + return 0; +} diff --git a/doc/crypto/EC_KEY_new.pod b/doc/crypto/EC_KEY_new.pod index 2027569..e859689 100644 --- a/doc/crypto/EC_KEY_new.pod +++ b/doc/crypto/EC_KEY_new.pod @@ -24,8 +24,6 @@ EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags, EC_KEY_clear_flags, EC_KEY_new_b int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv); const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key); int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub); - unsigned int EC_KEY_get_enc_flags(const EC_KEY *key); - void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags); point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform); void *EC_KEY_get_key_method_data(EC_KEY *key, @@ -69,16 +67,6 @@ on the key to confirm that it is valid. The functions EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key, EC_KEY_set_private_key, EC_KEY_get0_public_key, and EC_KEY_set_public_key get and set the EC_GROUP object, the private key and the EC_POINT public key for the B respectively. -The functions EC_KEY_get_enc_flags and EC_KEY_set_enc_flags get and set the value of the encoding flags for the B. There are two encoding -flags currently defined - EC_PKEY_NO_PARAMETERS and EC_PKEY_NO_PUBKEY. These flags define the behaviour of how the B is -converted into ASN1 in a call to i2d_ECPrivateKey. If EC_PKEY_NO_PARAMETERS is set then the public parameters for the curve are not encoded -along with the private key. If EC_PKEY_NO_PUBKEY is set then the public key is not encoded along with the private key. - -When reading a private key encoded with EC_PKEY_NO_PUBKEY, -d2i_ECPrivateKey generates the missing public key -automatically. Private keys encoded with EC_PKEY_NO_PARAMETERS cannot -be loaded using d2i_ECPrivateKey. - The functions EC_KEY_get_conv_form and EC_KEY_set_conv_form get and set the point_conversion_form for the B. For a description of point_conversion_forms please refer to L. @@ -106,15 +94,15 @@ EC_KEY_get0_group returns the EC_GROUP associated with the EC_KEY. EC_KEY_get0_private_key returns the private key associated with the EC_KEY. -EC_KEY_get_enc_flags returns the value of the current encoding flags for the EC_KEY. - EC_KEY_get_conv_form return the point_conversion_form for the EC_KEY. =head1 SEE ALSO -L, L, L, L, -L, L, -L, L +L, L, L, +L, L, +L, +L, +L =cut diff --git a/doc/crypto/EC_POINT_new.pod b/doc/crypto/EC_POINT_new.pod index 69eb0d1..858baf4 100644 --- a/doc/crypto/EC_POINT_new.pod +++ b/doc/crypto/EC_POINT_new.pod @@ -81,8 +81,13 @@ on the curve there will only ever be two possible values for y. Therefore a poin and EC_POINT_set_compressed_coordinates_GF2m functions where B is the x co-ordinate and B is a value 0 or 1 to identify which of the two possible values for y should be used. -In addition EC_POINTs can be converted to and from various external representations. Supported representations are octet strings, BIGNUMs and hexadecimal. The format of the external representation is described by the point_conversion_form. See L for -a description of point_conversion_form. Octet strings are stored in a buffer along with an associated buffer length. A point held in a BIGNUM is calculated by converting the point to an octet string and then converting that octet string into a BIGNUM integer. Points in hexadecimal format are stored in a NULL terminated character string where each character is one of the printable values 0-9 or A-F (or a-f). +In addition EC_POINTs can be converted to and from various external +representations. Supported representations are octet strings, BIGNUMs and +hexadecimal. Octet strings are stored in a buffer along with an associated +buffer length. A point held in a BIGNUM is calculated by converting the point to +an octet string and then converting that octet string into a BIGNUM integer. +Points in hexadecimal format are stored in a NULL terminated character string +where each character is one of the printable values 0-9 or A-F (or a-f). The functions EC_POINT_point2oct, EC_POINT_oct2point, EC_POINT_point2bn, EC_POINT_bn2point, EC_POINT_point2hex and EC_POINT_hex2point convert from and to EC_POINTs for the formats: octet string, BIGNUM and hexadecimal respectively. diff --git a/doc/crypto/d2i_ECPrivateKey.pod b/doc/crypto/d2i_ECPrivateKey.pod new file mode 100644 index 0000000..adeffe6 --- /dev/null +++ b/doc/crypto/d2i_ECPrivateKey.pod @@ -0,0 +1,67 @@ +=pod + +=head1 NAME + +i2d_ECPrivateKey, d2i_ECPrivate_key - Encode and decode functions for saving and +reading EC_KEY structures + +=head1 SYNOPSIS + + #include + + EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len); + int i2d_ECPrivateKey(EC_KEY *key, unsigned char **out); + + unsigned int EC_KEY_get_enc_flags(const EC_KEY *key); + void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags); + +=head1 DESCRIPTION + +The ECPrivateKey encode and decode routines encode and parse an +B structure into a binary format (ASN.1 DER) and back again. + +These functions are similar to the d2i_X509() functions, and you should refer to +that page for a detailed description (see L). + +The format of the external representation of the public key written by +i2d_ECPrivateKey (such as whether it is stored in a compressed form or not) is +described by the point_conversion_form. See L +for a description of point_conversion_form. + +When reading a private key encoded without an associated public key (e.g. if +EC_PKEY_NO_PUBKEY has been used - see below), then d2i_ECPrivateKey generates +the missing public key automatically. Private keys encoded without parameters +(e.g. if EC_PKEY_NO_PARAMETERS has been used - see below) cannot be loaded using +d2i_ECPrivateKey. + +The functions EC_KEY_get_enc_flags and EC_KEY_set_enc_flags get and set the +value of the encoding flags for the B. There are two encoding flags +currently defined - EC_PKEY_NO_PARAMETERS and EC_PKEY_NO_PUBKEY. These flags +define the behaviour of how the B is converted into ASN1 in a call to +i2d_ECPrivateKey. If EC_PKEY_NO_PARAMETERS is set then the public parameters for +the curve are not encoded along with the private key. If EC_PKEY_NO_PUBKEY is +set then the public key is not encoded along with the private key. + +=head1 RETURN VALUES + +d2i_ECPrivateKey() returns a valid B structure or B if an error +occurs. The error code that can be obtained by +L. + +i2d_ECPrivateKey() returns the number of bytes successfully encoded or a +negative value if an error occurs. The error code can be obtained by +L. + +EC_KEY_get_enc_flags returns the value of the current encoding flags for the +EC_KEY. + +=head1 SEE ALSO + +L, L, L, +L, L, +L, +L, +L, +L + +=cut diff --git a/doc/crypto/d2i_X509.pod b/doc/crypto/d2i_X509.pod index fea6e86..5b7c16f 100644 --- a/doc/crypto/d2i_X509.pod +++ b/doc/crypto/d2i_X509.pod @@ -30,8 +30,11 @@ successful a pointer to the B structure is returned. If an error occurred then B is returned. If B is not B then the returned structure is written to B<*px>. If B<*px> is not B then it is assumed that B<*px> contains a valid B -structure and an attempt is made to reuse it. If the call is -successful B<*in> is incremented to the byte following the +structure and an attempt is made to reuse it. This "reuse" capability is present +for historical compatibility but its use is B (see BUGS +below, and the discussion in the RETURN VALUES section). + +If the call is successful B<*in> is incremented to the byte following the parsed data. i2d_X509() encodes the structure pointed to by B into DER format. @@ -233,7 +236,10 @@ i2d_re_X509_tbs(). d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B structure or B if an error occurs. The error code that can be obtained by -L. +L. If the "reuse" capability has been used +with a valid X509 structure being passed in via B then the object is not +freed in the event of error but may be in a potentially invalid or inconsistent +state. i2d_X509() returns the number of bytes successfully encoded or a negative value if an error occurs. The error code can be obtained by diff --git a/test/Makefile b/test/Makefile index bc4a920..3388679 100644 --- a/test/Makefile +++ b/test/Makefile @@ -60,6 +60,7 @@ SSLTEST= ssltest RSATEST= rsa_test ENGINETEST= enginetest EVPTEST= evp_test +EVPEXTRATEST=evp_extra_test IGETEST= igetest JPAKETEST= jpaketest SRPTEST= srptest @@ -77,7 +78,7 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST) $(MDC2TEST)$(EXE_EXT) $(RMDTEST)$(EXE_EXT) \ $(RANDTEST)$(EXE_EXT) $(DHTEST)$(EXE_EXT) $(ENGINETEST)$(EXE_EXT) \ $(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \ - $(EVPTEST)$(EXE_EXT) $(IGETEST)$(EXE_EXT) $(JPAKETEST)$(EXE_EXT) $(SRPTEST)$(EXE_EXT) \ + $(EVPTEST)$(EXE_EXT) $(EVPEXTRATEST)$(EXE_EXT) $(IGETEST)$(EXE_EXT) $(JPAKETEST)$(EXE_EXT) $(SRPTEST)$(EXE_EXT) \ $(ASN1TEST)$(EXE_EXT) $(V3NAMETEST)$(EXE_EXT) $(HEARTBEATTEST)$(EXE_EXT) \ $(CONSTTIMETEST)$(EXE_EXT) @@ -91,7 +92,7 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \ $(MDC2TEST).o $(RMDTEST).o \ $(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \ $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \ - $(EVPTEST).o $(IGETEST).o $(JPAKETEST).o $(ASN1TEST).o $(V3NAMETEST).o \ + $(EVPTEST).o $(EVPEXTRATEST).o $(IGETEST).o $(JPAKETEST).o $(ASN1TEST).o $(V3NAMETEST).o \ $(HEARTBEATTEST).o $(CONSTTIMETEST).o SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ @@ -101,7 +102,7 @@ SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ $(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \ $(RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \ $(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c $(RSATEST).c \ - $(EVPTEST).c $(IGETEST).c $(JPAKETEST).c $(SRPTEST).c $(ASN1TEST).c \ + $(EVPTEST).c $(EVPEXTRATEST).c $(IGETEST).c $(JPAKETEST).c $(SRPTEST).c $(ASN1TEST).c \ $(V3NAMETEST).c $(HEARTBEATTEST).c $(CONSTTIMETEST).c EXHEADER= @@ -144,13 +145,16 @@ alltests: \ test_rand test_bn test_ec test_ecdsa test_ecdh \ test_enc test_x509 test_rsa test_crl test_sid \ test_gen test_req test_pkcs7 test_verify test_dh test_dsa \ - test_ss test_ca test_engine test_evp test_ssl test_tsa test_ige \ + test_ss test_ca test_engine test_evp test_evp_extra test_ssl test_tsa test_ige \ test_jpake test_srp test_cms test_ocsp test_v3name test_heartbeat \ test_constant_time test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt +test_evp_extra: $(EVPEXTRATEST)$(EXE_EXT) + ../util/shlib_wrap.sh ./$(EVPEXTRATEST) + test_des: $(DESTEST)$(EXE_EXT) ../util/shlib_wrap.sh ./$(DESTEST) @@ -484,6 +488,9 @@ $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO) $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO) @target=$(EVPTEST); $(BUILD_CMD) +$(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO) + @target=$(EVPEXTRATEST); $(BUILD_CMD) + $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO) @target=$(ECDSATEST); $(BUILD_CMD) @@ -629,6 +636,19 @@ enginetest.o: ../include/openssl/safestack.h ../include/openssl/sha.h enginetest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h enginetest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h enginetest.o: enginetest.c +evp_extra_test.o: ../include/openssl/asn1.h ../include/openssl/bio.h +evp_extra_test.o: ../include/openssl/buffer.h ../include/openssl/crypto.h +evp_extra_test.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +evp_extra_test.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +evp_extra_test.o: ../include/openssl/err.h ../include/openssl/evp.h +evp_extra_test.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +evp_extra_test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +evp_extra_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +evp_extra_test.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +evp_extra_test.o: ../include/openssl/safestack.h ../include/openssl/sha.h +evp_extra_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +evp_extra_test.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +evp_extra_test.o: evp_extra_test.c evp_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h evp_test.o: ../include/openssl/buffer.h ../include/openssl/conf.h evp_test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h From matt at openssl.org Wed Feb 25 20:42:50 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 25 Feb 2015 21:42:50 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150225204250.545BF1DF124@butler.localdomain> The branch master has been updated via 12e0ea306a18daefecd7ce769b1cc8bf401aae4c (commit) via 535bc8faf69dc4ff39e2ee99195b268cf99b9569 (commit) via 09f278f9252025846dee8aa992ef7079c70b99d0 (commit) via 93b83d0626e73bb09559ce85aefa418ac7318d59 (commit) via 9e442d485008046933cdc7da65080f436a4af089 (commit) via 71ea6b4836a9ec40857f295e7cd00e04edc17e47 (commit) from fa7b01115bc33d9b40936688bb3c952dc93b645a (commit) - Log ----------------------------------------------------------------- commit 12e0ea306a18daefecd7ce769b1cc8bf401aae4c Author: Matt Caswell Date: Fri Feb 20 09:18:29 2015 +0000 Fix some minor documentation issues Reviewed-by: Emilia K?sper commit 535bc8faf69dc4ff39e2ee99195b268cf99b9569 Author: Matt Caswell Date: Tue Feb 10 16:21:30 2015 +0000 Remove pointless free, and use preferred way of calling d2i_* functions Reviewed-by: Emilia K?sper commit 09f278f9252025846dee8aa992ef7079c70b99d0 Author: Matt Caswell Date: Tue Feb 10 16:08:33 2015 +0000 Add dire warnings about the "reuse" capability of the d2i_* functions. Reviewed-by: Emilia K?sper commit 93b83d0626e73bb09559ce85aefa418ac7318d59 Author: Matt Caswell Date: Tue Feb 10 15:45:56 2015 +0000 Provide documentation for i2d_ECPrivateKey and d2i_ECPrivateKey Reviewed-by: Emilia K?sper commit 9e442d485008046933cdc7da65080f436a4af089 Author: Matt Caswell Date: Mon Feb 9 11:38:41 2015 +0000 Fix a failure to NULL a pointer freed on error. Inspired by BoringSSL commit 517073cd4b by Eric Roman CVE-2015-0209 Reviewed-by: Emilia K?sper commit 71ea6b4836a9ec40857f295e7cd00e04edc17e47 Author: Matt Caswell Date: Mon Feb 9 09:45:35 2015 +0000 Import evp_test.c from BoringSSL. Unfortunately we already have a file called evp_test.c, so I have called this one evp_extra_test.c Reviewed-by: Emilia K?sper ----------------------------------------------------------------------- Summary of changes: crypto/ec/ec_asn1.c | 14 +- crypto/evp/Makefile | 2 +- crypto/evp/evp_extra_test.c | 483 +++++++++++++++++++++++++++++++++++++++ doc/crypto/EC_KEY_new.pod | 22 +- doc/crypto/EC_POINT_new.pod | 9 +- doc/crypto/d2i_ECPrivateKey.pod | 67 ++++++ doc/crypto/d2i_X509.pod | 12 +- test/Makefile | 55 +++-- 8 files changed, 612 insertions(+), 52 deletions(-) create mode 100644 crypto/evp/evp_extra_test.c create mode 100644 doc/crypto/d2i_ECPrivateKey.pod diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 2924374..6ff94a3 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -1017,14 +1017,8 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) EC_KEY *ret = NULL; EC_PRIVATEKEY *priv_key = NULL; - if ((priv_key = EC_PRIVATEKEY_new()) == NULL) { - ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); - return NULL; - } - - if ((priv_key = d2i_EC_PRIVATEKEY(&priv_key, in, len)) == NULL) { + if ((priv_key = d2i_EC_PRIVATEKEY(NULL, in, len)) == NULL) { ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); - EC_PRIVATEKEY_free(priv_key); return NULL; } @@ -1033,8 +1027,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); goto err; } - if (a) - *a = ret; } else ret = *a; @@ -1102,10 +1094,12 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) ret->enc_flag |= EC_PKEY_NO_PUBKEY; } + if (a) + *a = ret; ok = 1; err: if (!ok) { - if (ret) + if (ret && (a == NULL || *a != ret)) EC_KEY_free(ret); ret = NULL; } diff --git a/crypto/evp/Makefile b/crypto/evp/Makefile index ccaa6c8..9b3095f 100644 --- a/crypto/evp/Makefile +++ b/crypto/evp/Makefile @@ -13,7 +13,7 @@ AR= ar r CFLAGS= $(INCLUDES) $(CFLAG) GENERAL=Makefile -TEST=evp_test.c p5_crpt2_test.c +TEST=evp_test.c p5_crpt2_test.c evp_extra_test.c TESTDATA=evptests.txt APPS= diff --git a/crypto/evp/evp_extra_test.c b/crypto/evp/evp_extra_test.c new file mode 100644 index 0000000..d9a4106 --- /dev/null +++ b/crypto/evp/evp_extra_test.c @@ -0,0 +1,483 @@ +/* Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ +/* ==================================================================== + * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core at openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay at cryptsoft.com). This product includes software written by Tim + * Hudson (tjh at cryptsoft.com). + * + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +/* + * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you + * should never use this key anywhere but in an example. + */ +static const unsigned char kExampleRSAKeyDER[] = { + 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8, + 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59, + 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37, + 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71, + 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a, + 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4, + 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec, + 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76, + 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8, + 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7, + 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c, + 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01, + 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7, + 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85, + 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee, + 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85, + 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a, + 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15, + 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83, + 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b, + 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73, + 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99, + 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02, + 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41, + 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59, + 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9, + 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef, + 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87, + 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf, + 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5, + 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5, + 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62, + 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64, + 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8, + 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba, + 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe, + 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7, + 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe, + 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb, + 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34, + 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27, + 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0, + 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba, + 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06, + 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c, + 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e, + 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf, + 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a, + 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17, + 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1, + 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, +}; + +static const unsigned char kMsg[] = { 1, 2, 3, 4 }; + +static const unsigned char kSignature[] = { + 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d, + 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e, + 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04, + 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09, + 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67, + 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a, + 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda, + 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48, + 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04, + 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7, + 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42, +}; + +/* + * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8 + * PrivateKeyInfo. + */ +static const unsigned char kExampleRSAKeyPKCS8[] = { + 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, + 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, + 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, + 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, + 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, + 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, + 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, + 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, + 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, + 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, + 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, + 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, + 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, + 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, + 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, + 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, + 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, + 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, + 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, + 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, + 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, + 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, + 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, + 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, + 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, + 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, + 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, + 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, + 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, + 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, + 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, + 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, + 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, + 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, + 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, + 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, + 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, + 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, + 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, + 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, + 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, + 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, + 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, + 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, + 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, + 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, + 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, + 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, + 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, + 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, + 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, + 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, +}; + +/* + * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey + * structure. + */ +static const unsigned char kExampleECKeyDER[] = { + 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a, + 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08, + 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a, + 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, + 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69, + 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c, + 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9, + 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18, + 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16, + 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22, + 0xc1, +}; + +/* + * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey + * structure. The private key is equal to the order and will fail to import + */ +static const unsigned char kExampleBadECKeyDER[] = { + 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, + 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, + 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF, + 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3, + 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00, + 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, + 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 +}; + +static EVP_PKEY *load_example_rsa_key(void) +{ + EVP_PKEY *ret = NULL; + const unsigned char *derp = kExampleRSAKeyDER; + EVP_PKEY *pkey = NULL; + RSA *rsa = NULL; + + if (!d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER))) { + return NULL; + } + + pkey = EVP_PKEY_new(); + if (pkey == NULL || !EVP_PKEY_set1_RSA(pkey, rsa)) { + goto out; + } + + ret = pkey; + pkey = NULL; + + out: + if (pkey) { + EVP_PKEY_free(pkey); + } + if (rsa) { + RSA_free(rsa); + } + + return ret; +} + +static int test_EVP_DigestSignInit(void) +{ + int ret = 0; + EVP_PKEY *pkey = NULL; + unsigned char *sig = NULL; + size_t sig_len = 0; + EVP_MD_CTX md_ctx, md_ctx_verify; + + EVP_MD_CTX_init(&md_ctx); + EVP_MD_CTX_init(&md_ctx_verify); + + pkey = load_example_rsa_key(); + if (pkey == NULL || + !EVP_DigestSignInit(&md_ctx, NULL, EVP_sha256(), NULL, pkey) || + !EVP_DigestSignUpdate(&md_ctx, kMsg, sizeof(kMsg))) { + goto out; + } + /* Determine the size of the signature. */ + if (!EVP_DigestSignFinal(&md_ctx, NULL, &sig_len)) { + goto out; + } + /* Sanity check for testing. */ + if (sig_len != (size_t)EVP_PKEY_size(pkey)) { + fprintf(stderr, "sig_len mismatch\n"); + goto out; + } + + sig = OPENSSL_malloc(sig_len); + if (sig == NULL || !EVP_DigestSignFinal(&md_ctx, sig, &sig_len)) { + goto out; + } + + /* Ensure that the signature round-trips. */ + if (!EVP_DigestVerifyInit(&md_ctx_verify, NULL, EVP_sha256(), NULL, pkey) + || !EVP_DigestVerifyUpdate(&md_ctx_verify, kMsg, sizeof(kMsg)) + || !EVP_DigestVerifyFinal(&md_ctx_verify, sig, sig_len)) { + goto out; + } + + ret = 1; + + out: + if (!ret) { + ERR_print_errors_fp(stderr); + } + + EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_cleanup(&md_ctx_verify); + if (pkey) { + EVP_PKEY_free(pkey); + } + if (sig) { + OPENSSL_free(sig); + } + + return ret; +} + +static int test_EVP_DigestVerifyInit(void) +{ + int ret = 0; + EVP_PKEY *pkey = NULL; + EVP_MD_CTX md_ctx; + + EVP_MD_CTX_init(&md_ctx); + + pkey = load_example_rsa_key(); + if (pkey == NULL || + !EVP_DigestVerifyInit(&md_ctx, NULL, EVP_sha256(), NULL, pkey) || + !EVP_DigestVerifyUpdate(&md_ctx, kMsg, sizeof(kMsg)) || + !EVP_DigestVerifyFinal(&md_ctx, kSignature, sizeof(kSignature))) { + goto out; + } + ret = 1; + + out: + if (!ret) { + ERR_print_errors_fp(stderr); + } + + EVP_MD_CTX_cleanup(&md_ctx); + if (pkey) { + EVP_PKEY_free(pkey); + } + + return ret; +} + +static int test_d2i_AutoPrivateKey(const unsigned char *input, + size_t input_len, int expected_id) +{ + int ret = 0; + const unsigned char *p; + EVP_PKEY *pkey = NULL; + + p = input; + pkey = d2i_AutoPrivateKey(NULL, &p, input_len); + if (pkey == NULL || p != input + input_len) { + fprintf(stderr, "d2i_AutoPrivateKey failed\n"); + goto done; + } + + if (EVP_PKEY_id(pkey) != expected_id) { + fprintf(stderr, "Did not decode expected type\n"); + goto done; + } + + ret = 1; + + done: + if (!ret) { + ERR_print_errors_fp(stderr); + } + + if (pkey != NULL) { + EVP_PKEY_free(pkey); + } + return ret; +} + +/* Tests loading a bad key in PKCS8 format */ +static int test_EVP_PKCS82PKEY(void) +{ + int ret = 0; + const unsigned char *derp = kExampleBadECKeyDER; + PKCS8_PRIV_KEY_INFO *p8inf = NULL; + EVP_PKEY *pkey = NULL; + + p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp, sizeof(kExampleBadECKeyDER)); + + if (!p8inf || derp != kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)) { + fprintf(stderr, "Failed to parse key\n"); + goto done; + } + + pkey = EVP_PKCS82PKEY(p8inf); + if (pkey) { + fprintf(stderr, "Imported invalid EC key\n"); + goto done; + } + + ret = 1; + + done: + if (p8inf != NULL) { + PKCS8_PRIV_KEY_INFO_free(p8inf); + } + + if (pkey != NULL) { + EVP_PKEY_free(pkey); + } + + return ret; +} + +int main(void) +{ + CRYPTO_malloc_debug_init(); + CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + ERR_load_crypto_strings(); + /* Load up the software EVP_CIPHER and EVP_MD definitions */ + OpenSSL_add_all_ciphers(); + OpenSSL_add_all_digests(); + + if (!test_EVP_DigestSignInit()) { + fprintf(stderr, "EVP_DigestSignInit failed\n"); + return 1; + } + + if (!test_EVP_DigestVerifyInit()) { + fprintf(stderr, "EVP_DigestVerifyInit failed\n"); + return 1; + } + + if (!test_d2i_AutoPrivateKey(kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), + EVP_PKEY_RSA)) { + fprintf(stderr, "d2i_AutoPrivateKey(kExampleRSAKeyDER) failed\n"); + return 1; + } + + if (!test_d2i_AutoPrivateKey + (kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA)) { + fprintf(stderr, "d2i_AutoPrivateKey(kExampleRSAKeyPKCS8) failed\n"); + return 1; + } + + if (!test_d2i_AutoPrivateKey(kExampleECKeyDER, sizeof(kExampleECKeyDER), + EVP_PKEY_EC)) { + fprintf(stderr, "d2i_AutoPrivateKey(kExampleECKeyDER) failed\n"); + return 1; + } + + if (!test_EVP_PKCS82PKEY()) { + fprintf(stderr, "test_EVP_PKCS82PKEY failed\n"); + return 1; + } + + EVP_cleanup(); + CRYPTO_cleanup_all_ex_data(); + ERR_remove_thread_state(NULL); + ERR_free_strings(); + CRYPTO_mem_leaks_fp(stderr); + + printf("PASS\n"); + return 0; +} diff --git a/doc/crypto/EC_KEY_new.pod b/doc/crypto/EC_KEY_new.pod index 2027569..e859689 100644 --- a/doc/crypto/EC_KEY_new.pod +++ b/doc/crypto/EC_KEY_new.pod @@ -24,8 +24,6 @@ EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags, EC_KEY_clear_flags, EC_KEY_new_b int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv); const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key); int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub); - unsigned int EC_KEY_get_enc_flags(const EC_KEY *key); - void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags); point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform); void *EC_KEY_get_key_method_data(EC_KEY *key, @@ -69,16 +67,6 @@ on the key to confirm that it is valid. The functions EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key, EC_KEY_set_private_key, EC_KEY_get0_public_key, and EC_KEY_set_public_key get and set the EC_GROUP object, the private key and the EC_POINT public key for the B respectively. -The functions EC_KEY_get_enc_flags and EC_KEY_set_enc_flags get and set the value of the encoding flags for the B. There are two encoding -flags currently defined - EC_PKEY_NO_PARAMETERS and EC_PKEY_NO_PUBKEY. These flags define the behaviour of how the B is -converted into ASN1 in a call to i2d_ECPrivateKey. If EC_PKEY_NO_PARAMETERS is set then the public parameters for the curve are not encoded -along with the private key. If EC_PKEY_NO_PUBKEY is set then the public key is not encoded along with the private key. - -When reading a private key encoded with EC_PKEY_NO_PUBKEY, -d2i_ECPrivateKey generates the missing public key -automatically. Private keys encoded with EC_PKEY_NO_PARAMETERS cannot -be loaded using d2i_ECPrivateKey. - The functions EC_KEY_get_conv_form and EC_KEY_set_conv_form get and set the point_conversion_form for the B. For a description of point_conversion_forms please refer to L. @@ -106,15 +94,15 @@ EC_KEY_get0_group returns the EC_GROUP associated with the EC_KEY. EC_KEY_get0_private_key returns the private key associated with the EC_KEY. -EC_KEY_get_enc_flags returns the value of the current encoding flags for the EC_KEY. - EC_KEY_get_conv_form return the point_conversion_form for the EC_KEY. =head1 SEE ALSO -L, L, L, L, -L, L, -L, L +L, L, L, +L, L, +L, +L, +L =cut diff --git a/doc/crypto/EC_POINT_new.pod b/doc/crypto/EC_POINT_new.pod index 69eb0d1..858baf4 100644 --- a/doc/crypto/EC_POINT_new.pod +++ b/doc/crypto/EC_POINT_new.pod @@ -81,8 +81,13 @@ on the curve there will only ever be two possible values for y. Therefore a poin and EC_POINT_set_compressed_coordinates_GF2m functions where B is the x co-ordinate and B is a value 0 or 1 to identify which of the two possible values for y should be used. -In addition EC_POINTs can be converted to and from various external representations. Supported representations are octet strings, BIGNUMs and hexadecimal. The format of the external representation is described by the point_conversion_form. See L for -a description of point_conversion_form. Octet strings are stored in a buffer along with an associated buffer length. A point held in a BIGNUM is calculated by converting the point to an octet string and then converting that octet string into a BIGNUM integer. Points in hexadecimal format are stored in a NULL terminated character string where each character is one of the printable values 0-9 or A-F (or a-f). +In addition EC_POINTs can be converted to and from various external +representations. Supported representations are octet strings, BIGNUMs and +hexadecimal. Octet strings are stored in a buffer along with an associated +buffer length. A point held in a BIGNUM is calculated by converting the point to +an octet string and then converting that octet string into a BIGNUM integer. +Points in hexadecimal format are stored in a NULL terminated character string +where each character is one of the printable values 0-9 or A-F (or a-f). The functions EC_POINT_point2oct, EC_POINT_oct2point, EC_POINT_point2bn, EC_POINT_bn2point, EC_POINT_point2hex and EC_POINT_hex2point convert from and to EC_POINTs for the formats: octet string, BIGNUM and hexadecimal respectively. diff --git a/doc/crypto/d2i_ECPrivateKey.pod b/doc/crypto/d2i_ECPrivateKey.pod new file mode 100644 index 0000000..adeffe6 --- /dev/null +++ b/doc/crypto/d2i_ECPrivateKey.pod @@ -0,0 +1,67 @@ +=pod + +=head1 NAME + +i2d_ECPrivateKey, d2i_ECPrivate_key - Encode and decode functions for saving and +reading EC_KEY structures + +=head1 SYNOPSIS + + #include + + EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len); + int i2d_ECPrivateKey(EC_KEY *key, unsigned char **out); + + unsigned int EC_KEY_get_enc_flags(const EC_KEY *key); + void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags); + +=head1 DESCRIPTION + +The ECPrivateKey encode and decode routines encode and parse an +B structure into a binary format (ASN.1 DER) and back again. + +These functions are similar to the d2i_X509() functions, and you should refer to +that page for a detailed description (see L). + +The format of the external representation of the public key written by +i2d_ECPrivateKey (such as whether it is stored in a compressed form or not) is +described by the point_conversion_form. See L +for a description of point_conversion_form. + +When reading a private key encoded without an associated public key (e.g. if +EC_PKEY_NO_PUBKEY has been used - see below), then d2i_ECPrivateKey generates +the missing public key automatically. Private keys encoded without parameters +(e.g. if EC_PKEY_NO_PARAMETERS has been used - see below) cannot be loaded using +d2i_ECPrivateKey. + +The functions EC_KEY_get_enc_flags and EC_KEY_set_enc_flags get and set the +value of the encoding flags for the B. There are two encoding flags +currently defined - EC_PKEY_NO_PARAMETERS and EC_PKEY_NO_PUBKEY. These flags +define the behaviour of how the B is converted into ASN1 in a call to +i2d_ECPrivateKey. If EC_PKEY_NO_PARAMETERS is set then the public parameters for +the curve are not encoded along with the private key. If EC_PKEY_NO_PUBKEY is +set then the public key is not encoded along with the private key. + +=head1 RETURN VALUES + +d2i_ECPrivateKey() returns a valid B structure or B if an error +occurs. The error code that can be obtained by +L. + +i2d_ECPrivateKey() returns the number of bytes successfully encoded or a +negative value if an error occurs. The error code can be obtained by +L. + +EC_KEY_get_enc_flags returns the value of the current encoding flags for the +EC_KEY. + +=head1 SEE ALSO + +L, L, L, +L, L, +L, +L, +L, +L + +=cut diff --git a/doc/crypto/d2i_X509.pod b/doc/crypto/d2i_X509.pod index fea6e86..5b7c16f 100644 --- a/doc/crypto/d2i_X509.pod +++ b/doc/crypto/d2i_X509.pod @@ -30,8 +30,11 @@ successful a pointer to the B structure is returned. If an error occurred then B is returned. If B is not B then the returned structure is written to B<*px>. If B<*px> is not B then it is assumed that B<*px> contains a valid B -structure and an attempt is made to reuse it. If the call is -successful B<*in> is incremented to the byte following the +structure and an attempt is made to reuse it. This "reuse" capability is present +for historical compatibility but its use is B (see BUGS +below, and the discussion in the RETURN VALUES section). + +If the call is successful B<*in> is incremented to the byte following the parsed data. i2d_X509() encodes the structure pointed to by B into DER format. @@ -233,7 +236,10 @@ i2d_re_X509_tbs(). d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B structure or B if an error occurs. The error code that can be obtained by -L. +L. If the "reuse" capability has been used +with a valid X509 structure being passed in via B then the object is not +freed in the event of error but may be in a potentially invalid or inconsistent +state. i2d_X509() returns the number of bytes successfully encoded or a negative value if an error occurs. The error code can be obtained by diff --git a/test/Makefile b/test/Makefile index 4dfe892..6c85b04 100644 --- a/test/Makefile +++ b/test/Makefile @@ -61,6 +61,7 @@ SSLTEST= ssltest RSATEST= rsa_test ENGINETEST= enginetest EVPTEST= evp_test +EVPEXTRATEST=evp_extra_test P5_CRPT2_TEST= p5_crpt2_test IGETEST= igetest JPAKETEST= jpaketest @@ -80,8 +81,9 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST) $(GOST2814789TEST)$(EXE_EXT) \ $(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) \ $(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \ - $(EVPTEST)$(EXE_EXT) $(IGETEST)$(EXE_EXT) $(JPAKETEST)$(EXE_EXT) $(SRPTEST)$(EXE_EXT) \ - $(V3NAMETEST)$(EXE_EXT) $(HEARTBEATTEST)$(EXE_EXT) $(P5_CRPT2_TEST)$(EXE_EXT) \ + $(EVPTEST)$(EXE_EXT) $(EVPEXTRATEST)$(EXE_EXT) $(IGETEST)$(EXE_EXT) \ + $(JPAKETEST)$(EXE_EXT) $(SRPTEST)$(EXE_EXT) $(V3NAMETEST)$(EXE_EXT) \ + $(HEARTBEATTEST)$(EXE_EXT) $(P5_CRPT2_TEST)$(EXE_EXT) \ $(CONSTTIMETEST)$(EXE_EXT) # $(METHTEST)$(EXE_EXT) @@ -94,7 +96,7 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \ $(MDC2TEST).o $(RMDTEST).o \ $(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \ $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \ - $(EVPTEST).o $(IGETEST).o $(JPAKETEST).o $(V3NAMETEST).o \ + $(EVPTEST).o $(EVPEXTRATEST).o $(IGETEST).o $(JPAKETEST).o $(V3NAMETEST).o \ $(GOST2814789TEST).o $(HEARTBEATTEST).o $(P5_CRPT2_TEST).o \ $(CONSTTIMETEST).o testutil.o @@ -105,7 +107,7 @@ SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ $(DESTEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \ $(RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \ $(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c $(RSATEST).c \ - $(EVPTEST).c $(IGETEST).c $(JPAKETEST).c $(V3NAMETEST).c \ + $(EVPTEST).c $(EVPEXTRATEST).c $(IGETEST).c $(JPAKETEST).c $(V3NAMETEST).c \ $(GOST2814789TEST).c $(HEARTBEATTEST).c $(P5_CRPT2_TEST).c \ $(CONSTTIMETEST).c testutil.c @@ -151,14 +153,17 @@ alltests: \ test_rand test_bn test_ec test_ecdsa test_ecdh \ test_enc test_x509 test_rsa test_crl test_sid \ test_gen test_req test_pkcs7 test_verify test_dh test_dsa \ - test_ss test_ca test_engine test_evp test_ssl test_tsa test_ige \ - test_jpake test_srp test_cms test_v3name test_ocsp \ + test_ss test_ca test_engine test_evp test_evp_extra test_ssl test_tsa \ + test_ige test_jpake test_srp test_cms test_v3name test_ocsp \ test_gost2814789 test_heartbeat test_p5_crpt2 \ test_constant_time test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt +test_evp_extra: $(EVPEXTRATEST)$(EXE_EXT) + ../util/shlib_wrap.sh ./$(EVPEXTRATEST) + test_p5_crpt2: $(P5_CRPT2_TEST)$(EXE_EXT) ../util/shlib_wrap.sh ./$(P5_CRPT2_TEST) @@ -507,6 +512,9 @@ $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO) $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO) @target=$(EVPTEST); $(BUILD_CMD) +$(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO) + @target=$(EVPEXTRATEST); $(BUILD_CMD) + $(P5_CRPT2_TEST)$(EXE_EXT): $(P5_CRPT2_TEST).o $(DLIBCRYPTO) @target=$(P5_CRPT2_TEST); $(BUILD_CMD) @@ -570,11 +578,8 @@ casttest.o: ../include/openssl/opensslconf.h casttest.c constant_time_test.o: ../crypto/constant_time_locl.h ../e_os.h constant_time_test.o: ../include/openssl/e_os2.h constant_time_test.o: ../include/openssl/opensslconf.h constant_time_test.c -destest.o: ../include/openssl/des.h -destest.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h -destest.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h -destest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -destest.o: ../include/openssl/ui.h destest.c +destest.o: ../include/openssl/des.h ../include/openssl/e_os2.h +destest.o: ../include/openssl/opensslconf.h destest.c dhtest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h dhtest.o: ../include/openssl/crypto.h ../include/openssl/dh.h dhtest.o: ../include/openssl/e_os2.h ../include/openssl/err.h @@ -639,6 +644,19 @@ enginetest.o: ../include/openssl/safestack.h ../include/openssl/sha.h enginetest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h enginetest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h enginetest.o: enginetest.c +evp_extra_test.o: ../include/openssl/asn1.h ../include/openssl/bio.h +evp_extra_test.o: ../include/openssl/buffer.h ../include/openssl/crypto.h +evp_extra_test.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +evp_extra_test.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +evp_extra_test.o: ../include/openssl/err.h ../include/openssl/evp.h +evp_extra_test.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +evp_extra_test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +evp_extra_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +evp_extra_test.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +evp_extra_test.o: ../include/openssl/safestack.h ../include/openssl/sha.h +evp_extra_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +evp_extra_test.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +evp_extra_test.o: evp_extra_test.c evp_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h evp_test.o: ../include/openssl/buffer.h ../include/openssl/conf.h evp_test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h @@ -736,13 +754,12 @@ md5test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h md5test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h md5test.c mdc2test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h mdc2test.o: ../include/openssl/crypto.h ../include/openssl/des.h -mdc2test.o: ../include/openssl/e_os2.h -mdc2test.o: ../include/openssl/evp.h ../include/openssl/mdc2.h -mdc2test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -mdc2test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -mdc2test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h -mdc2test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -mdc2test.o: ../include/openssl/ui.h mdc2test.c +mdc2test.o: ../include/openssl/e_os2.h ../include/openssl/evp.h +mdc2test.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +mdc2test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +mdc2test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +mdc2test.o: ../include/openssl/safestack.h ../include/openssl/stack.h +mdc2test.o: ../include/openssl/symhacks.h mdc2test.c p5_crpt2_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h p5_crpt2_test.o: ../include/openssl/buffer.h ../include/openssl/conf.h p5_crpt2_test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h @@ -813,7 +830,7 @@ ssltest.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h ssltest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h ssltest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h ssltest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ssltest.o: ../include/openssl/x509v3.h ssltest.c +ssltest.o: ../include/openssl/x509v3.h ../ssl/ssl_locl.h ssltest.c testutil.o: testutil.c testutil.h v3nametest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h v3nametest.o: ../include/openssl/buffer.h ../include/openssl/conf.h From matt at openssl.org Wed Feb 25 20:47:54 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 25 Feb 2015 21:47:54 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150225204754.822C71DF124@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via fbabc6c06ed8acf9358e44d4328c0c90c6607d1b (commit) from bfb14d724bd4f5d53145046e31b061672a4a9815 (commit) - Log ----------------------------------------------------------------- commit fbabc6c06ed8acf9358e44d4328c0c90c6607d1b Author: Rainer Jung Date: Tue Feb 24 19:12:17 2015 +0000 Fix NAME section of d2i_ECPKParameters to prevent broken symlinks when using the extract-names.pl script. RT#3718 Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: doc/crypto/d2i_ECPKParameters.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/crypto/d2i_ECPKParameters.pod b/doc/crypto/d2i_ECPKParameters.pod index 3768c41..704b4ab 100644 --- a/doc/crypto/d2i_ECPKParameters.pod +++ b/doc/crypto/d2i_ECPKParameters.pod @@ -2,7 +2,7 @@ =head1 NAME -d2i_ECPKParameters, i2d_ECPKParameters, d2i_ECPKParameters_bio, i2d_ECPKParameters_bio, d2i_ECPKParameters_fp, i2d_ECPKParameters_fp(fp,x), ECPKParameters_print, ECPKParameters_print_fp - Functions for decoding and encoding ASN1 representations of elliptic curve entities +d2i_ECPKParameters, i2d_ECPKParameters, d2i_ECPKParameters_bio, i2d_ECPKParameters_bio, d2i_ECPKParameters_fp, i2d_ECPKParameters_fp, ECPKParameters_print, ECPKParameters_print_fp - Functions for decoding and encoding ASN1 representations of elliptic curve entities =head1 SYNOPSIS From matt at openssl.org Wed Feb 25 20:48:02 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 25 Feb 2015 21:48:02 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150225204802.D51461DF124@butler.localdomain> The branch master has been updated via 64d2733176ea9a91ed46968bcf86c86aaa96ec68 (commit) from 12e0ea306a18daefecd7ce769b1cc8bf401aae4c (commit) - Log ----------------------------------------------------------------- commit 64d2733176ea9a91ed46968bcf86c86aaa96ec68 Author: Rainer Jung Date: Tue Feb 24 19:12:17 2015 +0000 Fix NAME section of d2i_ECPKParameters to prevent broken symlinks when using the extract-names.pl script. RT#3718 Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: doc/crypto/d2i_ECPKParameters.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/crypto/d2i_ECPKParameters.pod b/doc/crypto/d2i_ECPKParameters.pod index 3768c41..704b4ab 100644 --- a/doc/crypto/d2i_ECPKParameters.pod +++ b/doc/crypto/d2i_ECPKParameters.pod @@ -2,7 +2,7 @@ =head1 NAME -d2i_ECPKParameters, i2d_ECPKParameters, d2i_ECPKParameters_bio, i2d_ECPKParameters_bio, d2i_ECPKParameters_fp, i2d_ECPKParameters_fp(fp,x), ECPKParameters_print, ECPKParameters_print_fp - Functions for decoding and encoding ASN1 representations of elliptic curve entities +d2i_ECPKParameters, i2d_ECPKParameters, d2i_ECPKParameters_bio, i2d_ECPKParameters_bio, d2i_ECPKParameters_fp, i2d_ECPKParameters_fp, ECPKParameters_print, ECPKParameters_print_fp - Functions for decoding and encoding ASN1 representations of elliptic curve entities =head1 SYNOPSIS From matt at openssl.org Wed Feb 25 22:57:34 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 25 Feb 2015 23:57:34 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150225225734.A0D401DF124@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via f2aff60f6f9eab0e24d3804e8aa641e74d1a235a (commit) from fbabc6c06ed8acf9358e44d4328c0c90c6607d1b (commit) - Log ----------------------------------------------------------------- commit f2aff60f6f9eab0e24d3804e8aa641e74d1a235a Author: Matt Caswell Date: Wed Feb 25 15:25:27 2015 +0000 Update the SHA* documentation Updates to include SHA224, SHA256, SHA384 and SHA512. In particular note the restriction on setting md to NULL with regards to thread safety. Reviewed-by: Tim Hudson (cherry picked from commit f7812493a0da6b740274135ce340ff7505027057) ----------------------------------------------------------------------- Summary of changes: doc/crypto/sha.pod | 64 ++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 49 insertions(+), 15 deletions(-) diff --git a/doc/crypto/sha.pod b/doc/crypto/sha.pod index 94ab7bc..0c9dbf2 100644 --- a/doc/crypto/sha.pod +++ b/doc/crypto/sha.pod @@ -2,29 +2,58 @@ =head1 NAME -SHA1, SHA1_Init, SHA1_Update, SHA1_Final - Secure Hash Algorithm +SHA1, SHA1_Init, SHA1_Update, SHA1_Final, SHA224, SHA224_Init, SHA224_Update, +SHA224_Final, SHA256, SHA256_Init, SHA256_Update, SHA256_Final, SHA384, +SHA384_Init, SHA384_Update, SHA384_Final, SHA512, SHA512_Init, SHA512_Update, +SHA512_Final - Secure Hash Algorithm =head1 SYNOPSIS #include - unsigned char *SHA1(const unsigned char *d, unsigned long n, - unsigned char *md); - int SHA1_Init(SHA_CTX *c); - int SHA1_Update(SHA_CTX *c, const void *data, - unsigned long len); + int SHA1_Update(SHA_CTX *c, const void *data, size_t len); int SHA1_Final(unsigned char *md, SHA_CTX *c); + unsigned char *SHA1(const unsigned char *d, size_t n, + unsigned char *md); + + int SHA224_Init(SHA256_CTX *c); + int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); + int SHA224_Final(unsigned char *md, SHA256_CTX *c); + unsigned char *SHA224(const unsigned char *d, size_t n, + unsigned char *md); + + int SHA256_Init(SHA256_CTX *c); + int SHA256_Update(SHA256_CTX *c, const void *data, size_t len); + int SHA256_Final(unsigned char *md, SHA256_CTX *c); + unsigned char *SHA256(const unsigned char *d, size_t n, + unsigned char *md); + + int SHA384_Init(SHA512_CTX *c); + int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); + int SHA384_Final(unsigned char *md, SHA512_CTX *c); + unsigned char *SHA384(const unsigned char *d, size_t n, + unsigned char *md); + + int SHA512_Init(SHA512_CTX *c); + int SHA512_Update(SHA512_CTX *c, const void *data, size_t len); + int SHA512_Final(unsigned char *md, SHA512_CTX *c); + unsigned char *SHA512(const unsigned char *d, size_t n, + unsigned char *md); =head1 DESCRIPTION +Applications should use the higher level functions +L etc. instead of calling the hash +functions directly. + SHA-1 (Secure Hash Algorithm) is a cryptographic hash function with a 160 bit output. SHA1() computes the SHA-1 message digest of the B bytes at B and places it in B (which must have space for SHA_DIGEST_LENGTH == 20 bytes of output). If B is NULL, the digest -is placed in a static array. +is placed in a static array. Note: setting B to NULL is B. The following functions may be used if the message is not completely stored in memory: @@ -37,24 +66,29 @@ be hashed (B bytes at B). SHA1_Final() places the message digest in B, which must have space for SHA_DIGEST_LENGTH == 20 bytes of output, and erases the B. -Applications should use the higher level functions -L -etc. instead of calling the hash functions directly. +The SHA224, SHA256, SHA384 and SHA512 families of functions operate in the +same way as for the SHA1 functions. Note that SHA224 and SHA256 use a +B object instead of B. SHA384 and SHA512 use B. +The buffer B must have space for the output from the SHA variant being used +(defined by SHA224_DIGEST_LENGTH, SHA256_DIGEST_LENGTH, SHA384_DIGEST_LENGTH and +SHA512_DIGEST_LENGTH). Also note that, as for the SHA1() function above, the +SHA224(), SHA256(), SHA384() and SHA512() functions are not thread safe if +B is NULL. The predecessor of SHA-1, SHA, is also implemented, but it should be used only when backward compatibility is required. =head1 RETURN VALUES -SHA1() returns a pointer to the hash value. +SHA1(), SHA224(), SHA256(), SHA384() and SHA512() return a pointer to the hash +value. -SHA1_Init(), SHA1_Update() and SHA1_Final() return 1 for success, 0 otherwise. +SHA1_Init(), SHA1_Update() and SHA1_Final() and equivalent SHA224, SHA256, +SHA384 and SHA512 functions return 1 for success, 0 otherwise. =head1 CONFORMING TO -SHA: US Federal Information Processing Standard FIPS PUB 180 (Secure Hash -Standard), -SHA-1: US Federal Information Processing Standard FIPS PUB 180-1 (Secure Hash +US Federal Information Processing Standard FIPS PUB 180-4 (Secure Hash Standard), ANSI X9.30 From matt at openssl.org Wed Feb 25 22:57:41 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 25 Feb 2015 23:57:41 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150225225741.387EC1DF124@butler.localdomain> The branch master has been updated via f7812493a0da6b740274135ce340ff7505027057 (commit) from 64d2733176ea9a91ed46968bcf86c86aaa96ec68 (commit) - Log ----------------------------------------------------------------- commit f7812493a0da6b740274135ce340ff7505027057 Author: Matt Caswell Date: Wed Feb 25 15:25:27 2015 +0000 Update the SHA* documentation Updates to include SHA224, SHA256, SHA384 and SHA512. In particular note the restriction on setting md to NULL with regards to thread safety. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: doc/crypto/sha.pod | 64 ++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 49 insertions(+), 15 deletions(-) diff --git a/doc/crypto/sha.pod b/doc/crypto/sha.pod index 4c1ab71..67a0461 100644 --- a/doc/crypto/sha.pod +++ b/doc/crypto/sha.pod @@ -2,29 +2,58 @@ =head1 NAME -SHA1, SHA1_Init, SHA1_Update, SHA1_Final - Secure Hash Algorithm +SHA1, SHA1_Init, SHA1_Update, SHA1_Final, SHA224, SHA224_Init, SHA224_Update, +SHA224_Final, SHA256, SHA256_Init, SHA256_Update, SHA256_Final, SHA384, +SHA384_Init, SHA384_Update, SHA384_Final, SHA512, SHA512_Init, SHA512_Update, +SHA512_Final - Secure Hash Algorithm =head1 SYNOPSIS #include - unsigned char *SHA1(const unsigned char *d, unsigned long n, - unsigned char *md); - int SHA1_Init(SHA_CTX *c); - int SHA1_Update(SHA_CTX *c, const void *data, - unsigned long len); + int SHA1_Update(SHA_CTX *c, const void *data, size_t len); int SHA1_Final(unsigned char *md, SHA_CTX *c); + unsigned char *SHA1(const unsigned char *d, size_t n, + unsigned char *md); + + int SHA224_Init(SHA256_CTX *c); + int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); + int SHA224_Final(unsigned char *md, SHA256_CTX *c); + unsigned char *SHA224(const unsigned char *d, size_t n, + unsigned char *md); + + int SHA256_Init(SHA256_CTX *c); + int SHA256_Update(SHA256_CTX *c, const void *data, size_t len); + int SHA256_Final(unsigned char *md, SHA256_CTX *c); + unsigned char *SHA256(const unsigned char *d, size_t n, + unsigned char *md); + + int SHA384_Init(SHA512_CTX *c); + int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); + int SHA384_Final(unsigned char *md, SHA512_CTX *c); + unsigned char *SHA384(const unsigned char *d, size_t n, + unsigned char *md); + + int SHA512_Init(SHA512_CTX *c); + int SHA512_Update(SHA512_CTX *c, const void *data, size_t len); + int SHA512_Final(unsigned char *md, SHA512_CTX *c); + unsigned char *SHA512(const unsigned char *d, size_t n, + unsigned char *md); =head1 DESCRIPTION +Applications should use the higher level functions +L etc. instead of calling the hash +functions directly. + SHA-1 (Secure Hash Algorithm) is a cryptographic hash function with a 160 bit output. SHA1() computes the SHA-1 message digest of the B bytes at B and places it in B (which must have space for SHA_DIGEST_LENGTH == 20 bytes of output). If B is NULL, the digest -is placed in a static array. +is placed in a static array. Note: setting B to NULL is B. The following functions may be used if the message is not completely stored in memory: @@ -37,24 +66,29 @@ be hashed (B bytes at B). SHA1_Final() places the message digest in B, which must have space for SHA_DIGEST_LENGTH == 20 bytes of output, and erases the B. -Applications should use the higher level functions -L -etc. instead of calling the hash functions directly. +The SHA224, SHA256, SHA384 and SHA512 families of functions operate in the +same way as for the SHA1 functions. Note that SHA224 and SHA256 use a +B object instead of B. SHA384 and SHA512 use B. +The buffer B must have space for the output from the SHA variant being used +(defined by SHA224_DIGEST_LENGTH, SHA256_DIGEST_LENGTH, SHA384_DIGEST_LENGTH and +SHA512_DIGEST_LENGTH). Also note that, as for the SHA1() function above, the +SHA224(), SHA256(), SHA384() and SHA512() functions are not thread safe if +B is NULL. The predecessor of SHA-1, SHA, is also implemented, but it should be used only when backward compatibility is required. =head1 RETURN VALUES -SHA1() returns a pointer to the hash value. +SHA1(), SHA224(), SHA256(), SHA384() and SHA512() return a pointer to the hash +value. -SHA1_Init(), SHA1_Update() and SHA1_Final() return 1 for success, 0 otherwise. +SHA1_Init(), SHA1_Update() and SHA1_Final() and equivalent SHA224, SHA256, +SHA384 and SHA512 functions return 1 for success, 0 otherwise. =head1 CONFORMING TO -SHA: US Federal Information Processing Standard FIPS PUB 180 (Secure Hash -Standard), -SHA-1: US Federal Information Processing Standard FIPS PUB 180-1 (Secure Hash +US Federal Information Processing Standard FIPS PUB 180-4 (Secure Hash Standard), ANSI X9.30 From levitte at openssl.org Thu Feb 26 14:12:18 2015 From: levitte at openssl.org (Richard Levitte) Date: Thu, 26 Feb 2015 15:12:18 +0100 (CET) Subject: [openssl-commits] [web] new-dev create Message-ID: <20150226141218.6B0661DF124@butler.localdomain> The branch new-dev has been created at d604356595ebdc2a2368a2cbcc857049afef7475 (commit) - Log ----------------------------------------------------------------- commit d604356595ebdc2a2368a2cbcc857049afef7475 Author: Richard Levitte Date: Thu Feb 26 15:11:28 2015 +0100 On the new development machine, the checkouts directory has moved. This is really not a biggie as there are symbolic links so /v/openssl still works. Unfortunately, newer pod2html picks this apart and is fiddly with the result, so better not involve any symlinks when running it. ----------------------------------------------------------------------- From levitte at openssl.org Thu Feb 26 14:12:36 2015 From: levitte at openssl.org (Richard Levitte) Date: Thu, 26 Feb 2015 15:12:36 +0100 (CET) Subject: [openssl-commits] [web] master update Message-ID: <20150226141236.7F7DA1DF124@butler.localdomain> The branch master has been updated via c6e4b80f3c965a3d1e8e4d36b8227b22358611bc (commit) from 955458532940646f6f124f4e2c9f02fe818835c6 (commit) - Log ----------------------------------------------------------------- commit c6e4b80f3c965a3d1e8e4d36b8227b22358611bc Author: Richard Levitte Date: Thu Feb 26 15:07:25 2015 +0100 -css should really be --css ----------------------------------------------------------------------- Summary of changes: run-pod2html.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run-pod2html.sh b/run-pod2html.sh index 8a1218d..b0e081e 100755 --- a/run-pod2html.sh +++ b/run-pod2html.sh @@ -11,7 +11,7 @@ for SUB in apps crypto ssl; do FN=`basename $IN .pod` cat $IN \ | sed -r 's/L<([^)]*)($[0-9]$)?\|([^)]*)($[0-9]$)?>/L<\1|\3>/g' \ - | pod2html --podroot=$SRC -css=/manpage.css --htmlroot=/docs --podpath=$SUB:apps:crypto:ssl \ + | pod2html --podroot=$SRC --css=/manpage.css --htmlroot=/docs --podpath=$SUB:apps:crypto:ssl \ | sed -r 's/ $DIR/$FN.html for L in `perl $HERE/getnames.pl $IN` ; do ln $DIR/$FN.html $DIR/$L.html || echo FAIL $DIR/$FN.html $DIR/$L.html From levitte at openssl.org Thu Feb 26 14:12:59 2015 From: levitte at openssl.org (Richard Levitte) Date: Thu, 26 Feb 2015 15:12:59 +0100 (CET) Subject: [openssl-commits] [web] new-dev update Message-ID: <20150226141259.EF6FF1DF124@butler.localdomain> The branch new-dev has been updated discards d604356595ebdc2a2368a2cbcc857049afef7475 (commit) via caabf8c252fd21c8bb8d366d68d14c83e94c37da (commit) via c6e4b80f3c965a3d1e8e4d36b8227b22358611bc (commit) This update added new revisions after undoing existing revisions. That is to say, the old revision is not a strict subset of the new revision. This situation occurs when you --force push a change and generate a repository containing something like this: * -- * -- B -- O -- O -- O (d604356595ebdc2a2368a2cbcc857049afef7475) \ N -- N -- N (caabf8c252fd21c8bb8d366d68d14c83e94c37da) When this happens we assume that you've already had alert emails for all of the O revisions, and so we here report only the revisions in the N branch from the common base, B. - Log ----------------------------------------------------------------- commit caabf8c252fd21c8bb8d366d68d14c83e94c37da Author: Richard Levitte Date: Thu Feb 26 15:11:28 2015 +0100 On the new development machine, the checkouts directory has moved. This is really not a biggie as there are symbolic links so /v/openssl still works. Unfortunately, newer pod2html picks this apart and is fiddly with the result, so better not involve any symlinks when running it. ----------------------------------------------------------------------- Summary of changes: run-pod2html.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run-pod2html.sh b/run-pod2html.sh index 8a1218d..b0e081e 100755 --- a/run-pod2html.sh +++ b/run-pod2html.sh @@ -11,7 +11,7 @@ for SUB in apps crypto ssl; do FN=`basename $IN .pod` cat $IN \ | sed -r 's/L<([^)]*)($[0-9]$)?\|([^)]*)($[0-9]$)?>/L<\1|\3>/g' \ - | pod2html --podroot=$SRC -css=/manpage.css --htmlroot=/docs --podpath=$SUB:apps:crypto:ssl \ + | pod2html --podroot=$SRC --css=/manpage.css --htmlroot=/docs --podpath=$SUB:apps:crypto:ssl \ | sed -r 's/ $DIR/$FN.html for L in `perl $HERE/getnames.pl $IN` ; do ln $DIR/$FN.html $DIR/$L.html || echo FAIL $DIR/$FN.html $DIR/$L.html From matt at openssl.org Thu Feb 26 23:23:39 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 27 Feb 2015 00:23:39 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150226232339.3065C1DF124@butler.localdomain> The branch master has been updated via 7a4dadc3a6a487db92619622b820eb4f7be512c9 (commit) from f7812493a0da6b740274135ce340ff7505027057 (commit) - Log ----------------------------------------------------------------- commit 7a4dadc3a6a487db92619622b820eb4f7be512c9 Author: Matt Caswell Date: Thu Feb 5 17:13:46 2015 +0000 Removed support for SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG. Also removed the "-hack" option from s_server that set this option. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: apps/s_server.c | 47 --------------------------------------- doc/apps/s_server.pod | 6 ----- doc/ssl/SSL_CTX_set_options.pod | 3 --- ssl/s3_srvr.c | 25 +-------------------- ssl/ssl.h | 3 ++- 5 files changed, 3 insertions(+), 81 deletions(-) diff --git a/apps/s_server.c b/apps/s_server.c index 4311d6d..1792a3c 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -266,7 +266,6 @@ static int s_brief = 0; static char *keymatexportlabel = NULL; static int keymatexportlen = 20; -static int hack = 0; #ifndef OPENSSL_NO_ENGINE static char *engine_id = NULL; #endif @@ -423,7 +422,6 @@ static void s_server_init(void) s_msg = 0; s_quiet = 0; s_brief = 0; - hack = 0; # ifndef OPENSSL_NO_ENGINE engine_id = NULL; # endif @@ -554,8 +552,6 @@ static void sv_usage(void) "-no_resume_ephemeral - Disable caching and tickets if ephemeral (EC)DH is used\n"); BIO_printf(bio_err, " -bugs - Turn on SSL bug compatibility\n"); BIO_printf(bio_err, - " -hack - workaround for early Netscape code\n"); - BIO_printf(bio_err, " -www - Respond to a 'GET /' with a status page\n"); BIO_printf(bio_err, " -WWW - Respond to a 'GET / HTTP/1.0' with file ./\n"); @@ -1333,8 +1329,6 @@ int MAIN(int argc, char *argv[]) sdebug = 1; } else if (strcmp(*argv, "-security_debug_verbose") == 0) { sdebug = 2; - } else if (strcmp(*argv, "-hack") == 0) { - hack = 1; } else if (strcmp(*argv, "-state") == 0) { state = 1; } else if (strcmp(*argv, "-crlf") == 0) { @@ -1712,8 +1706,6 @@ int MAIN(int argc, char *argv[]) BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix); } SSL_CTX_set_quiet_shutdown(ctx, 1); - if (hack) - SSL_CTX_set_options(ctx, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG); if (exc) ssl_ctx_set_excert(ctx, exc); @@ -1777,8 +1769,6 @@ int MAIN(int argc, char *argv[]) BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix); } SSL_CTX_set_quiet_shutdown(ctx2, 1); - if (hack) - SSL_CTX_set_options(ctx2, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG); if (exc) ssl_ctx_set_excert(ctx2, exc); @@ -2729,43 +2719,6 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context) } for (;;) { - if (hack) { - i = SSL_accept(con); -#ifndef OPENSSL_NO_SRP - while (i <= 0 - && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) { - BIO_printf(bio_s_out, "LOOKUP during accept %s\n", - srp_callback_parm.login); - srp_callback_parm.user = - SRP_VBASE_get_by_user(srp_callback_parm.vb, - srp_callback_parm.login); - if (srp_callback_parm.user) - BIO_printf(bio_s_out, "LOOKUP done %s\n", - srp_callback_parm.user->info); - else - BIO_printf(bio_s_out, "LOOKUP not successful\n"); - i = SSL_accept(con); - } -#endif - switch (SSL_get_error(con, i)) { - case SSL_ERROR_NONE: - break; - case SSL_ERROR_WANT_WRITE: - case SSL_ERROR_WANT_READ: - case SSL_ERROR_WANT_X509_LOOKUP: - continue; - case SSL_ERROR_SYSCALL: - case SSL_ERROR_SSL: - case SSL_ERROR_ZERO_RETURN: - ret = 1; - goto err; - /* break; */ - } - - SSL_renegotiate(con); - SSL_write(con, NULL, 0); - } - i = BIO_gets(io, buf, bufsize - 1); if (i < 0) { /* error */ if (!BIO_should_retry(io)) { diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod index a442452..b2c2907 100644 --- a/doc/apps/s_server.pod +++ b/doc/apps/s_server.pod @@ -73,7 +73,6 @@ B B [B<-no_ecdhe>] [B<-bugs>] [B<-brief>] -[B<-hack>] [B<-www>] [B<-WWW>] [B<-HTTP>] @@ -294,11 +293,6 @@ option enables various workarounds. only provide a brief summary of connection parameters instead of the normal verbose output. -=item B<-hack> - -this option enables a further workaround for some some early Netscape -SSL code (?). - =item B<-cipher cipherlist> this allows the cipher list used by the server to be modified. When diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod index dc3d4f1..1078f09 100644 --- a/doc/ssl/SSL_CTX_set_options.pod +++ b/doc/ssl/SSL_CTX_set_options.pod @@ -170,9 +170,6 @@ will send its list of preferences to the client and the client chooses. ... -=item SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG - -... =item SSL_OP_NO_SSLv2 diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 8819fed..6adf4dc 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -148,7 +148,6 @@ * OTHERWISE. */ -#define REUSE_CIPHER_BUG #define NETSCAPE_HANG_BUG #include @@ -1384,29 +1383,7 @@ int ssl3_get_client_hello(SSL *s) s->tlsext_ticket_expected = 0; } else { /* Session-id reuse */ -#ifdef REUSE_CIPHER_BUG - STACK_OF(SSL_CIPHER) *sk; - SSL_CIPHER *nc = NULL; - SSL_CIPHER *ec = NULL; - - if (s->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG) { - sk = s->session->ciphers; - for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { - c = sk_SSL_CIPHER_value(sk, i); - if (c->algorithm_enc & SSL_eNULL) - nc = c; - if (SSL_C_IS_EXPORT(c)) - ec = c; - } - if (nc != NULL) - s->s3->tmp.new_cipher = nc; - else if (ec != NULL) - s->s3->tmp.new_cipher = ec; - else - s->s3->tmp.new_cipher = s->session->cipher; - } else -#endif - s->s3->tmp.new_cipher = s->session->cipher; + s->s3->tmp.new_cipher = s->session->cipher; } if (!SSL_USE_SIGALGS(s) || !(s->verify_mode & SSL_VERIFY_PEER)) { diff --git a/ssl/ssl.h b/ssl/ssl.h index 13fb053..160d37c 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -480,7 +480,8 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, /* Removed as of OpenSSL 1.1.0 */ # define SSL_OP_NETSCAPE_CA_DN_BUG 0x0 -# define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L +/* Removed as of OpenSSL 1.1.0 */ +# define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x0L /* * Make server add server-hello extension from early version of cryptopro * draft, when GOST ciphersuite is negotiated. Required for interoperability From matt at openssl.org Thu Feb 26 23:29:42 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 27 Feb 2015 00:29:42 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150226232942.428071DF124@butler.localdomain> The branch master has been updated via cf61ef75be301d41696b6b45ce992562058c350a (commit) from 7a4dadc3a6a487db92619622b820eb4f7be512c9 (commit) - Log ----------------------------------------------------------------- commit cf61ef75be301d41696b6b45ce992562058c350a Author: Matt Caswell Date: Wed Feb 25 23:28:24 2015 +0000 Remove NETSCAPE_HANG_BUG NETSCAPE_HANG_BUG is a workaround for a browser bug from many years ago (2000). It predates DTLS, so certainly has no place in d1_srvr.c. In s3_srvr.c it forces the ServerDone to appear in the same record as the CertificateRequest when doing client auth. BoringSSL have already made the same commit: 79ae85e4f777f94d91b7be19e8a62016cb55b3c5 Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: ssl/d1_srvr.c | 11 ----------- ssl/s3_srvr.c | 22 ---------------------- 2 files changed, 33 deletions(-) diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index c5a5924..bcf63e0 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -556,7 +556,6 @@ int dtls1_accept(SSL *s) ret = ssl3_send_certificate_request(s); if (ret <= 0) goto end; -#ifndef NETSCAPE_HANG_BUG s->state = SSL3_ST_SW_SRVR_DONE_A; # ifndef OPENSSL_NO_SCTP if (BIO_dgram_is_sctp(SSL_get_wbio(s))) { @@ -564,16 +563,6 @@ int dtls1_accept(SSL *s) s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK; } # endif -#else - s->state = SSL3_ST_SW_FLUSH; - s->s3->tmp.next_state = SSL3_ST_SR_CERT_A; -# ifndef OPENSSL_NO_SCTP - if (BIO_dgram_is_sctp(SSL_get_wbio(s))) { - s->d1->next_state = s->s3->tmp.next_state; - s->s3->tmp.next_state = DTLS1_SCTP_ST_SW_WRITE_SOCK; - } -# endif -#endif s->init_num = 0; } break; diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 6adf4dc..48dee10 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -148,7 +148,6 @@ * OTHERWISE. */ -#define NETSCAPE_HANG_BUG #include #include "ssl_locl.h" @@ -541,12 +540,7 @@ int ssl3_accept(SSL *s) ret = ssl3_send_certificate_request(s); if (ret <= 0) goto end; -#ifndef NETSCAPE_HANG_BUG s->state = SSL3_ST_SW_SRVR_DONE_A; -#else - s->state = SSL3_ST_SW_FLUSH; - s->s3->tmp.next_state = SSL3_ST_SR_CERT_A; -#endif s->init_num = 0; } break; @@ -2045,22 +2039,6 @@ int ssl3_send_certificate_request(SSL *s) ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_REQUEST, n); -#ifdef NETSCAPE_HANG_BUG - if (!SSL_IS_DTLS(s)) { - if (!BUF_MEM_grow_clean(buf, s->init_num + 4)) { - SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST, ERR_R_BUF_LIB); - goto err; - } - p = (unsigned char *)s->init_buf->data + s->init_num; - /* do the header */ - *(p++) = SSL3_MT_SERVER_DONE; - *(p++) = 0; - *(p++) = 0; - *(p++) = 0; - s->init_num += 4; - } -#endif - s->state = SSL3_ST_SW_CERT_REQ_B; } From matt at openssl.org Thu Feb 26 23:39:18 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 27 Feb 2015 00:39:18 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <20150226233919.057DE1DF124@butler.localdomain> The branch OpenSSL_1_0_1-stable has been updated via f3cc3da4478d00a45371ee3f10f39b4956a11270 (commit) from 1aff39de763469385952910b4eede431c5c34e61 (commit) - Log ----------------------------------------------------------------- commit f3cc3da4478d00a45371ee3f10f39b4956a11270 Author: Matt Caswell Date: Thu Feb 26 10:35:50 2015 +0000 Fix evp_extra_test.c with no-ec When OpenSSL is configured with no-ec, then the new evp_extra_test fails to pass. This change adds appropriate OPENSSL_NO_EC guards around the code. Reviewed-by: Tim Hudson (cherry picked from commit a988036259a4e119f6787b4c585f506226330120) ----------------------------------------------------------------------- Summary of changes: crypto/evp/evp_extra_test.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/crypto/evp/evp_extra_test.c b/crypto/evp/evp_extra_test.c index 9f8501c..21688b0 100644 --- a/crypto/evp/evp_extra_test.c +++ b/crypto/evp/evp_extra_test.c @@ -209,6 +209,7 @@ static const unsigned char kExampleRSAKeyPKCS8[] = { 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, }; +#ifndef OPENSSL_NO_EC /* * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey * structure. @@ -242,6 +243,7 @@ static const unsigned char kExampleBadECKeyDER[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 }; +#endif static EVP_PKEY *load_example_rsa_key(void) { @@ -393,6 +395,7 @@ static int test_d2i_AutoPrivateKey(const unsigned char *input, return ret; } +#ifndef OPENSSL_NO_EC /* Tests loading a bad key in PKCS8 format */ static int test_EVP_PKCS82PKEY(void) { @@ -427,6 +430,7 @@ static int test_EVP_PKCS82PKEY(void) return ret; } +#endif int main(void) { @@ -461,6 +465,7 @@ int main(void) return 1; } +#ifndef OPENSSL_NO_EC if (!test_d2i_AutoPrivateKey(kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC)) { fprintf(stderr, "d2i_AutoPrivateKey(kExampleECKeyDER) failed\n"); @@ -471,6 +476,7 @@ int main(void) fprintf(stderr, "test_EVP_PKCS82PKEY failed\n"); return 1; } +#endif EVP_cleanup(); CRYPTO_cleanup_all_ex_data(); From matt at openssl.org Thu Feb 26 23:39:31 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 27 Feb 2015 00:39:31 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150226233931.F394C1DF124@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via 8f51c206b31f71453ed7ad21c24d2a731f010cf4 (commit) from f2aff60f6f9eab0e24d3804e8aa641e74d1a235a (commit) - Log ----------------------------------------------------------------- commit 8f51c206b31f71453ed7ad21c24d2a731f010cf4 Author: Matt Caswell Date: Thu Feb 26 10:35:50 2015 +0000 Fix evp_extra_test.c with no-ec When OpenSSL is configured with no-ec, then the new evp_extra_test fails to pass. This change adds appropriate OPENSSL_NO_EC guards around the code. Reviewed-by: Tim Hudson (cherry picked from commit a988036259a4e119f6787b4c585f506226330120) ----------------------------------------------------------------------- Summary of changes: crypto/evp/evp_extra_test.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/crypto/evp/evp_extra_test.c b/crypto/evp/evp_extra_test.c index d9a4106..0f7b011 100644 --- a/crypto/evp/evp_extra_test.c +++ b/crypto/evp/evp_extra_test.c @@ -209,6 +209,7 @@ static const unsigned char kExampleRSAKeyPKCS8[] = { 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, }; +#ifndef OPENSSL_NO_EC /* * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey * structure. @@ -242,6 +243,7 @@ static const unsigned char kExampleBadECKeyDER[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 }; +#endif static EVP_PKEY *load_example_rsa_key(void) { @@ -393,6 +395,7 @@ static int test_d2i_AutoPrivateKey(const unsigned char *input, return ret; } +#ifndef OPENSSL_NO_EC /* Tests loading a bad key in PKCS8 format */ static int test_EVP_PKCS82PKEY(void) { @@ -427,6 +430,7 @@ static int test_EVP_PKCS82PKEY(void) return ret; } +#endif int main(void) { @@ -461,6 +465,7 @@ int main(void) return 1; } +#ifndef OPENSSL_NO_EC if (!test_d2i_AutoPrivateKey(kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC)) { fprintf(stderr, "d2i_AutoPrivateKey(kExampleECKeyDER) failed\n"); @@ -471,6 +476,7 @@ int main(void) fprintf(stderr, "test_EVP_PKCS82PKEY failed\n"); return 1; } +#endif EVP_cleanup(); CRYPTO_cleanup_all_ex_data(); From matt at openssl.org Thu Feb 26 23:39:38 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 27 Feb 2015 00:39:38 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150226233938.C7ACA1DF124@butler.localdomain> The branch master has been updated via a988036259a4e119f6787b4c585f506226330120 (commit) from cf61ef75be301d41696b6b45ce992562058c350a (commit) - Log ----------------------------------------------------------------- commit a988036259a4e119f6787b4c585f506226330120 Author: Matt Caswell Date: Thu Feb 26 10:35:50 2015 +0000 Fix evp_extra_test.c with no-ec When OpenSSL is configured with no-ec, then the new evp_extra_test fails to pass. This change adds appropriate OPENSSL_NO_EC guards around the code. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/evp/evp_extra_test.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/crypto/evp/evp_extra_test.c b/crypto/evp/evp_extra_test.c index d9a4106..0f7b011 100644 --- a/crypto/evp/evp_extra_test.c +++ b/crypto/evp/evp_extra_test.c @@ -209,6 +209,7 @@ static const unsigned char kExampleRSAKeyPKCS8[] = { 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, }; +#ifndef OPENSSL_NO_EC /* * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey * structure. @@ -242,6 +243,7 @@ static const unsigned char kExampleBadECKeyDER[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 }; +#endif static EVP_PKEY *load_example_rsa_key(void) { @@ -393,6 +395,7 @@ static int test_d2i_AutoPrivateKey(const unsigned char *input, return ret; } +#ifndef OPENSSL_NO_EC /* Tests loading a bad key in PKCS8 format */ static int test_EVP_PKCS82PKEY(void) { @@ -427,6 +430,7 @@ static int test_EVP_PKCS82PKEY(void) return ret; } +#endif int main(void) { @@ -461,6 +465,7 @@ int main(void) return 1; } +#ifndef OPENSSL_NO_EC if (!test_d2i_AutoPrivateKey(kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC)) { fprintf(stderr, "d2i_AutoPrivateKey(kExampleECKeyDER) failed\n"); @@ -471,6 +476,7 @@ int main(void) fprintf(stderr, "test_EVP_PKCS82PKEY failed\n"); return 1; } +#endif EVP_cleanup(); CRYPTO_cleanup_all_ex_data(); From steve at openssl.org Fri Feb 27 00:17:07 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Fri, 27 Feb 2015 01:17:07 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150227001707.A51311DF124@butler.localdomain> The branch master has been updated via 7a6c97924293757c572be01fb2ba3b181c7a4e9f (commit) from a988036259a4e119f6787b4c585f506226330120 (commit) - Log ----------------------------------------------------------------- commit 7a6c97924293757c572be01fb2ba3b181c7a4e9f Author: Dr. Stephen Henson Date: Thu Feb 26 18:54:12 2015 +0000 Add algorithm skip support. Add support for skipping disabled algorithms: if an attempt to load a public or private key results in an unknown algorithm error then any test using that key is automatically skipped. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/evp/evp_test.c | 71 ++++++++++++++++++++++++++++++++++++------------- 1 file changed, 53 insertions(+), 18 deletions(-) diff --git a/crypto/evp/evp_test.c b/crypto/evp/evp_test.c index fb8ac4f..7d15332 100644 --- a/crypto/evp/evp_test.c +++ b/crypto/evp/evp_test.c @@ -179,12 +179,16 @@ struct evp_test { int ntests; /* Error count */ int errors; + /* Number of tests skipped */ + int nskip; /* If output mismatch expected and got value */ unsigned char *out_got; unsigned char *out_expected; size_t out_len; /* test specific data */ void *data; + /* Current test should be skipped */ + int skip; }; struct key_list { @@ -285,6 +289,10 @@ static int setup_test(struct evp_test *t, const struct evp_test_method *tmeth) /* If we already have a test set up run it */ if (t->meth) { t->ntests++; + if (t->skip) { + t->nskip++; + return 1; + } t->err = NULL; if (t->meth->run_test(t) != 1) { fprintf(stderr, "%s test error line %d\n", @@ -309,13 +317,16 @@ static int setup_test(struct evp_test *t, const struct evp_test_method *tmeth) return 1; } -static EVP_PKEY *find_key(const char *name, struct key_list *lst) +static int find_key(EVP_PKEY **ppk, const char *name, struct key_list *lst) { for (; lst; lst = lst->next) { - if (!strcmp(lst->name, name)) - return lst->key; + if (!strcmp(lst->name, name)) { + if (ppk) + *ppk = lst->key; + return 1; + } } - return NULL; + return 0; } static void free_key_list(struct key_list *lst) @@ -330,10 +341,21 @@ static void free_key_list(struct key_list *lst) } } +static int check_unsupported() +{ + long err = ERR_peek_error(); + if (ERR_GET_LIB(err) == ERR_LIB_EVP + && ERR_GET_REASON(err) == EVP_R_UNSUPPORTED_ALGORITHM) { + ERR_clear_error(); + return 1; + } + return 0; +} + static int process_test(struct evp_test *t, char *buf, int verbose) { char *keyword, *value; - int rv = 0; + int rv = 0, add_key = 0; long save_pos; struct key_list **lst, *key; EVP_PKEY *pk = NULL; @@ -345,27 +367,29 @@ static int process_test(struct evp_test *t, char *buf, int verbose) if (!strcmp(keyword, "PrivateKey")) { save_pos = ftell(t->in); pk = PEM_read_PrivateKey(t->in, NULL, 0, NULL); - if (pk == NULL) { + if (pk == NULL && !check_unsupported()) { fprintf(stderr, "Error reading private key %s\n", value); ERR_print_errors_fp(stderr); return 0; } lst = &t->private; + add_key = 1; } if (!strcmp(keyword, "PublicKey")) { save_pos = ftell(t->in); pk = PEM_read_PUBKEY(t->in, NULL, 0, NULL); - if (pk == NULL) { + if (pk == NULL && !check_unsupported()) { fprintf(stderr, "Error reading public key %s\n", value); ERR_print_errors_fp(stderr); return 0; } lst = &t->public; + add_key = 1; } /* If we have a key add to list */ - if (pk) { + if (add_key) { char tmpbuf[80]; - if (find_key(value, *lst)) { + if (find_key(NULL, value, *lst)) { fprintf(stderr, "Duplicate key %s\n", value); return 0; } @@ -393,11 +417,14 @@ static int process_test(struct evp_test *t, char *buf, int verbose) if (!setup_test(t, tmeth)) return 0; t->start_line = t->line; + t->skip = 0; if (!tmeth->init(t, value)) { fprintf(stderr, "Unknown %s: %s\n", keyword, value); return 0; } return 1; + } else if (t->skip) { + return 1; } else if (!strcmp(keyword, "Result")) { if (t->expected_err) { fprintf(stderr, "Line %d: multiple result lines\n", t->line); @@ -477,8 +504,8 @@ int main(int argc, char **argv) /* Run any final test we have */ if (!setup_test(&t, NULL)) exit(1); - fprintf(stderr, "%d tests completed with %d errors\n", - t.ntests, t.errors); + fprintf(stderr, "%d tests completed with %d errors, %d skipped\n", + t.ntests, t.errors, t.nskip); free_key_list(t.public); free_key_list(t.private); fclose(in); @@ -1037,20 +1064,28 @@ static int pkey_test_init(struct evp_test *t, const char *name, { struct pkey_data *kdata; EVP_PKEY *pkey = NULL; + int rv = 0; + if (use_public) + rv = find_key(&pkey, name, t->public); + if (!rv) + rv = find_key(&pkey, name, t->private); + if (!rv) + return 0; + if (!pkey) { + t->skip = 1; + return 1; + } + kdata = OPENSSL_malloc(sizeof(struct pkey_data)); - if (!kdata) + if (!kdata) { + EVP_PKEY_free(pkey); return 0; + } kdata->ctx = NULL; kdata->input = NULL; kdata->output = NULL; kdata->keyop = keyop; t->data = kdata; - if (use_public) - pkey = find_key(name, t->public); - if (!pkey) - pkey = find_key(name, t->private); - if (!pkey) - return 0; kdata->ctx = EVP_PKEY_CTX_new(pkey, NULL); if (!kdata->ctx) return 0; From matt at openssl.org Fri Feb 27 09:01:16 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 27 Feb 2015 10:01:16 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <20150227090116.9EBA61DF124@butler.localdomain> The branch OpenSSL_1_0_1-stable has been updated via 059907771b89549cbd07a81df1a5bdf51e062066 (commit) via ea65e92b22d34380c8caa49ac6bb10a55d8d7b0d (commit) from f3cc3da4478d00a45371ee3f10f39b4956a11270 (commit) - Log ----------------------------------------------------------------- commit 059907771b89549cbd07a81df1a5bdf51e062066 Author: Matt Caswell Date: Fri Feb 27 00:02:06 2015 +0000 Fix warning with no-ec This fixes another warning when config'd with no-ec Reviewed-by: Dr. Stephen Henson commit ea65e92b22d34380c8caa49ac6bb10a55d8d7b0d Author: Matt Caswell Date: Thu Feb 26 23:52:19 2015 +0000 Fix no-ec warning This is a partial back port of commit 5b430cfc to remove a warning when compiling with no-ec. Reviewed-by: Dr. Stephen Henson ----------------------------------------------------------------------- Summary of changes: apps/s_server.c | 10 ++++++++-- ssl/ssl_lib.c | 13 ++++++++++--- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/apps/s_server.c b/apps/s_server.c index 70ee5c3..f472126 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -992,7 +992,10 @@ int MAIN(int argc, char *argv[]) int badop = 0, bugs = 0; int ret = 1; int off = 0; - int no_tmp_rsa = 0, no_dhe = 0, no_ecdhe = 0, nocert = 0; + int no_tmp_rsa = 0, no_dhe = 0, nocert = 0; +#ifndef OPENSSL_NO_ECDH + int no_ecdhe; +#endif int state = 0; const SSL_METHOD *meth = NULL; int socket_type = SOCK_STREAM; @@ -1207,9 +1210,12 @@ int MAIN(int argc, char *argv[]) no_tmp_rsa = 1; } else if (strcmp(*argv, "-no_dhe") == 0) { no_dhe = 1; - } else if (strcmp(*argv, "-no_ecdhe") == 0) { + } +#ifndef OPENSSL_NO_ECDH + else if (strcmp(*argv, "-no_ecdhe") == 0) { no_ecdhe = 1; } +#endif #ifndef OPENSSL_NO_PSK else if (strcmp(*argv, "-psk_hint") == 0) { if (--argc < 1) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 18ec248..dead126 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2044,14 +2044,17 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) int rsa_enc_export, dh_rsa_export, dh_dsa_export; int rsa_tmp_export, dh_tmp_export, kl; unsigned long mask_k, mask_a, emask_k, emask_a; - int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size; +#ifndef OPENSSL_NO_ECDSA + int have_ecc_cert, ecdsa_ok, ecc_pkey_size; +#endif #ifndef OPENSSL_NO_ECDH - int have_ecdh_tmp; + int have_ecdh_tmp, ecdh_ok; #endif +#ifndef OPENSSL_NO_EC X509 *x = NULL; EVP_PKEY *ecc_pkey = NULL; int signature_nid = 0, pk_nid = 0, md_nid = 0; - +#endif if (c == NULL) return; @@ -2090,7 +2093,9 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) dh_dsa = (cpk->x509 != NULL && cpk->privatekey != NULL); dh_dsa_export = (dh_dsa && EVP_PKEY_size(cpk->privatekey) * 8 <= kl); cpk = &(c->pkeys[SSL_PKEY_ECC]); +#ifndef OPENSSL_NO_EC have_ecc_cert = (cpk->x509 != NULL && cpk->privatekey != NULL); +#endif mask_k = 0; mask_a = 0; emask_k = 0; @@ -2168,6 +2173,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) * An ECC certificate may be usable for ECDH and/or ECDSA cipher suites * depending on the key usage extension. */ +#ifndef OPENSSL_NO_EC if (have_ecc_cert) { /* This call populates extension flags (ex_flags) */ x = (c->pkeys[SSL_PKEY_ECC]).x509; @@ -2212,6 +2218,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) } #endif } +#endif #ifndef OPENSSL_NO_ECDH if (have_ecdh_tmp) { mask_k |= SSL_kEECDH; From steve at openssl.org Fri Feb 27 14:52:45 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Fri, 27 Feb 2015 15:52:45 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150227145245.919D21DF124@butler.localdomain> The branch master has been updated via 366448ec5e28df12d75e9e7f8908078573ef2585 (commit) via 2207ba7b449583631e939ee3f603287dd6d61307 (commit) via 578ce42d354b1b0411e9069883c23c7770a567be (commit) via 7406e3239663850d25005b3aee912a3cf8aa330e (commit) via 33a89fa66c9c30113f3129244392dc94ada72d57 (commit) via 35313768c77191a61bd6e34393d89e7b7cd78465 (commit) from 7a6c97924293757c572be01fb2ba3b181c7a4e9f (commit) - Log ----------------------------------------------------------------- commit 366448ec5e28df12d75e9e7f8908078573ef2585 Author: Dr. Stephen Henson Date: Fri Feb 27 02:50:41 2015 +0000 reformat evp_test.c Reviewed-by: Matt Caswell commit 2207ba7b449583631e939ee3f603287dd6d61307 Author: Dr. Stephen Henson Date: Fri Feb 27 00:49:47 2015 +0000 Add OCB support and test vectors for evp_test. Reviewed-by: Matt Caswell commit 578ce42d354b1b0411e9069883c23c7770a567be Author: Dr. Stephen Henson Date: Thu Feb 26 19:58:20 2015 +0000 Skip unsupported digests in evp_test Reviewed-by: Matt Caswell commit 7406e3239663850d25005b3aee912a3cf8aa330e Author: Dr. Stephen Henson Date: Thu Feb 26 19:46:03 2015 +0000 add MD4 test data Reviewed-by: Matt Caswell commit 33a89fa66c9c30113f3129244392dc94ada72d57 Author: Dr. Stephen Henson Date: Thu Feb 26 19:26:53 2015 +0000 Skip unsupported ciphers in evp_test. Reviewed-by: Matt Caswell commit 35313768c77191a61bd6e34393d89e7b7cd78465 Author: Dr. Stephen Henson Date: Thu Feb 26 19:23:38 2015 +0000 Make OpenSSL compile with no-rc4 Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: apps/dsa.c | 4 ++ apps/rsa.c | 5 +- crypto/evp/evp_test.c | 65 ++++++++++-------- crypto/evp/evptests.txt | 167 +++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 214 insertions(+), 27 deletions(-) diff --git a/apps/dsa.c b/apps/dsa.c index dedf8e1..7ff6ee9 100644 --- a/apps/dsa.c +++ b/apps/dsa.c @@ -113,7 +113,9 @@ int MAIN(int argc, char **argv) char *passin = NULL, *passout = NULL; int modulus = 0; +#ifndef OPENSSL_NO_RC4 int pvk_encr = 2; +#endif apps_startup(); @@ -168,12 +170,14 @@ int MAIN(int argc, char **argv) engine = *(++argv); } # endif +#ifndef OPENSSL_NO_RC4 else if (strcmp(*argv, "-pvk-strong") == 0) pvk_encr = 2; else if (strcmp(*argv, "-pvk-weak") == 0) pvk_encr = 1; else if (strcmp(*argv, "-pvk-none") == 0) pvk_encr = 0; +#endif else if (strcmp(*argv, "-noout") == 0) noout = 1; else if (strcmp(*argv, "-text") == 0) diff --git a/apps/rsa.c b/apps/rsa.c index e13c14f..419e504 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -115,8 +115,9 @@ int MAIN(int argc, char **argv) char *engine = NULL; # endif int modulus = 0; - +#ifndef OPENSSL_NO_RC4 int pvk_encr = 2; +#endif apps_startup(); @@ -178,12 +179,14 @@ int MAIN(int argc, char **argv) pubin = 2; else if (strcmp(*argv, "-RSAPublicKey_out") == 0) pubout = 2; +#ifndef OPENSSL_NO_RC4 else if (strcmp(*argv, "-pvk-strong") == 0) pvk_encr = 2; else if (strcmp(*argv, "-pvk-weak") == 0) pvk_encr = 1; else if (strcmp(*argv, "-pvk-none") == 0) pvk_encr = 0; +#endif else if (strcmp(*argv, "-noout") == 0) noout = 1; else if (strcmp(*argv, "-text") == 0) diff --git a/crypto/evp/evp_test.c b/crypto/evp/evp_test.c index 7d15332..cc7036a 100644 --- a/crypto/evp/evp_test.c +++ b/crypto/evp/evp_test.c @@ -290,6 +290,7 @@ static int setup_test(struct evp_test *t, const struct evp_test_method *tmeth) if (t->meth) { t->ntests++; if (t->skip) { + t->meth = tmeth; t->nskip++; return 1; } @@ -332,12 +333,12 @@ static int find_key(EVP_PKEY **ppk, const char *name, struct key_list *lst) static void free_key_list(struct key_list *lst) { while (lst != NULL) { - struct key_list *ltmp; + struct key_list *ltmp; EVP_PKEY_free(lst->key); OPENSSL_free(lst->name); - ltmp = lst->next; - OPENSSL_free(lst); - lst = ltmp; + ltmp = lst->next; + OPENSSL_free(lst); + lst = ltmp; } } @@ -345,7 +346,7 @@ static int check_unsupported() { long err = ERR_peek_error(); if (ERR_GET_LIB(err) == ERR_LIB_EVP - && ERR_GET_REASON(err) == EVP_R_UNSUPPORTED_ALGORITHM) { + && ERR_GET_REASON(err) == EVP_R_UNSUPPORTED_ALGORITHM) { ERR_clear_error(); return 1; } @@ -482,7 +483,7 @@ int main(int argc, char **argv) ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); - memset(&t,0,sizeof(t)); + memset(&t, 0, sizeof(t)); t.meth = NULL; t.public = NULL; t.private = NULL; @@ -543,8 +544,14 @@ static int digest_test_init(struct evp_test *t, const char *alg) const EVP_MD *digest; struct digest_data *mdat = t->data; digest = EVP_get_digestbyname(alg); - if (!digest) + if (!digest) { + /* If alg has an OID assume disabled algorithm */ + if (OBJ_sn2nid(alg) != NID_undef || OBJ_ln2nid(alg) != NID_undef) { + t->skip = 1; + return 1; + } return 0; + } mdat = OPENSSL_malloc(sizeof(struct digest_data)); mdat->digest = digest; mdat->input = NULL; @@ -616,7 +623,7 @@ static const struct evp_test_method digest_test_method = { struct cipher_data { const EVP_CIPHER *cipher; int enc; - /* Set to EVP_CIPH_GCM_MODE or EVP_CIPH_CCM_MODE if AEAD */ + /* EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE or EVP_CIPH_OCB_MODE if AEAD */ int aead; unsigned char *key; size_t key_len; @@ -638,8 +645,14 @@ static int cipher_test_init(struct evp_test *t, const char *alg) const EVP_CIPHER *cipher; struct cipher_data *cdat = t->data; cipher = EVP_get_cipherbyname(alg); - if (!cipher) + if (!cipher) { + /* If alg has an OID assume disabled algorithm */ + if (OBJ_sn2nid(alg) != NID_undef || OBJ_ln2nid(alg) != NID_undef) { + t->skip = 1; + return 1; + } return 0; + } cdat = OPENSSL_malloc(sizeof(struct cipher_data)); cdat->cipher = cipher; cdat->enc = -1; @@ -651,6 +664,7 @@ static int cipher_test_init(struct evp_test *t, const char *alg) cdat->tag = NULL; t->data = cdat; if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE + || EVP_CIPHER_mode(cipher) == EVP_CIPH_OCB_MODE || EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE) cdat->aead = EVP_CIPHER_mode(cipher); else @@ -733,12 +747,8 @@ static int cipher_test_enc(struct evp_test *t, int enc) goto err; err = "INVALID_IV_LENGTH"; if (cdat->iv) { - if (cdat->aead == EVP_CIPH_GCM_MODE) { - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, - cdat->iv_len, 0)) - goto err; - } else if (cdat->aead == EVP_CIPH_CCM_MODE) { - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, + if (cdat->aead) { + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, cdat->iv_len, 0)) goto err; } else if (cdat->iv_len != (size_t)EVP_CIPHER_CTX_iv_length(ctx)) @@ -747,22 +757,18 @@ static int cipher_test_enc(struct evp_test *t, int enc) if (cdat->aead) { unsigned char *tag; /* - * If encrypting just set tag length. If decrypting set - * tag length and value. + * If encrypting or OCB just set tag length initially, otherwise + * set tag length and value. */ - if (enc) { + if (enc || cdat->aead == EVP_CIPH_OCB_MODE) { err = "TAG_LENGTH_SET_ERROR"; tag = NULL; } else { err = "TAG_SET_ERROR"; tag = cdat->tag; } - if (cdat->aead == EVP_CIPH_GCM_MODE && tag) { - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, - cdat->tag_len, tag)) - goto err; - } else if (cdat->aead == EVP_CIPH_CCM_MODE) { - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, + if (tag || cdat->aead != EVP_CIPH_GCM_MODE) { + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, cdat->tag_len, tag)) goto err; } @@ -775,6 +781,14 @@ static int cipher_test_enc(struct evp_test *t, int enc) if (!EVP_CipherInit_ex(ctx, NULL, NULL, cdat->key, cdat->iv, -1)) goto err; + if (!enc && cdat->aead == EVP_CIPH_OCB_MODE) { + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, + cdat->tag_len, cdat->tag)) { + err = "TAG_SET_ERROR"; + goto err; + } + } + if (cdat->aead == EVP_CIPH_CCM_MODE) { if (!EVP_CipherUpdate(ctx, NULL, &tmplen, NULL, out_len)) { err = "CCM_PLAINTEXT_LENGTH_SET_ERROR"; @@ -810,8 +824,7 @@ static int cipher_test_enc(struct evp_test *t, int enc) err = "TAG_LENGTH_INTERNAL_ERROR"; goto err; } - /* EVP_CTRL_CCM_GET_TAG and EVP_CTRL_GCM_GET_TAG are equal. */ - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, cdat->tag_len, rtag)) { err = "TAG_RETRIEVE_ERROR"; goto err; diff --git a/crypto/evp/evptests.txt b/crypto/evp/evptests.txt index 58d9159..91fb7dc 100644 --- a/crypto/evp/evptests.txt +++ b/crypto/evp/evptests.txt @@ -37,6 +37,28 @@ Digest = MD5 Input = 3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930 Output = 57edf4a22be3c955ac49da2e2107b67a +# MD4 tests from md4test.c +Digest = MD4 +Input = "" +Output = 31d6cfe0d16ae931b73c59d7e0c089c0 +Digest = MD4 +Input = "a" +Output = bde52cb31de33e46245e05fbdbd6fb24 +Digest = MD4 +Input = "abc" +Output = a448017aaf21d8525fc10ae87aa6729d +Digest = MD4 +Input = "message digest" +Output = d9130a8164549fe818874806e1c7014b +Digest = MD4 +Input = "abcdefghijklmnopqrstuvwxyz" +Output = d79e1c308aa5bbcdeea8ed63df412da9 +Digest = MD4 +Input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" +Output = 043f8582f241db351ce627e153e7f0e4 +Digest = MD4 +Input = "12345678901234567890123456789012345678901234567890123456789012345678901234567890" +Output = e33b4ddc9c38f2199c3e7b164fcc0536 # AES 128 ECB tests (from FIPS-197 test vectors, encrypt) @@ -1630,6 +1652,151 @@ Tag = 3b629ccfbc1119b7319e1dce2cd6fd6d Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f Ciphertext = 6268c6fa2a80b2d137467f092f657ac04d89be2beaa623d61b5a868c8f03ff95d3dcee23ad2f1ab3a6c80eaf4b140eb05de3457f0fbc111a6b43d0763aa422a3013cf1dc37fe417d1fbfc449b75d4cc5 +#AES OCB Test vectors +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = +Tag = 197B9C3C441D3C83EAFB2BEF633B9182 +Plaintext = +Ciphertext = + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 0001020304050607 +Tag = 16DC76A46D47E1EAD537209E8A96D14E +Plaintext = 0001020304050607 +Ciphertext = 92B657130A74B85A + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 0001020304050607 +Tag = 98B91552C8C009185044E30A6EB2FE21 +Plaintext = +Ciphertext = + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = +Tag = 971EFFCAE19AD4716F88E87B871FBEED +Plaintext = 0001020304050607 +Ciphertext = 92B657130A74B85A + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F +Tag = 776C9924D6723A1FC4524532AC3E5BEB +Plaintext = 000102030405060708090A0B0C0D0E0F +Ciphertext = BEA5E8798DBE7110031C144DA0B26122 + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F +Tag = 7DDB8E6CEA6814866212509619B19CC6 +Plaintext = +Ciphertext = + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = +Tag = 13CC8B747807121A4CBB3E4BD6B456AF +Plaintext = 000102030405060708090A0B0C0D0E0F +Ciphertext = BEA5E8798DBE7110031C144DA0B26122 + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F1011121314151617 +Tag = 5FA94FC3F38820F1DC3F3D1FD4E55E1C +Plaintext = 000102030405060708090A0B0C0D0E0F1011121314151617 +Ciphertext = BEA5E8798DBE7110031C144DA0B26122FCFCEE7A2A8D4D48 + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F1011121314151617 +Tag = 282026DA3068BC9FA118681D559F10F6 +Plaintext = +Ciphertext = + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = +Tag = 6EF2F52587FDA0ED97DC7EEDE241DF68 +Plaintext = 000102030405060708090A0B0C0D0E0F1011121314151617 +Ciphertext = BEA5E8798DBE7110031C144DA0B26122FCFCEE7A2A8D4D48 + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Tag = B2A040DD3BD5164372D76D7BB6824240 +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Ciphertext = BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Tag = E1E072633BADE51A60E85951D9C42A1B +Plaintext = +Ciphertext = + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = +Tag = 4A3BAE824465CFDAF8C41FC50C7DF9D9 +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Ciphertext = BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Tag = 659C623211DEEA0DE30D2C381879F4C8 +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Ciphertext = BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB68C65778B058A635 + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Tag = 7AEB7A69A1687DD082CA27B0D9A37096 +Plaintext = +Ciphertext = + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = +Tag = 060C8467F4ABAB5E8B3C2067A2E115DC +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Ciphertext = BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A657149D53773463CB68C65778B058A635 + +#AES OCB Non standard test vectors - generated from reference implementation +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B +AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Tag = 1b6c44f34e3abb3cbf8976e7 +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Ciphertext = 09a4fd29de949d9a9aa9924248422097ad4883b4713e6c214ff6567ada08a96766fc4e2ee3e3a5a1 + +Cipher = aes-128-ocb +Key = 000102030405060708090A0B0C0D0E0F +IV = 000102030405060708090A0B0C0D0E +AAD = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Tag = 1ad62009901f40cba7cd7156f94a7324 +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627 +Ciphertext = 5e2fa7367ffbdb3938845cfd415fcc71ec79634eb31451609d27505f5e2978f43c44213d8fa441ee # AES XTS test vectors from IEEE Std 1619-2007 Cipher = aes-128-xts From matt at openssl.org Fri Feb 27 15:30:43 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 27 Feb 2015 16:30:43 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <20150227153043.781071DF124@butler.localdomain> The branch OpenSSL_1_0_1-stable has been updated via d58a852fbd3c7ae2d71949c090a474235b69d693 (commit) via 323a7e76e61d977ff9f00a8cff396033a6dc37d2 (commit) from 059907771b89549cbd07a81df1a5bdf51e062066 (commit) - Log ----------------------------------------------------------------- commit d58a852fbd3c7ae2d71949c090a474235b69d693 Author: Matt Caswell Date: Thu Feb 26 11:54:58 2015 +0000 Fixed missing return value checks. Added various missing return value checks in tls1_change_cipher_state. Reviewed-by: Richard Levitte Conflicts: ssl/t1_enc.c commit 323a7e76e61d977ff9f00a8cff396033a6dc37d2 Author: Matt Caswell Date: Thu Feb 26 11:53:55 2015 +0000 Fix missing return value checks. Fixed various missing return value checks in ssl3_send_newsession_ticket. Also a mem leak on error. Reviewed-by: Richard Levitte Conflicts: ssl/s3_srvr.c Conflicts: ssl/s3_srvr.c ----------------------------------------------------------------------- Summary of changes: ssl/s3_srvr.c | 78 +++++++++++++++++++++++++++++++++++---------------------- ssl/t1_enc.c | 25 ++++++++++++------ 2 files changed, 65 insertions(+), 38 deletions(-) diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index ef3964a..b8f91bc 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -3295,14 +3295,16 @@ int ssl3_send_server_certificate(SSL *s) /* send a new session ticket (not necessarily for a new session) */ int ssl3_send_newsession_ticket(SSL *s) { + unsigned char *senc = NULL; + EVP_CIPHER_CTX ctx; + HMAC_CTX hctx; + if (s->state == SSL3_ST_SW_SESSION_TICKET_A) { - unsigned char *p, *senc, *macstart; + unsigned char *p, *macstart; const unsigned char *const_p; int len, slen_full, slen; SSL_SESSION *sess; unsigned int hlen; - EVP_CIPHER_CTX ctx; - HMAC_CTX hctx; SSL_CTX *tctx = s->initial_ctx; unsigned char iv[EVP_MAX_IV_LENGTH]; unsigned char key_name[16]; @@ -3313,32 +3315,38 @@ int ssl3_send_newsession_ticket(SSL *s) * Some length values are 16 bits, so forget it if session is too * long */ - if (slen_full > 0xFF00) + if (slen_full == 0 || slen_full > 0xFF00) return -1; senc = OPENSSL_malloc(slen_full); if (!senc) return -1; + + EVP_CIPHER_CTX_init(&ctx); + HMAC_CTX_init(&hctx); + p = senc; - i2d_SSL_SESSION(s->session, &p); + if (!i2d_SSL_SESSION(s->session, &p)) + goto err; /* * create a fresh copy (not shared with other threads) to clean up */ const_p = senc; sess = d2i_SSL_SESSION(NULL, &const_p, slen_full); - if (sess == NULL) { - OPENSSL_free(senc); - return -1; - } + if (sess == NULL) + goto err; sess->session_id_length = 0; /* ID is irrelevant for the ticket */ slen = i2d_SSL_SESSION(sess, NULL); - if (slen > slen_full) { /* shouldn't ever happen */ - OPENSSL_free(senc); - return -1; + if (slen == 0 || slen > slen_full) { /* shouldn't ever happen */ + SSL_SESSION_free(sess); + goto err; } p = senc; - i2d_SSL_SESSION(sess, &p); + if (!i2d_SSL_SESSION(sess, &p)) { + SSL_SESSION_free(sess); + goto err; + } SSL_SESSION_free(sess); /*- @@ -3352,31 +3360,30 @@ int ssl3_send_newsession_ticket(SSL *s) if (!BUF_MEM_grow(s->init_buf, 26 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen)) - return -1; + goto err; p = (unsigned char *)s->init_buf->data; /* do the header */ *(p++) = SSL3_MT_NEWSESSION_TICKET; /* Skip message length for now */ p += 3; - EVP_CIPHER_CTX_init(&ctx); - HMAC_CTX_init(&hctx); /* * Initialize HMAC and cipher contexts. If callback present it does * all the work otherwise use generated values from parent ctx. */ if (tctx->tlsext_ticket_key_cb) { if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, - &hctx, 1) < 0) { - OPENSSL_free(senc); - return -1; - } + &hctx, 1) < 0) + goto err; } else { - RAND_pseudo_bytes(iv, 16); - EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, - tctx->tlsext_tick_aes_key, iv); - HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, - tlsext_tick_md(), NULL); + if (RAND_bytes(iv, 16) <= 0) + goto err; + if (!EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, + tctx->tlsext_tick_aes_key, iv)) + goto err; + if (!HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, + tlsext_tick_md(), NULL)) + goto err; memcpy(key_name, tctx->tlsext_tick_key_name, 16); } @@ -3397,14 +3404,19 @@ int ssl3_send_newsession_ticket(SSL *s) memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx)); p += EVP_CIPHER_CTX_iv_length(&ctx); /* Encrypt session data */ - EVP_EncryptUpdate(&ctx, p, &len, senc, slen); + if (!EVP_EncryptUpdate(&ctx, p, &len, senc, slen)) + goto err; p += len; - EVP_EncryptFinal(&ctx, p, &len); + if (!EVP_EncryptFinal(&ctx, p, &len)) + goto err; p += len; - EVP_CIPHER_CTX_cleanup(&ctx); - HMAC_Update(&hctx, macstart, p - macstart); - HMAC_Final(&hctx, p, &hlen); + if (!HMAC_Update(&hctx, macstart, p - macstart)) + goto err; + if (!HMAC_Final(&hctx, p, &hlen)) + goto err; + + EVP_CIPHER_CTX_cleanup(&ctx); HMAC_CTX_cleanup(&hctx); p += hlen; @@ -3425,6 +3437,12 @@ int ssl3_send_newsession_ticket(SSL *s) /* SSL3_ST_SW_SESSION_TICKET_B */ return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); + err: + if (senc) + OPENSSL_free(senc); + EVP_CIPHER_CTX_cleanup(&ctx); + HMAC_CTX_cleanup(&hctx); + return -1; } int ssl3_send_cert_status(SSL *s) diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 741dc0b..0d70116 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -551,15 +551,24 @@ int tls1_change_cipher_state(SSL *s, int which) #endif /* KSSL_DEBUG */ if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) { - EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE)); - EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, k, iv); - } else - EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE)); - + if (!EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE)) + || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, k, iv)) { + SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); + goto err2; + } + } else { + if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) { + SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); + goto err2; + } + } /* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */ - if ((EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size) - EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY, - *mac_secret_size, mac_secret); + if ((EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size + && !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY, + *mac_secret_size, mac_secret)) { + SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); + goto err2; + } #ifdef TLS_DEBUG printf("which = %04X\nkey=", which); From matt at openssl.org Fri Feb 27 15:31:05 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 27 Feb 2015 16:31:05 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150227153105.6DCF61DF124@butler.localdomain> The branch master has been updated via eadf70d2c885e3e4e943091eabfec1e73d4f3883 (commit) via 687eaf27a7e4bdfc58dd455e2566b915a7a25c20 (commit) from 366448ec5e28df12d75e9e7f8908078573ef2585 (commit) - Log ----------------------------------------------------------------- commit eadf70d2c885e3e4e943091eabfec1e73d4f3883 Author: Matt Caswell Date: Thu Feb 26 11:54:58 2015 +0000 Fixed missing return value checks. Added various missing return value checks in tls1_change_cipher_state. Reviewed-by: Richard Levitte commit 687eaf27a7e4bdfc58dd455e2566b915a7a25c20 Author: Matt Caswell Date: Thu Feb 26 11:53:55 2015 +0000 Fix missing return value checks. Fixed various missing return value checks in ssl3_send_newsession_ticket. Also a mem leak on error. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: ssl/s3_srvr.c | 79 +++++++++++++++++++++++++++++++++++---------------------- ssl/t1_enc.c | 26 ++++++++++++------- 2 files changed, 66 insertions(+), 39 deletions(-) diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 48dee10..39c1574 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -3256,14 +3256,16 @@ int ssl3_send_server_certificate(SSL *s) /* send a new session ticket (not necessarily for a new session) */ int ssl3_send_newsession_ticket(SSL *s) { + unsigned char *senc = NULL; + EVP_CIPHER_CTX ctx; + HMAC_CTX hctx; + if (s->state == SSL3_ST_SW_SESSION_TICKET_A) { - unsigned char *p, *senc, *macstart; + unsigned char *p, *macstart; const unsigned char *const_p; int len, slen_full, slen; SSL_SESSION *sess; unsigned int hlen; - EVP_CIPHER_CTX ctx; - HMAC_CTX hctx; SSL_CTX *tctx = s->initial_ctx; unsigned char iv[EVP_MAX_IV_LENGTH]; unsigned char key_name[16]; @@ -3274,32 +3276,38 @@ int ssl3_send_newsession_ticket(SSL *s) * Some length values are 16 bits, so forget it if session is too * long */ - if (slen_full > 0xFF00) + if (slen_full == 0 || slen_full > 0xFF00) return -1; senc = OPENSSL_malloc(slen_full); if (!senc) return -1; + + EVP_CIPHER_CTX_init(&ctx); + HMAC_CTX_init(&hctx); + p = senc; - i2d_SSL_SESSION(s->session, &p); + if (!i2d_SSL_SESSION(s->session, &p)) + goto err; /* * create a fresh copy (not shared with other threads) to clean up */ const_p = senc; sess = d2i_SSL_SESSION(NULL, &const_p, slen_full); - if (sess == NULL) { - OPENSSL_free(senc); - return -1; - } + if (sess == NULL) + goto err; sess->session_id_length = 0; /* ID is irrelevant for the ticket */ slen = i2d_SSL_SESSION(sess, NULL); - if (slen > slen_full) { /* shouldn't ever happen */ - OPENSSL_free(senc); - return -1; + if (slen == 0 || slen > slen_full) { /* shouldn't ever happen */ + SSL_SESSION_free(sess); + goto err; } p = senc; - i2d_SSL_SESSION(sess, &p); + if (!i2d_SSL_SESSION(sess, &p)) { + SSL_SESSION_free(sess); + goto err; + } SSL_SESSION_free(sess); /*- @@ -3313,26 +3321,26 @@ int ssl3_send_newsession_ticket(SSL *s) if (!BUF_MEM_grow(s->init_buf, SSL_HM_HEADER_LENGTH(s) + 22 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen)) - return -1; + goto err; + p = ssl_handshake_start(s); - EVP_CIPHER_CTX_init(&ctx); - HMAC_CTX_init(&hctx); /* * Initialize HMAC and cipher contexts. If callback present it does * all the work otherwise use generated values from parent ctx. */ if (tctx->tlsext_ticket_key_cb) { if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, - &hctx, 1) < 0) { - OPENSSL_free(senc); - return -1; - } + &hctx, 1) < 0) + goto err; } else { - RAND_pseudo_bytes(iv, 16); - EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, - tctx->tlsext_tick_aes_key, iv); - HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, - EVP_sha256(), NULL); + if (RAND_bytes(iv, 16) <= 0) + goto err; + if (!EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, + tctx->tlsext_tick_aes_key, iv)) + goto err; + if (!HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, + EVP_sha256(), NULL)) + goto err; memcpy(key_name, tctx->tlsext_tick_key_name, 16); } @@ -3353,14 +3361,19 @@ int ssl3_send_newsession_ticket(SSL *s) memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx)); p += EVP_CIPHER_CTX_iv_length(&ctx); /* Encrypt session data */ - EVP_EncryptUpdate(&ctx, p, &len, senc, slen); + if (!EVP_EncryptUpdate(&ctx, p, &len, senc, slen)) + goto err; p += len; - EVP_EncryptFinal(&ctx, p, &len); + if (!EVP_EncryptFinal(&ctx, p, &len)) + goto err; p += len; - EVP_CIPHER_CTX_cleanup(&ctx); - HMAC_Update(&hctx, macstart, p - macstart); - HMAC_Final(&hctx, p, &hlen); + if (!HMAC_Update(&hctx, macstart, p - macstart)) + goto err; + if (!HMAC_Final(&hctx, p, &hlen)) + goto err; + + EVP_CIPHER_CTX_cleanup(&ctx); HMAC_CTX_cleanup(&hctx); p += hlen; @@ -3377,6 +3390,12 @@ int ssl3_send_newsession_ticket(SSL *s) /* SSL3_ST_SW_SESSION_TICKET_B */ return ssl_do_write(s); + err: + if (senc) + OPENSSL_free(senc); + EVP_CIPHER_CTX_cleanup(&ctx); + HMAC_CTX_cleanup(&hctx); + return -1; } int ssl3_send_cert_status(SSL *s) diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 7333ba9..6fad8be 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -548,16 +548,24 @@ int tls1_change_cipher_state(SSL *s, int which) #endif /* KSSL_DEBUG */ if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) { - EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE)); - EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, k, iv); - } else - EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE)); - + if (!EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE)) + || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, k, iv)) { + SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); + goto err2; + } + } else { + if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) { + SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); + goto err2; + } + } /* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */ - if ((EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size) - EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY, - *mac_secret_size, mac_secret); - + if ((EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size + && !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY, + *mac_secret_size, mac_secret)) { + SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); + goto err2; + } #ifdef OPENSSL_SSL_TRACE_CRYPTO if (s->msg_callback) { int wh = which & SSL3_CC_WRITE ? TLS1_RT_CRYPTO_WRITE : 0; From matt at openssl.org Fri Feb 27 15:30:53 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 27 Feb 2015 16:30:53 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150227153053.EC1331DF124@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via 87cd297d149495eca0735ec5653c19acaf69286e (commit) via 195f6302bbeae064401d0cefbdc56b8f9db5d0e0 (commit) from 8f51c206b31f71453ed7ad21c24d2a731f010cf4 (commit) - Log ----------------------------------------------------------------- commit 87cd297d149495eca0735ec5653c19acaf69286e Author: Matt Caswell Date: Thu Feb 26 11:54:58 2015 +0000 Fixed missing return value checks. Added various missing return value checks in tls1_change_cipher_state. Reviewed-by: Richard Levitte commit 195f6302bbeae064401d0cefbdc56b8f9db5d0e0 Author: Matt Caswell Date: Thu Feb 26 11:53:55 2015 +0000 Fix missing return value checks. Fixed various missing return value checks in ssl3_send_newsession_ticket. Also a mem leak on error. Reviewed-by: Richard Levitte Conflicts: ssl/s3_srvr.c ----------------------------------------------------------------------- Summary of changes: ssl/s3_srvr.c | 79 +++++++++++++++++++++++++++++++++++---------------------- ssl/t1_enc.c | 26 ++++++++++++------- 2 files changed, 66 insertions(+), 39 deletions(-) diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 2c6fb28..9e6ab01 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -3260,14 +3260,16 @@ int ssl3_send_server_certificate(SSL *s) /* send a new session ticket (not necessarily for a new session) */ int ssl3_send_newsession_ticket(SSL *s) { + unsigned char *senc = NULL; + EVP_CIPHER_CTX ctx; + HMAC_CTX hctx; + if (s->state == SSL3_ST_SW_SESSION_TICKET_A) { - unsigned char *p, *senc, *macstart; + unsigned char *p, *macstart; const unsigned char *const_p; int len, slen_full, slen; SSL_SESSION *sess; unsigned int hlen; - EVP_CIPHER_CTX ctx; - HMAC_CTX hctx; SSL_CTX *tctx = s->initial_ctx; unsigned char iv[EVP_MAX_IV_LENGTH]; unsigned char key_name[16]; @@ -3278,32 +3280,38 @@ int ssl3_send_newsession_ticket(SSL *s) * Some length values are 16 bits, so forget it if session is too * long */ - if (slen_full > 0xFF00) + if (slen_full == 0 || slen_full > 0xFF00) return -1; senc = OPENSSL_malloc(slen_full); if (!senc) return -1; + + EVP_CIPHER_CTX_init(&ctx); + HMAC_CTX_init(&hctx); + p = senc; - i2d_SSL_SESSION(s->session, &p); + if (!i2d_SSL_SESSION(s->session, &p)) + goto err; /* * create a fresh copy (not shared with other threads) to clean up */ const_p = senc; sess = d2i_SSL_SESSION(NULL, &const_p, slen_full); - if (sess == NULL) { - OPENSSL_free(senc); - return -1; - } + if (sess == NULL) + goto err; sess->session_id_length = 0; /* ID is irrelevant for the ticket */ slen = i2d_SSL_SESSION(sess, NULL); - if (slen > slen_full) { /* shouldn't ever happen */ - OPENSSL_free(senc); - return -1; + if (slen == 0 || slen > slen_full) { /* shouldn't ever happen */ + SSL_SESSION_free(sess); + goto err; } p = senc; - i2d_SSL_SESSION(sess, &p); + if (!i2d_SSL_SESSION(sess, &p)) { + SSL_SESSION_free(sess); + goto err; + } SSL_SESSION_free(sess); /*- @@ -3317,26 +3325,26 @@ int ssl3_send_newsession_ticket(SSL *s) if (!BUF_MEM_grow(s->init_buf, SSL_HM_HEADER_LENGTH(s) + 22 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen)) - return -1; + goto err; + p = ssl_handshake_start(s); - EVP_CIPHER_CTX_init(&ctx); - HMAC_CTX_init(&hctx); /* * Initialize HMAC and cipher contexts. If callback present it does * all the work otherwise use generated values from parent ctx. */ if (tctx->tlsext_ticket_key_cb) { if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, - &hctx, 1) < 0) { - OPENSSL_free(senc); - return -1; - } + &hctx, 1) < 0) + goto err; } else { - RAND_pseudo_bytes(iv, 16); - EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, - tctx->tlsext_tick_aes_key, iv); - HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, - tlsext_tick_md(), NULL); + if (RAND_bytes(iv, 16) <= 0) + goto err; + if (!EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, + tctx->tlsext_tick_aes_key, iv)) + goto err; + if (!HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, + tlsext_tick_md(), NULL)) + goto err; memcpy(key_name, tctx->tlsext_tick_key_name, 16); } @@ -3357,14 +3365,19 @@ int ssl3_send_newsession_ticket(SSL *s) memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx)); p += EVP_CIPHER_CTX_iv_length(&ctx); /* Encrypt session data */ - EVP_EncryptUpdate(&ctx, p, &len, senc, slen); + if (!EVP_EncryptUpdate(&ctx, p, &len, senc, slen)) + goto err; p += len; - EVP_EncryptFinal(&ctx, p, &len); + if (!EVP_EncryptFinal(&ctx, p, &len)) + goto err; p += len; - EVP_CIPHER_CTX_cleanup(&ctx); - HMAC_Update(&hctx, macstart, p - macstart); - HMAC_Final(&hctx, p, &hlen); + if (!HMAC_Update(&hctx, macstart, p - macstart)) + goto err; + if (!HMAC_Final(&hctx, p, &hlen)) + goto err; + + EVP_CIPHER_CTX_cleanup(&ctx); HMAC_CTX_cleanup(&hctx); p += hlen; @@ -3381,6 +3394,12 @@ int ssl3_send_newsession_ticket(SSL *s) /* SSL3_ST_SW_SESSION_TICKET_B */ return ssl_do_write(s); + err: + if (senc) + OPENSSL_free(senc); + EVP_CIPHER_CTX_cleanup(&ctx); + HMAC_CTX_cleanup(&hctx); + return -1; } int ssl3_send_cert_status(SSL *s) diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index e1a3607..a563fe4 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -550,16 +550,24 @@ int tls1_change_cipher_state(SSL *s, int which) #endif /* KSSL_DEBUG */ if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) { - EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE)); - EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, k, iv); - } else - EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE)); - + if (!EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE)) + || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, k, iv)) { + SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); + goto err2; + } + } else { + if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) { + SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); + goto err2; + } + } /* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */ - if ((EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size) - EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY, - *mac_secret_size, mac_secret); - + if ((EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size + && !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY, + *mac_secret_size, mac_secret)) { + SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); + goto err2; + } #ifdef OPENSSL_SSL_TRACE_CRYPTO if (s->msg_callback) { int wh = which & SSL3_CC_WRITE ? TLS1_RT_CRYPTO_WRITE : 0; From matt at openssl.org Fri Feb 27 22:55:45 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 27 Feb 2015 23:55:45 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150227225545.860EB1DF124@butler.localdomain> The branch master has been updated via af674d4e20a82c2a98767b837072d7093c70b1cf (commit) from eadf70d2c885e3e4e943091eabfec1e73d4f3883 (commit) - Log ----------------------------------------------------------------- commit af674d4e20a82c2a98767b837072d7093c70b1cf Author: Matt Caswell Date: Fri Feb 27 16:52:07 2015 +0000 Fix d2i_SSL_SESSION for DTLS1_BAD_VER Some Cisco appliances use a pre-standard version number for DTLS. We support this as DTLS1_BAD_VER within the code. This change fixes d2i_SSL_SESSION for that DTLS version. Based on an original patch by David Woodhouse RT#3704 Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: ssl/dtls1.h | 1 + ssl/ssl_asn1.c | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/ssl/dtls1.h b/ssl/dtls1.h index ff406d8..542ae04 100644 --- a/ssl/dtls1.h +++ b/ssl/dtls1.h @@ -86,6 +86,7 @@ extern "C" { # define DTLS1_VERSION 0xFEFF # define DTLS1_2_VERSION 0xFEFD # define DTLS_MAX_VERSION DTLS1_2_VERSION +# define DTLS1_VERSION_MAJOR 0xFE # define DTLS1_BAD_VER 0x0100 diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index 63fe17f..dd02b41 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -410,7 +410,9 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, os.data = NULL; os.length = 0; M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING); - if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) { + if ((ssl_version >> 8) == SSL3_VERSION_MAJOR + || (ssl_version >> 8) == DTLS1_VERSION_MAJOR + || ssl_version == DTLS1_BAD_VER) { if (os.length != 2) { c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH; c.line = __LINE__; From matt at openssl.org Fri Feb 27 22:56:02 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 27 Feb 2015 23:56:02 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150227225602.3B8D31DF124@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via 6e20f556465f082dd4fdbd096a488e37528ddebf (commit) from 87cd297d149495eca0735ec5653c19acaf69286e (commit) - Log ----------------------------------------------------------------- commit 6e20f556465f082dd4fdbd096a488e37528ddebf Author: Matt Caswell Date: Fri Feb 27 16:52:07 2015 +0000 Fix d2i_SSL_SESSION for DTLS1_BAD_VER Some Cisco appliances use a pre-standard version number for DTLS. We support this as DTLS1_BAD_VER within the code. This change fixes d2i_SSL_SESSION for that DTLS version. Based on an original patch by David Woodhouse RT#3704 Reviewed-by: Tim Hudson Conflicts: ssl/ssl_asn1.c ----------------------------------------------------------------------- Summary of changes: ssl/dtls1.h | 1 + ssl/ssl_asn1.c | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/ssl/dtls1.h b/ssl/dtls1.h index 4af7e4a..30bbcf2 100644 --- a/ssl/dtls1.h +++ b/ssl/dtls1.h @@ -86,6 +86,7 @@ extern "C" { # define DTLS1_VERSION 0xFEFF # define DTLS1_2_VERSION 0xFEFD # define DTLS_MAX_VERSION DTLS1_2_VERSION +# define DTLS1_VERSION_MAJOR 0xFE # define DTLS1_BAD_VER 0x0100 diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index f8c265c..39d48ea 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -421,7 +421,9 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, id = 0x02000000L | ((unsigned long)os.data[0] << 16L) | ((unsigned long)os.data[1] << 8L) | (unsigned long)os.data[2]; - } else if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) { + } else if ((ssl_version >> 8) == SSL3_VERSION_MAJOR + || (ssl_version >> 8) == DTLS1_VERSION_MAJOR + || ssl_version == DTLS1_BAD_VER) { if (os.length != 2) { c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH; c.line = __LINE__; From matt at openssl.org Fri Feb 27 22:56:14 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 27 Feb 2015 23:56:14 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <20150227225614.488111DF124@butler.localdomain> The branch OpenSSL_1_0_1-stable has been updated via 5c921f14cb08044e40f03440c39c70d9fb321e92 (commit) from d58a852fbd3c7ae2d71949c090a474235b69d693 (commit) - Log ----------------------------------------------------------------- commit 5c921f14cb08044e40f03440c39c70d9fb321e92 Author: Matt Caswell Date: Fri Feb 27 16:52:07 2015 +0000 Fix d2i_SSL_SESSION for DTLS1_BAD_VER Some Cisco appliances use a pre-standard version number for DTLS. We support this as DTLS1_BAD_VER within the code. This change fixes d2i_SSL_SESSION for that DTLS version. Based on an original patch by David Woodhouse RT#3704 Reviewed-by: Tim Hudson Conflicts: ssl/ssl_asn1.c Conflicts: ssl/dtls1.h ----------------------------------------------------------------------- Summary of changes: ssl/dtls1.h | 1 + ssl/ssl_asn1.c | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/ssl/dtls1.h b/ssl/dtls1.h index 442167a..8deb299 100644 --- a/ssl/dtls1.h +++ b/ssl/dtls1.h @@ -85,6 +85,7 @@ extern "C" { # define DTLS1_VERSION 0xFEFF # define DTLS_MAX_VERSION DTLS1_VERSION +# define DTLS1_VERSION_MAJOR 0xFE # define DTLS1_BAD_VER 0x0100 diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index f8c265c..39d48ea 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -421,7 +421,9 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, id = 0x02000000L | ((unsigned long)os.data[0] << 16L) | ((unsigned long)os.data[1] << 8L) | (unsigned long)os.data[2]; - } else if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) { + } else if ((ssl_version >> 8) == SSL3_VERSION_MAJOR + || (ssl_version >> 8) == DTLS1_VERSION_MAJOR + || ssl_version == DTLS1_BAD_VER) { if (os.length != 2) { c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH; c.line = __LINE__; From levitte at openssl.org Sat Feb 28 22:25:40 2015 From: levitte at openssl.org (Richard Levitte) Date: Sat, 28 Feb 2015 23:25:40 +0100 (CET) Subject: [openssl-commits] [web] master update Message-ID: <20150228222542.7C4071DF124@butler.localdomain> The branch master has been updated via 57e533a64bb709e57ab1b08ec3acfb6947760b4a (commit) from c6e4b80f3c965a3d1e8e4d36b8227b22358611bc (commit) - Log ----------------------------------------------------------------- commit 57e533a64bb709e57ab1b08ec3acfb6947760b4a Author: Richard Levitte Date: Sat Feb 28 23:25:24 2015 +0100 It seems that pod2html in more modern perl releases don't do title. The pod2html that comes with perl 5.14 will extract the title from the NAME section of the .pod file. In perl 5.18, this is no longer the case, and pod2html has a new argument --title where this can be given manually. The solution here is to test the behavior of pod2html, and if it doesn't produce a title automatically, we extract it ourselves (simple sed does it) and provide the resulting string to pod2html. ----------------------------------------------------------------------- Summary of changes: run-pod2html.sh | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/run-pod2html.sh b/run-pod2html.sh index b0e081e..0f96a4f 100755 --- a/run-pod2html.sh +++ b/run-pod2html.sh @@ -3,15 +3,40 @@ SRC=$1 DEST=docs HERE=`/bin/pwd` +# Somewhere between perl version 5.15 and 5.18, pod2html stopped extracting the +# title from the pod file's NAME section. When that's the case, we need to do +# that work ourselves and give pod2html the extracted title with --title. --title +# isn't available in earlier perl verions, so we need to test the behaviour to +# decide how to act. +# +extract_title=false +pod2html_testtext="=cut + +=head1 NAME + +foo - bar + +=head1 SYNOPSIS +" +if echo "$pod2html_testtext" | pod2html | grep -q '^$'; then + extract_title=true +fi +# +# Test done. + for SUB in apps crypto ssl; do DIR=$DEST/$SUB rm -rf $DIR mkdir -p $DIR for IN in $SRC/$SUB/*.pod; do FN=`basename $IN .pod` + title_arg='' + if $extract_title; then + title_arg="--title=`cat $IN | sed -e '1,/^=head1 NAME/d' -e '/^=/,$d' -e '/^\s*$/d'`" + fi cat $IN \ | sed -r 's/L<([^)]*)($[0-9]$)?\|([^)]*)($[0-9]$)?>/L<\1|\3>/g' \ - | pod2html --podroot=$SRC --css=/manpage.css --htmlroot=/docs --podpath=$SUB:apps:crypto:ssl \ + | pod2html --podroot=$SRC --css=/manpage.css --htmlroot=/docs --podpath=$SUB:apps:crypto:ssl "$title_arg" \ | sed -r 's/ $DIR/$FN.html for L in `perl $HERE/getnames.pl $IN` ; do ln $DIR/$FN.html $DIR/$L.html || echo FAIL $DIR/$FN.html $DIR/$L.html From levitte at openssl.org Sat Feb 28 22:26:22 2015 From: levitte at openssl.org (Richard Levitte) Date: Sat, 28 Feb 2015 23:26:22 +0100 (CET) Subject: [openssl-commits] [web] new-dev update Message-ID: <20150228222622.5B6BC1DF124@butler.localdomain> The branch new-dev has been updated discards caabf8c252fd21c8bb8d366d68d14c83e94c37da (commit) via cb80695ce90a46785e07baab0cb7b04d468cd6a4 (commit) via c670a7df95a7a412c84ba0b3af432ccb3817bbec (commit) via 57e533a64bb709e57ab1b08ec3acfb6947760b4a (commit) This update added new revisions after undoing existing revisions. That is to say, the old revision is not a strict subset of the new revision. This situation occurs when you --force push a change and generate a repository containing something like this: * -- * -- B -- O -- O -- O (caabf8c252fd21c8bb8d366d68d14c83e94c37da) \ N -- N -- N (cb80695ce90a46785e07baab0cb7b04d468cd6a4) When this happens we assume that you've already had alert emails for all of the O revisions, and so we here report only the revisions in the N branch from the common base, B. - Log ----------------------------------------------------------------- commit cb80695ce90a46785e07baab0cb7b04d468cd6a4 Author: Richard Levitte Date: Sat Feb 28 23:13:56 2015 +0100 Everything we deal with here should be owned by openssl Time to demand that a caller of 'relupd' be openssl, and to avoid all the unnecessary sudo. commit c670a7df95a7a412c84ba0b3af432ccb3817bbec Author: Richard Levitte Date: Thu Feb 26 15:11:28 2015 +0100 On the new development machine, the checkouts directory has moved. This is really not a biggie as there are symbolic links so /v/openssl still works. Unfortunately, newer pod2html picks this apart and is fiddly with the result, so better not involve any symlinks when running it. ----------------------------------------------------------------------- Summary of changes: Makefile | 15 +++++++++------ run-pod2html.sh | 27 ++++++++++++++++++++++++++- 2 files changed, 35 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index 17d57cf..e2670e3 100644 --- a/Makefile +++ b/Makefile @@ -31,9 +31,12 @@ manpages: # Update release notes (and other items, but relnotes is the use-case) relupd: - id | grep -q root || { echo you must sudo ; exit 1; } - ( cd $(SNAP)/.. ; for dir in openssl* ; do \ - echo Updating $$dir ; cd $$dir ; sudo -u openssl git pull $(QUIET) ; cd .. ; \ - done ) - sudo -u www-data git pull $(QUIET) - sudo -u www-data $(MAKE) generated simple + if [ "`id -un`" != openssl; then \ + echo "**** you must do 'sudo -u openssl -H bash'"; \ + exit 1; \ + fi + cd $(SNAP)/.. ; for dir in openssl* ; do \ + echo Updating $$dir ; ( cd $$dir ; git pull $(QUIET) ) ; \ + done + git pull $(QUIET) + $(MAKE) generated simple diff --git a/run-pod2html.sh b/run-pod2html.sh index b0e081e..0f96a4f 100755 --- a/run-pod2html.sh +++ b/run-pod2html.sh @@ -3,15 +3,40 @@ SRC=$1 DEST=docs HERE=`/bin/pwd` +# Somewhere between perl version 5.15 and 5.18, pod2html stopped extracting the +# title from the pod file's NAME section. When that's the case, we need to do +# that work ourselves and give pod2html the extracted title with --title. --title +# isn't available in earlier perl verions, so we need to test the behaviour to +# decide how to act. +# +extract_title=false +pod2html_testtext="=cut + +=head1 NAME + +foo - bar + +=head1 SYNOPSIS +" +if echo "$pod2html_testtext" | pod2html | grep -q '^$'; then + extract_title=true +fi +# +# Test done. + for SUB in apps crypto ssl; do DIR=$DEST/$SUB rm -rf $DIR mkdir -p $DIR for IN in $SRC/$SUB/*.pod; do FN=`basename $IN .pod` + title_arg='' + if $extract_title; then + title_arg="--title=`cat $IN | sed -e '1,/^=head1 NAME/d' -e '/^=/,$d' -e '/^\s*$/d'`" + fi cat $IN \ | sed -r 's/L<([^)]*)($[0-9]$)?\|([^)]*)($[0-9]$)?>/L<\1|\3>/g' \ - | pod2html --podroot=$SRC --css=/manpage.css --htmlroot=/docs --podpath=$SUB:apps:crypto:ssl \ + | pod2html --podroot=$SRC --css=/manpage.css --htmlroot=/docs --podpath=$SUB:apps:crypto:ssl "$title_arg" \ | sed -r 's/ $DIR/$FN.html for L in `perl $HERE/getnames.pl $IN` ; do ln $DIR/$FN.html $DIR/$L.html || echo FAIL $DIR/$FN.html $DIR/$L.html