aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimon L. B. Nielsen <simon@FreeBSD.org>2008-09-21 14:56:30 +0000
committerSimon L. B. Nielsen <simon@FreeBSD.org>2008-09-21 14:56:30 +0000
commitbb1499d2aac1d25a95b8573ff425751f06f159e1 (patch)
treea136b5b2317abe8eb83b021afe5e088230fd67e2
parentee266f1253f9cc49430572463d26f72910dfb49e (diff)
downloadsrc-bb1499d2aac1d25a95b8573ff425751f06f159e1.tar.gz
src-bb1499d2aac1d25a95b8573ff425751f06f159e1.zip
Vendor import of OpenSSL 0.9.8i.vendor/openssl/0.9.8i
Notes
Notes: svn path=/vendor-crypto/openssl/dist/; revision=183234 svn path=/vendor-crypto/openssl/0.9.8i/; revision=193572; tag=vendor/openssl/0.9.8i
-rw-r--r--CHANGES385
-rw-r--r--ChangeLog.0_9_7-stable_not-in-head163
-rw-r--r--ChangeLog.0_9_7-stable_not-in-head_FIPS1494
-rwxr-xr-xConfigure156
-rw-r--r--FAQ85
-rw-r--r--INSTALL4
-rw-r--r--LICENSE2
-rw-r--r--Makefile8
-rw-r--r--Makefile.org4
-rw-r--r--Makefile.shared40
-rw-r--r--NEWS23
-rw-r--r--README19
-rw-r--r--apps/Makefile660
-rw-r--r--apps/apps.c2
-rw-r--r--apps/apps.h15
-rw-r--r--apps/ca.c9
-rw-r--r--apps/cms.c1347
-rw-r--r--apps/dgst.c25
-rw-r--r--apps/dsa.c42
-rw-r--r--apps/ec.c2
-rw-r--r--apps/gendsa.c8
-rw-r--r--apps/genrsa.c8
-rw-r--r--apps/ocsp.c214
-rw-r--r--apps/openssl.c18
-rw-r--r--apps/pkcs12.c21
-rw-r--r--apps/progs.h19
-rw-r--r--apps/progs.pl8
-rw-r--r--apps/rand.c2
-rw-r--r--apps/req.c3
-rw-r--r--apps/rsa.c4
-rw-r--r--apps/rsautl.c36
-rw-r--r--apps/s_apps.h3
-rw-r--r--apps/s_cb.c61
-rw-r--r--apps/s_client.c225
-rw-r--r--apps/s_server.c485
-rw-r--r--apps/smime.c7
-rw-r--r--apps/speed.c140
-rw-r--r--apps/x509.c11
-rw-r--r--certs/README.RootCerts4
-rw-r--r--certs/RegTP-5R.pem19
-rw-r--r--certs/RegTP-6R.pem19
-rw-r--r--certs/aol1.pem22
-rw-r--r--certs/aol2.pem33
-rw-r--r--certs/aoltw1.pem23
-rw-r--r--certs/aoltw2.pem34
-rw-r--r--certs/argena.pem39
-rw-r--r--certs/argeng.pem23
-rw-r--r--certs/demo/nortelCA.pem16
-rw-r--r--certs/demo/timCA.pem16
-rw-r--r--certs/demo/tjhCA.pem15
-rw-r--r--certs/demo/vsigntca.pem18
-rw-r--r--certs/eng1.pem23
-rw-r--r--certs/eng2.pem23
-rw-r--r--certs/eng3.pem34
-rw-r--r--certs/eng4.pem23
-rw-r--r--certs/eng5.pem23
-rw-r--r--certs/expired/ICE-CA.pem59
-rw-r--r--certs/expired/ICE-root.pem48
-rw-r--r--certs/expired/ICE-user.pem63
-rw-r--r--certs/expired/RegTP-4R.pem19
-rw-r--r--certs/expired/factory.pem15
-rw-r--r--certs/expired/rsa-cca.pem19
-rw-r--r--certs/expired/rsa-ssca.pem19
-rw-r--r--certs/expired/vsign2.pem18
-rw-r--r--certs/expired/vsign3.pem18
-rw-r--r--certs/thawteCb.pem19
-rw-r--r--certs/thawteCp.pem19
-rw-r--r--certs/vsign1.pem17
-rw-r--r--certs/vsign3.pem17
-rw-r--r--certs/vsignss.pem17
-rw-r--r--certs/wellsfgo.pem23
-rwxr-xr-xconfig19
-rw-r--r--crypto/aes/Makefile15
-rw-r--r--crypto/aes/aes.h6
-rw-r--r--crypto/aes/aes_ige.c206
-rw-r--r--crypto/aes/aes_wrap.c259
-rwxr-xr-xcrypto/aes/asm/aes-586.pl12
-rw-r--r--crypto/aes/asm/aes-ia64.S1819
-rwxr-xr-xcrypto/aes/asm/aes-x86_64.pl1578
-rw-r--r--crypto/asn1/Makefile31
-rw-r--r--crypto/asn1/a_object.c1
-rw-r--r--crypto/asn1/a_type.c26
-rw-r--r--crypto/asn1/asn1.h117
-rw-r--r--crypto/asn1/asn1_err.c19
-rw-r--r--crypto/asn1/asn1_lib.c8
-rw-r--r--crypto/asn1/asn1t.h7
-rw-r--r--crypto/asn1/asn_mime.c876
-rw-r--r--crypto/asn1/asn_moid.c2
-rw-r--r--crypto/asn1/t_req.c4
-rw-r--r--crypto/asn1/t_x509.c20
-rw-r--r--crypto/asn1/tasn_dec.c6
-rw-r--r--crypto/asn1/tasn_enc.c4
-rw-r--r--crypto/asn1/tasn_fre.c4
-rw-r--r--crypto/asn1/x_algor.c57
-rw-r--r--crypto/asn1/x_crl.c2
-rw-r--r--crypto/asn1/x_exten.c5
-rw-r--r--crypto/asn1/x_name.c40
-rw-r--r--crypto/bio/b_print.c4
-rw-r--r--crypto/bio/b_sock.c32
-rw-r--r--crypto/bio/bio.h17
-rw-r--r--crypto/bio/bss_dgram.c70
-rw-r--r--crypto/bio/bss_file.c8
-rw-r--r--crypto/bn/Makefile9
-rw-r--r--crypto/bn/asm/ia64.S35
-rwxr-xr-xcrypto/bn/asm/mo-586.pl603
-rwxr-xr-xcrypto/bn/asm/x86_64-mont.pl214
-rw-r--r--crypto/bn/bn.h25
-rw-r--r--crypto/bn/bn_blind.c12
-rw-r--r--crypto/bn/bn_div.c249
-rw-r--r--crypto/bn/bn_err.c4
-rw-r--r--crypto/bn/bn_exp.c20
-rw-r--r--crypto/bn/bn_gcd.c161
-rw-r--r--crypto/bn/bn_gf2m.c6
-rw-r--r--crypto/bn/bn_lcl.h1
-rw-r--r--crypto/bn/bn_lib.c2
-rw-r--r--crypto/bn/bn_mont.c321
-rw-r--r--crypto/bn/bn_mul.c15
-rw-r--r--crypto/bn/bn_nist.c653
-rw-r--r--crypto/bn/bn_prime.c4
-rw-r--r--crypto/bn/bn_prime.h4
-rw-r--r--crypto/bn/bn_prime.pl4
-rw-r--r--crypto/bn/bntest.c60
-rw-r--r--crypto/cms/Makefile183
-rw-r--r--crypto/cms/cms.h473
-rw-r--r--crypto/cms/cms_asn1.c346
-rw-r--r--crypto/cms/cms_att.c195
-rw-r--r--crypto/cms/cms_cd.c134
-rw-r--r--crypto/cms/cms_dd.c148
-rw-r--r--crypto/cms/cms_enc.c262
-rw-r--r--crypto/cms/cms_env.c825
-rw-r--r--crypto/cms/cms_err.c236
-rw-r--r--crypto/cms/cms_ess.c420
-rw-r--r--crypto/cms/cms_io.c140
-rw-r--r--crypto/cms/cms_lcl.h460
-rw-r--r--crypto/cms/cms_lib.c623
-rw-r--r--crypto/cms/cms_sd.c1014
-rw-r--r--crypto/cms/cms_smime.c808
-rw-r--r--crypto/comp/c_zlib.c391
-rw-r--r--crypto/comp/comp.h14
-rw-r--r--crypto/comp/comp_err.c9
-rw-r--r--crypto/conf/conf.h1
-rw-r--r--crypto/conf/conf_api.c2
-rw-r--r--crypto/conf/conf_mod.c11
-rw-r--r--crypto/conf/conf_sap.c4
-rw-r--r--crypto/cryptlib.c4
-rw-r--r--crypto/cryptlib.h1
-rw-r--r--crypto/crypto.h1
-rw-r--r--crypto/des/des.h3
-rw-r--r--crypto/des/des_old.c2
-rw-r--r--crypto/des/des_old.h3
-rw-r--r--crypto/des/set_key.c2
-rw-r--r--crypto/des/xcbc_enc.c4
-rw-r--r--crypto/dh/Makefile20
-rw-r--r--crypto/dh/dh_check.c2
-rw-r--r--crypto/dh/dh_key.c4
-rw-r--r--crypto/dsa/Makefile11
-rw-r--r--crypto/dsa/dsa_gen.c11
-rw-r--r--crypto/dsa/dsa_key.c2
-rw-r--r--crypto/dsa/dsa_ossl.c2
-rw-r--r--crypto/ec/ec.h1
-rw-r--r--crypto/ec/ec_err.c3
-rw-r--r--crypto/ec/ec_mult.c34
-rw-r--r--crypto/ec/ectest.c14
-rw-r--r--crypto/ecdh/Makefile32
-rw-r--r--crypto/ecdh/ecdhtest.c10
-rw-r--r--crypto/ecdsa/Makefile48
-rw-r--r--crypto/ecdsa/ecdsatest.c22
-rw-r--r--crypto/ecdsa/ecs_ossl.c25
-rw-r--r--crypto/engine/Makefile390
-rw-r--r--crypto/engine/eng_all.c3
-rw-r--r--crypto/engine/eng_cnf.c9
-rw-r--r--crypto/engine/eng_err.c3
-rw-r--r--crypto/engine/eng_int.h2
-rw-r--r--crypto/engine/eng_padlock.c5
-rw-r--r--crypto/engine/eng_pkey.c42
-rw-r--r--crypto/engine/eng_table.c12
-rw-r--r--crypto/engine/engine.h16
-rw-r--r--crypto/err/err.c2
-rw-r--r--crypto/err/err.h4
-rw-r--r--crypto/err/err_all.c6
-rw-r--r--crypto/err/openssl.ec2
-rw-r--r--crypto/evp/Makefile66
-rw-r--r--crypto/evp/c_allc.c9
-rw-r--r--crypto/evp/e_seed.c83
-rw-r--r--crypto/evp/evp.h11
-rw-r--r--crypto/evp/evp_enc.c13
-rw-r--r--crypto/evp/evp_locl.h2
-rw-r--r--crypto/evp/evp_test.c7
-rw-r--r--crypto/evp/evptests.txt9
-rw-r--r--crypto/ex_data.c2
-rw-r--r--crypto/hmac/hmac.c7
-rw-r--r--crypto/hmac/hmac.h1
-rw-r--r--crypto/md32_common.h373
-rw-r--r--crypto/md4/md4_dgst.c89
-rw-r--r--crypto/md4/md4_locl.h44
-rw-r--r--crypto/md4/md4test.c6
-rw-r--r--crypto/md5/Makefile18
-rw-r--r--crypto/md5/asm/md5-586.pl2
-rw-r--r--crypto/md5/asm/md5-sparcv9.S1031
-rwxr-xr-xcrypto/md5/asm/md5-x86_64.pl8
-rw-r--r--crypto/md5/md5_dgst.c106
-rw-r--r--crypto/md5/md5_locl.h54
-rw-r--r--crypto/md5/md5test.c6
-rw-r--r--crypto/mem_clr.c12
-rw-r--r--crypto/o_str.c4
-rw-r--r--crypto/objects/Makefile16
-rw-r--r--crypto/objects/obj_dat.c1
-rw-r--r--crypto/objects/obj_dat.h3020
-rw-r--r--crypto/objects/obj_mac.h359
-rw-r--r--crypto/objects/obj_mac.num85
-rw-r--r--crypto/objects/objects.txt131
-rw-r--r--crypto/ocsp/ocsp.h19
-rw-r--r--crypto/ocsp/ocsp_err.c3
-rw-r--r--crypto/ocsp/ocsp_ht.c468
-rw-r--r--crypto/opensslconf.h24
-rw-r--r--crypto/opensslv.h6
-rw-r--r--crypto/ossl_typ.h7
-rw-r--r--crypto/pem/pem.h64
-rw-r--r--crypto/pem/pem_info.c2
-rwxr-xr-xcrypto/perlasm/x86_64-xlate.pl80
-rw-r--r--crypto/perlasm/x86ms.pl30
-rw-r--r--crypto/perlasm/x86nasm.pl4
-rw-r--r--crypto/perlasm/x86unix.pl42
-rw-r--r--crypto/pkcs12/p12_crt.c26
-rw-r--r--crypto/pkcs7/pk7_mime.c55
-rw-r--r--crypto/pkcs7/pk7_smime.c2
-rw-r--r--crypto/pqueue/pq_compat.h2
-rw-r--r--crypto/rand/Makefile17
-rw-r--r--crypto/rand/rand_nw.c11
-rw-r--r--crypto/rand/randfile.c8
-rw-r--r--crypto/rc4/Makefile4
-rw-r--r--crypto/rc4/asm/rc4-586.pl4
-rw-r--r--crypto/rc4/asm/rc4-ia64.S5
-rwxr-xr-xcrypto/rc4/asm/rc4-x86_64.pl130
-rw-r--r--crypto/rc4/rc4_skey.c9
-rw-r--r--crypto/ripemd/asm/rmd-586.pl4
-rw-r--r--crypto/ripemd/rmd_dgst.c201
-rw-r--r--crypto/ripemd/rmd_locl.h16
-rw-r--r--crypto/ripemd/rmdtest.c6
-rw-r--r--crypto/rsa/Makefile13
-rw-r--r--crypto/rsa/rsa.h18
-rw-r--r--crypto/rsa/rsa_eay.c132
-rw-r--r--crypto/rsa/rsa_gen.c33
-rw-r--r--crypto/rsa/rsa_lib.c14
-rw-r--r--crypto/rsa/rsa_oaep.c23
-rw-r--r--crypto/rsa/rsa_ssl.c2
-rw-r--r--crypto/rsa/rsa_test.c28
-rw-r--r--crypto/seed/Makefile87
-rw-r--r--crypto/seed/seed.c286
-rw-r--r--crypto/seed/seed.h135
-rw-r--r--crypto/seed/seed_cbc.c129
-rw-r--r--crypto/seed/seed_cfb.c144
-rw-r--r--crypto/seed/seed_ecb.c60
-rw-r--r--crypto/seed/seed_locl.h116
-rw-r--r--crypto/seed/seed_ofb.c128
-rw-r--r--crypto/sha/Makefile5
-rw-r--r--crypto/sha/asm/sha1-586.pl433
-rw-r--r--crypto/sha/asm/sha1-ia64.pl346
-rwxr-xr-xcrypto/sha/asm/sha1-x86_64.pl242
-rwxr-xr-xcrypto/sha/asm/sha512-ia64.pl422
-rwxr-xr-xcrypto/sha/asm/sha512-x86_64.pl344
-rw-r--r--crypto/sha/sha1test.c6
-rw-r--r--crypto/sha/sha256.c81
-rw-r--r--crypto/sha/sha512.c103
-rw-r--r--crypto/sha/sha_locl.h278
-rw-r--r--crypto/sha/shatest.c6
-rw-r--r--crypto/stack/safestack.h274
-rw-r--r--crypto/store/str_lib.c2
-rw-r--r--crypto/symhacks.h17
-rw-r--r--crypto/x509/x509.h13
-rw-r--r--crypto/x509/x509_att.c43
-rw-r--r--crypto/x509/x509_txt.c2
-rw-r--r--crypto/x509/x509_vfy.c16
-rw-r--r--crypto/x509/x509_vpm.c2
-rw-r--r--crypto/x509v3/pcy_data.c8
-rw-r--r--crypto/x509v3/pcy_tree.c22
-rw-r--r--crypto/x509v3/v3_addr.c12
-rw-r--r--crypto/x509v3/v3_asid.c2
-rw-r--r--crypto/x509v3/v3_pci.c11
-rw-r--r--crypto/x509v3/v3_purp.c6
-rw-r--r--crypto/x509v3/v3_utl.c24
-rw-r--r--crypto/x509v3/x509v3.h5
-rw-r--r--crypto/x86_64cpuid.pl99
-rw-r--r--crypto/x86cpuid.pl32
-rw-r--r--demos/engines/cluster_labs/hw_cluster_labs_err.h4
-rw-r--r--demos/engines/ibmca/hw_ibmca_err.h4
-rw-r--r--demos/engines/zencod/hw_zencod_err.h4
-rw-r--r--doc/apps/ciphers.pod34
-rw-r--r--doc/apps/dgst.pod5
-rw-r--r--doc/apps/enc.pod8
-rw-r--r--doc/apps/ocsp.pod8
-rw-r--r--doc/apps/openssl.pod16
-rw-r--r--doc/apps/rsautl.pod2
-rw-r--r--doc/apps/s_client.pod31
-rw-r--r--doc/apps/s_server.pod21
-rw-r--r--doc/apps/verify.pod2
-rw-r--r--doc/c-indentation.el1
-rw-r--r--doc/crypto/ASN1_generate_nconf.pod35
-rw-r--r--doc/crypto/DH_set_method.pod2
-rw-r--r--doc/crypto/DSA_set_method.pod2
-rw-r--r--doc/crypto/OPENSSL_ia32cap.pod36
-rw-r--r--doc/crypto/RAND_bytes.pod3
-rw-r--r--doc/crypto/RAND_set_rand_method.pod2
-rw-r--r--doc/crypto/RSA_set_method.pod2
-rw-r--r--doc/crypto/X509_NAME_print_ex.pod4
-rw-r--r--doc/crypto/des_modes.pod2
-rw-r--r--doc/crypto/engine.pod6
-rw-r--r--doc/ssl/SSL_CTX_set_options.pod9
-rw-r--r--doc/ssl/SSL_read.pod6
-rw-r--r--doc/standards.txt9
-rw-r--r--e_os.h42
-rw-r--r--engines/Makefile115
-rw-r--r--engines/e_4758cca_err.h4
-rw-r--r--engines/e_aep.c5
-rw-r--r--engines/e_aep_err.h4
-rw-r--r--engines/e_atalla_err.h4
-rw-r--r--engines/e_capi.c1781
-rw-r--r--engines/e_capi.ec1
-rw-r--r--engines/e_capi_err.c183
-rw-r--r--engines/e_capi_err.h123
-rw-r--r--engines/e_chil_err.h4
-rw-r--r--engines/e_cswift_err.h4
-rw-r--r--engines/e_gmp.c87
-rw-r--r--engines/e_gmp_err.h4
-rw-r--r--engines/e_nuron_err.h4
-rw-r--r--engines/e_sureware_err.h4
-rw-r--r--engines/e_ubsec.c4
-rw-r--r--engines/e_ubsec_err.h4
-rw-r--r--openssl.spec2
-rw-r--r--ssl/Makefile1022
-rw-r--r--ssl/d1_both.c22
-rw-r--r--ssl/d1_clnt.c30
-rw-r--r--ssl/d1_lib.c20
-rw-r--r--ssl/d1_pkt.c117
-rw-r--r--ssl/d1_srvr.c49
-rw-r--r--ssl/dtls1.h7
-rw-r--r--ssl/kssl.c2
-rw-r--r--ssl/s23_clnt.c34
-rw-r--r--ssl/s23_srvr.c9
-rw-r--r--ssl/s2_clnt.c4
-rw-r--r--ssl/s2_srvr.c4
-rw-r--r--ssl/s3_clnt.c308
-rw-r--r--ssl/s3_enc.c4
-rw-r--r--ssl/s3_lib.c295
-rw-r--r--ssl/s3_pkt.c7
-rw-r--r--ssl/s3_srvr.c255
-rw-r--r--ssl/ssl.h130
-rw-r--r--ssl/ssl3.h10
-rw-r--r--ssl/ssl_algs.c5
-rw-r--r--ssl/ssl_asn1.c106
-rw-r--r--ssl/ssl_cert.c2
-rw-r--r--ssl/ssl_ciph.c33
-rw-r--r--ssl/ssl_err.c22
-rw-r--r--ssl/ssl_lib.c140
-rw-r--r--ssl/ssl_locl.h38
-rw-r--r--ssl/ssl_rsa.c2
-rw-r--r--ssl/ssl_sess.c126
-rw-r--r--ssl/ssl_stat.c4
-rw-r--r--ssl/ssl_txt.c15
-rw-r--r--ssl/ssltest.c41
-rw-r--r--ssl/t1_enc.c34
-rw-r--r--ssl/t1_lib.c759
-rw-r--r--ssl/tls1.h104
-rw-r--r--test/Makefile91
-rwxr-xr-xtest/cms-examples.pl409
-rwxr-xr-xtest/cms-test.pl453
-rw-r--r--test/evptests.txt9
-rw-r--r--test/igetest.c17
-rw-r--r--test/smcont.txt1
-rw-r--r--test/smime-certs/smdsa1.pem34
-rw-r--r--test/smime-certs/smdsa2.pem34
-rw-r--r--test/smime-certs/smdsa3.pem34
-rw-r--r--test/smime-certs/smdsap.pem9
-rw-r--r--test/smime-certs/smroot.pem30
-rw-r--r--test/smime-certs/smrsa1.pem31
-rw-r--r--test/smime-certs/smrsa2.pem31
-rw-r--r--test/smime-certs/smrsa3.pem31
-rwxr-xr-xutil/clean-depend.pl7
-rwxr-xr-xutil/libeay.num204
-rwxr-xr-xutil/mk1mf.pl79
-rwxr-xr-xutil/mkdef.pl32
-rw-r--r--util/mkerr.pl4
-rwxr-xr-xutil/mkfiles.pl2
-rwxr-xr-xutil/opensslwrap.sh4
-rw-r--r--util/pl/VC-32.pl42
-rw-r--r--util/pl/netware.pl375
-rwxr-xr-xutil/shlib_wrap.sh33
-rwxr-xr-xutil/ssleay.num4
388 files changed, 30385 insertions, 10727 deletions
diff --git a/CHANGES b/CHANGES
index c5a639f9891c..72cc168f6a59 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,13 +2,367 @@
OpenSSL CHANGES
_______________
- Changes between 0.9.8d and 0.9.8e [23 Feb 2007]
+ Changes between 0.9.8h and 0.9.8i [15 Sep 2008]
+
+ *) Fix a state transitition in s3_srvr.c and d1_srvr.c
+ (was using SSL3_ST_CW_CLNT_HELLO_B, should be ..._ST_SW_SRVR_...).
+ [Nagendra Modadugu]
+
+ *) The fix in 0.9.8c that supposedly got rid of unsafe
+ double-checked locking was incomplete for RSA blinding,
+ addressing just one layer of what turns out to have been
+ doubly unsafe triple-checked locking.
+
+ So now fix this for real by retiring the MONT_HELPER macro
+ in crypto/rsa/rsa_eay.c.
+
+ [Bodo Moeller; problem pointed out by Marius Schilder]
+
+ *) Various precautionary measures:
+
+ - Avoid size_t integer overflow in HASH_UPDATE (md32_common.h).
+
+ - Avoid a buffer overflow in d2i_SSL_SESSION() (ssl_asn1.c).
+ (NB: This would require knowledge of the secret session ticket key
+ to exploit, in which case you'd be SOL either way.)
+
+ - Change bn_nist.c so that it will properly handle input BIGNUMs
+ outside the expected range.
+
+ - Enforce the 'num' check in BN_div() (bn_div.c) for non-BN_DEBUG
+ builds.
+
+ [Neel Mehta, Bodo Moeller]
+
+ *) Add support for Local Machine Keyset attribute in PKCS#12 files.
+ [Steve Henson]
+
+ *) Fix BN_GF2m_mod_arr() top-bit cleanup code.
+ [Huang Ying]
+
+ *) Expand ENGINE to support engine supplied SSL client certificate functions.
+
+ This work was sponsored by Logica.
+ [Steve Henson]
+
+ *) Add CryptoAPI ENGINE to support use of RSA and DSA keys held in Windows
+ keystores. Support for SSL/TLS client authentication too.
+ Not compiled unless enable-capieng specified to Configure.
+
+ This work was sponsored by Logica.
+ [Steve Henson]
+
+ *) Allow engines to be "soft loaded" - i.e. optionally don't die if
+ the load fails. Useful for distros.
+ [Ben Laurie and the FreeBSD team]
+
+ Changes between 0.9.8g and 0.9.8h [28 May 2008]
+
+ *) Fix flaw if 'Server Key exchange message' is omitted from a TLS
+ handshake which could lead to a cilent crash as found using the
+ Codenomicon TLS test suite (CVE-2008-1672)
+ [Steve Henson, Mark Cox]
+
+ *) Fix double free in TLS server name extensions which could lead to
+ a remote crash found by Codenomicon TLS test suite (CVE-2008-0891)
+ [Joe Orton]
+
+ *) Clear error queue in SSL_CTX_use_certificate_chain_file()
+
+ Clear the error queue to ensure that error entries left from
+ older function calls do not interfere with the correct operation.
+ [Lutz Jaenicke, Erik de Castro Lopo]
+
+ *) Remove root CA certificates of commercial CAs:
+
+ The OpenSSL project does not recommend any specific CA and does not
+ have any policy with respect to including or excluding any CA.
+ Therefore it does not make any sense to ship an arbitrary selection
+ of root CA certificates with the OpenSSL software.
+ [Lutz Jaenicke]
+
+ *) RSA OAEP patches to fix two separate invalid memory reads.
+ The first one involves inputs when 'lzero' is greater than
+ 'SHA_DIGEST_LENGTH' (it would read about SHA_DIGEST_LENGTH bytes
+ before the beginning of from). The second one involves inputs where
+ the 'db' section contains nothing but zeroes (there is a one-byte
+ invalid read after the end of 'db').
+ [Ivan Nestlerode <inestlerode@us.ibm.com>]
+
+ *) Partial backport from 0.9.9-dev:
+
+ Introduce bn_mul_mont (dedicated Montgomery multiplication
+ procedure) as a candidate for BIGNUM assembler implementation.
+ While 0.9.9-dev uses assembler for various architectures, only
+ x86_64 is available by default here in the 0.9.8 branch, and
+ 32-bit x86 is available through a compile-time setting.
+
+ To try the 32-bit x86 assembler implementation, use Configure
+ option "enable-montasm" (which exists only for this backport).
+
+ As "enable-montasm" for 32-bit x86 disclaims code stability
+ anyway, in this constellation we activate additional code
+ backported from 0.9.9-dev for further performance improvements,
+ namely BN_from_montgomery_word. (To enable this otherwise,
+ e.g. x86_64, try "-DMONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD".)
+
+ [Andy Polyakov (backport partially by Bodo Moeller)]
+
+ *) Add TLS session ticket callback. This allows an application to set
+ TLS ticket cipher and HMAC keys rather than relying on hardcoded fixed
+ values. This is useful for key rollover for example where several key
+ sets may exist with different names.
+ [Steve Henson]
+
+ *) Reverse ENGINE-internal logic for caching default ENGINE handles.
+ This was broken until now in 0.9.8 releases, such that the only way
+ a registered ENGINE could be used (assuming it initialises
+ successfully on the host) was to explicitly set it as the default
+ for the relevant algorithms. This is in contradiction with 0.9.7
+ behaviour and the documentation. With this fix, when an ENGINE is
+ registered into a given algorithm's table of implementations, the
+ 'uptodate' flag is reset so that auto-discovery will be used next
+ time a new context for that algorithm attempts to select an
+ implementation.
+ [Ian Lister (tweaked by Geoff Thorpe)]
+
+ *) Backport of CMS code to OpenSSL 0.9.8. This differs from the 0.9.9
+ implemention in the following ways:
+
+ Lack of EVP_PKEY_ASN1_METHOD means algorithm parameters have to be
+ hard coded.
+
+ Lack of BER streaming support means one pass streaming processing is
+ only supported if data is detached: setting the streaming flag is
+ ignored for embedded content.
+
+ CMS support is disabled by default and must be explicitly enabled
+ with the enable-cms configuration option.
+ [Steve Henson]
+
+ *) Update the GMP engine glue to do direct copies between BIGNUM and
+ mpz_t when openssl and GMP use the same limb size. Otherwise the
+ existing "conversion via a text string export" trick is still used.
+ [Paul Sheer <paulsheer@gmail.com>]
+
+ *) Zlib compression BIO. This is a filter BIO which compressed and
+ uncompresses any data passed through it.
+ [Steve Henson]
+
+ *) Add AES_wrap_key() and AES_unwrap_key() functions to implement
+ RFC3394 compatible AES key wrapping.
+ [Steve Henson]
+
+ *) Add utility functions to handle ASN1 structures. ASN1_STRING_set0():
+ sets string data without copying. X509_ALGOR_set0() and
+ X509_ALGOR_get0(): set and retrieve X509_ALGOR (AlgorithmIdentifier)
+ data. Attribute function X509at_get0_data_by_OBJ(): retrieves data
+ from an X509_ATTRIBUTE structure optionally checking it occurs only
+ once. ASN1_TYPE_set1(): set and ASN1_TYPE structure copying supplied
+ data.
+ [Steve Henson]
+
+ *) Fix BN flag handling in RSA_eay_mod_exp() and BN_MONT_CTX_set()
+ to get the expected BN_FLG_CONSTTIME behavior.
+ [Bodo Moeller (Google)]
+
+ *) Netware support:
+
+ - fixed wrong usage of ioctlsocket() when build for LIBC BSD sockets
+ - fixed do_tests.pl to run the test suite with CLIB builds too (CLIB_OPT)
+ - added some more tests to do_tests.pl
+ - fixed RunningProcess usage so that it works with newer LIBC NDKs too
+ - removed usage of BN_LLONG for CLIB builds to avoid runtime dependency
+ - added new Configure targets netware-clib-bsdsock, netware-clib-gcc,
+ netware-clib-bsdsock-gcc, netware-libc-bsdsock-gcc
+ - various changes to netware.pl to enable gcc-cross builds on Win32
+ platform
+ - changed crypto/bio/b_sock.c to work with macro functions (CLIB BSD)
+ - various changes to fix missing prototype warnings
+ - fixed x86nasm.pl to create correct asm files for NASM COFF output
+ - added AES, WHIRLPOOL and CPUID assembler code to build files
+ - added missing AES assembler make rules to mk1mf.pl
+ - fixed order of includes in apps/ocsp.c so that e_os.h settings apply
+ [Guenter Knauf <eflash@gmx.net>]
+
+ *) Implement certificate status request TLS extension defined in RFC3546.
+ A client can set the appropriate parameters and receive the encoded
+ OCSP response via a callback. A server can query the supplied parameters
+ and set the encoded OCSP response in the callback. Add simplified examples
+ to s_client and s_server.
+ [Steve Henson]
+
+ Changes between 0.9.8f and 0.9.8g [19 Oct 2007]
+
+ *) Fix various bugs:
+ + Binary incompatibility of ssl_ctx_st structure
+ + DTLS interoperation with non-compliant servers
+ + Don't call get_session_cb() without proposed session
+ + Fix ia64 assembler code
+ [Andy Polyakov, Steve Henson]
+
+ Changes between 0.9.8e and 0.9.8f [11 Oct 2007]
+
+ *) DTLS Handshake overhaul. There were longstanding issues with
+ OpenSSL DTLS implementation, which were making it impossible for
+ RFC 4347 compliant client to communicate with OpenSSL server.
+ Unfortunately just fixing these incompatibilities would "cut off"
+ pre-0.9.8f clients. To allow for hassle free upgrade post-0.9.8e
+ server keeps tolerating non RFC compliant syntax. The opposite is
+ not true, 0.9.8f client can not communicate with earlier server.
+ This update even addresses CVE-2007-4995.
+ [Andy Polyakov]
+
+ *) Changes to avoid need for function casts in OpenSSL: some compilers
+ (gcc 4.2 and later) reject their use.
+ [Kurt Roeckx <kurt@roeckx.be>, Peter Hartley <pdh@utter.chaos.org.uk>,
+ Steve Henson]
+
+ *) Add RFC4507 support to OpenSSL. This includes the corrections in
+ RFC4507bis. The encrypted ticket format is an encrypted encoded
+ SSL_SESSION structure, that way new session features are automatically
+ supported.
+
+ If a client application caches session in an SSL_SESSION structure
+ support is transparent because tickets are now stored in the encoded
+ SSL_SESSION.
+
+ The SSL_CTX structure automatically generates keys for ticket
+ protection in servers so again support should be possible
+ with no application modification.
+
+ If a client or server wishes to disable RFC4507 support then the option
+ SSL_OP_NO_TICKET can be set.
+
+ Add a TLS extension debugging callback to allow the contents of any client
+ or server extensions to be examined.
+
+ This work was sponsored by Google.
+ [Steve Henson]
+
+ *) Add initial support for TLS extensions, specifically for the server_name
+ extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now
+ have new members for a host name. The SSL data structure has an
+ additional member SSL_CTX *initial_ctx so that new sessions can be
+ stored in that context to allow for session resumption, even after the
+ SSL has been switched to a new SSL_CTX in reaction to a client's
+ server_name extension.
+
+ New functions (subject to change):
+
+ SSL_get_servername()
+ SSL_get_servername_type()
+ SSL_set_SSL_CTX()
+
+ New CTRL codes and macros (subject to change):
+
+ SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
+ - SSL_CTX_set_tlsext_servername_callback()
+ SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG
+ - SSL_CTX_set_tlsext_servername_arg()
+ SSL_CTRL_SET_TLSEXT_HOSTNAME - SSL_set_tlsext_host_name()
+
+ openssl s_client has a new '-servername ...' option.
+
+ openssl s_server has new options '-servername_host ...', '-cert2 ...',
+ '-key2 ...', '-servername_fatal' (subject to change). This allows
+ testing the HostName extension for a specific single host name ('-cert'
+ and '-key' remain fallbacks for handshakes without HostName
+ negotiation). If the unrecogninzed_name alert has to be sent, this by
+ default is a warning; it becomes fatal with the '-servername_fatal'
+ option.
+
+ [Peter Sylvester, Remy Allais, Christophe Renou, Steve Henson]
+
+ *) Add AES and SSE2 assembly language support to VC++ build.
+ [Steve Henson]
+
+ *) Mitigate attack on final subtraction in Montgomery reduction.
+ [Andy Polyakov]
+
+ *) Fix crypto/ec/ec_mult.c to work properly with scalars of value 0
+ (which previously caused an internal error).
+ [Bodo Moeller]
+
+ *) Squeeze another 10% out of IGE mode when in != out.
+ [Ben Laurie]
+
+ *) AES IGE mode speedup.
+ [Dean Gaudet (Google)]
+
+ *) Add the Korean symmetric 128-bit cipher SEED (see
+ http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp) and
+ add SEED ciphersuites from RFC 4162:
+
+ TLS_RSA_WITH_SEED_CBC_SHA = "SEED-SHA"
+ TLS_DHE_DSS_WITH_SEED_CBC_SHA = "DHE-DSS-SEED-SHA"
+ TLS_DHE_RSA_WITH_SEED_CBC_SHA = "DHE-RSA-SEED-SHA"
+ TLS_DH_anon_WITH_SEED_CBC_SHA = "ADH-SEED-SHA"
+
+ To minimize changes between patchlevels in the OpenSSL 0.9.8
+ series, SEED remains excluded from compilation unless OpenSSL
+ is configured with 'enable-seed'.
+ [KISA, Bodo Moeller]
+
+ *) Mitigate branch prediction attacks, which can be practical if a
+ single processor is shared, allowing a spy process to extract
+ information. For detailed background information, see
+ http://eprint.iacr.org/2007/039 (O. Aciicmez, S. Gueron,
+ J.-P. Seifert, "New Branch Prediction Vulnerabilities in OpenSSL
+ and Necessary Software Countermeasures"). The core of the change
+ are new versions BN_div_no_branch() and
+ BN_mod_inverse_no_branch() of BN_div() and BN_mod_inverse(),
+ respectively, which are slower, but avoid the security-relevant
+ conditional branches. These are automatically called by BN_div()
+ and BN_mod_inverse() if the flag BN_FLG_CONSTTIME is set for one
+ of the input BIGNUMs. Also, BN_is_bit_set() has been changed to
+ remove a conditional branch.
+
+ BN_FLG_CONSTTIME is the new name for the previous
+ BN_FLG_EXP_CONSTTIME flag, since it now affects more than just
+ modular exponentiation. (Since OpenSSL 0.9.7h, setting this flag
+ in the exponent causes BN_mod_exp_mont() to use the alternative
+ implementation in BN_mod_exp_mont_consttime().) The old name
+ remains as a deprecated alias.
+
+ Similary, RSA_FLAG_NO_EXP_CONSTTIME is replaced by a more general
+ RSA_FLAG_NO_CONSTTIME flag since the RSA implementation now uses
+ constant-time implementations for more than just exponentiation.
+ Here too the old name is kept as a deprecated alias.
+
+ BN_BLINDING_new() will now use BN_dup() for the modulus so that
+ the BN_BLINDING structure gets an independent copy of the
+ modulus. This means that the previous "BIGNUM *m" argument to
+ BN_BLINDING_new() and to BN_BLINDING_create_param() now
+ essentially becomes "const BIGNUM *m", although we can't actually
+ change this in the header file before 0.9.9. It allows
+ RSA_setup_blinding() to use BN_with_flags() on the modulus to
+ enable BN_FLG_CONSTTIME.
+
+ [Matthew D Wood (Intel Corp)]
+
+ *) In the SSL/TLS server implementation, be strict about session ID
+ context matching (which matters if an application uses a single
+ external cache for different purposes). Previously,
+ out-of-context reuse was forbidden only if SSL_VERIFY_PEER was
+ set. This did ensure strict client verification, but meant that,
+ with applications using a single external cache for quite
+ different requirements, clients could circumvent ciphersuite
+ restrictions for a given session ID context by starting a session
+ in a different context.
+ [Bodo Moeller]
*) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that
a ciphersuite string such as "DEFAULT:RSA" cannot enable
authentication-only ciphersuites.
[Bodo Moeller]
+ *) Update the SSL_get_shared_ciphers() fix CVE-2006-3738 which was
+ not complete and could lead to a possible single byte overflow
+ (CVE-2007-5135) [Ben Laurie]
+
+ Changes between 0.9.8d and 0.9.8e [23 Feb 2007]
+
*) Since AES128 and AES256 (and similarly Camellia128 and
Camellia256) share a single mask bit in the logic of
ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a
@@ -1047,7 +1401,20 @@
differing sizes.
[Richard Levitte]
- Changes between 0.9.7l and 0.9.7m [xx XXX xxxx]
+ Changes between 0.9.7m and 0.9.7n [xx XXX xxxx]
+
+ *) In the SSL/TLS server implementation, be strict about session ID
+ context matching (which matters if an application uses a single
+ external cache for different purposes). Previously,
+ out-of-context reuse was forbidden only if SSL_VERIFY_PEER was
+ set. This did ensure strict client verification, but meant that,
+ with applications using a single external cache for quite
+ different requirements, clients could circumvent ciphersuite
+ restrictions for a given session ID context by starting a session
+ in a different context.
+ [Bodo Moeller]
+
+ Changes between 0.9.7l and 0.9.7m [23 Feb 2007]
*) Cleanse PEM buffers before freeing them since they may contain
sensitive data.
@@ -1063,6 +1430,20 @@
kludge to work properly if AES128 is available and AES256 isn't.
[Victor Duchovni]
+ *) Expand security boundary to match 1.1.1 module.
+ [Steve Henson]
+
+ *) Remove redundant features: hash file source, editing of test vectors
+ modify fipsld to use external fips_premain.c signature.
+ [Steve Henson]
+
+ *) New perl script mkfipsscr.pl to create shell scripts or batch files to
+ run algorithm test programs.
+ [Steve Henson]
+
+ *) Make algorithm test programs more tolerant of whitespace.
+ [Steve Henson]
+
*) Have SSL/TLS server implementation tolerate "mismatched" record
protocol version while receiving ClientHello even if the
ClientHello is fragmented. (The server can't insist on the
diff --git a/ChangeLog.0_9_7-stable_not-in-head b/ChangeLog.0_9_7-stable_not-in-head
deleted file mode 100644
index 1203a22158a8..000000000000
--- a/ChangeLog.0_9_7-stable_not-in-head
+++ /dev/null
@@ -1,163 +0,0 @@
-This file, together with ChangeLog.0_9_7-stable_not-in-head_FIPS,
-provides a collection of those CVS change log entries for the
-0.9.7 branch (OpenSSL_0_9_7-stable) that do not appear similarly in
-0.9.8-dev (CVS head).
-
-ChangeLog.0_9_7-stable_not-in-head_FIPS - "FIPS" related changes
-ChangeLog.0_9_7-stable_not-in-head - everything else
-
-Some obvious false positives have been eliminated: e.g., we do not
-care about a simple "make update"; and we don't care about changes
-identified to the 0.9.7 branch that were explicitly identified as
-backports from head.
-
-Eliminating all other entries (and finally this file and its
-compantion), either as false positives or as things that should go
-into 0.9.8, remains to be done. Any additional changes to 0.9.7 that
-are not immediately put into 0.9.8, but belong there as well, should
-be added to the end of this file.
-
-
-2002-11-04 17:33 levitte
-
- Changed:
- Configure (1.314.2.38), "Exp", lines: +4 -2
-
- Return my normal debug targets to something not so extreme, and
- make the extreme ones special (or 'extreme', if you will :-)).
-
-2002-12-16 19:17 appro
-
- Changed:
- crypto/bn/bn_lcl.h (1.23.2.3), "Exp", lines: +3 -0
- crypto/bn/bn_mul.c (1.28.2.4), "Exp", lines: +84 -445
-
- This is rollback to 0.9.6h bn_mul.c to address problem reported in
- RT#272.
-
-2003-07-27 15:46 ben
-
- Changed:
- crypto/aes/aes.h (1.1.2.5), "Exp", lines: +3 -0
- crypto/aes/aes_cfb.c (1.1.2.4), "Exp", lines: +57 -0
-
- Add untested CFB-r mode. Will be tested soon.
-
-2003-07-28 17:07 ben
-
- Changed:
- Makefile.org (1.154.2.69), "Exp", lines: +5 -1
- crypto/aes/aes.h (1.1.2.6), "Exp", lines: +3 -0
- crypto/aes/aes_cfb.c (1.1.2.5), "Exp", lines: +19 -0
- crypto/dsa/Makefile.ssl (1.49.2.6), "Exp", lines: +3 -2
- crypto/err/Makefile.ssl (1.48.2.4), "Exp", lines: +17 -16
- crypto/evp/e_aes.c (1.6.2.5), "Exp", lines: +8 -0
- crypto/evp/e_des.c (1.5.2.2), "Exp", lines: +1 -1
- crypto/evp/e_des3.c (1.8.2.3), "Exp", lines: +2 -2
- crypto/evp/evp.h (1.86.2.11), "Exp", lines: +28 -11
- crypto/evp/evp_locl.h (1.7.2.3), "Exp", lines: +2 -2
- crypto/objects/obj_dat.h (1.49.2.13), "Exp", lines: +10 -5
- crypto/objects/obj_mac.h (1.19.2.13), "Exp", lines: +5 -0
- crypto/objects/obj_mac.num (1.15.2.9), "Exp", lines: +1 -0
- crypto/objects/objects.txt (1.20.2.14), "Exp", lines: +4 -0
- fips/Makefile.ssl (1.1.2.3), "Exp", lines: +7 -0
- fips/aes/Makefile.ssl (1.1.2.2), "Exp", lines: +23 -1
- fips/aes/fips_aesavs.c (1.1.2.3), "Exp", lines: +9 -1
- test/Makefile.ssl (1.84.2.30), "Exp", lines: +101 -43
-
- Add support for partial CFB modes, make tests work, update
- dependencies.
-
-2003-07-29 12:56 ben
-
- Changed:
- crypto/aes/aes_cfb.c (1.1.2.6), "Exp", lines: +9 -6
- crypto/evp/c_allc.c (1.8.2.3), "Exp", lines: +1 -0
- crypto/evp/evp_test.c (1.14.2.11), "Exp", lines: +17 -8
- crypto/evp/evptests.txt (1.9.2.2), "Exp", lines: +48 -1
-
- Working CFB1 and test vectors.
-
-2003-07-29 15:24 ben
-
- Changed:
- crypto/evp/e_aes.c (1.6.2.6), "Exp", lines: +14 -0
- crypto/objects/obj_dat.h (1.49.2.14), "Exp", lines: +15 -5
- crypto/objects/obj_mac.h (1.19.2.14), "Exp", lines: +10 -0
- crypto/objects/obj_mac.num (1.15.2.10), "Exp", lines: +2 -0
- crypto/objects/objects.txt (1.20.2.15), "Exp", lines: +2 -0
- fips/aes/Makefile.ssl (1.1.2.3), "Exp", lines: +1 -1
- fips/aes/fips_aesavs.c (1.1.2.4), "Exp", lines: +34 -19
-
- The rest of the keysizes for CFB1, working AES AVS test for CFB1.
-
-2003-07-29 19:05 ben
-
- Changed:
- crypto/aes/aes.h (1.1.2.7), "Exp", lines: +3 -0
- crypto/aes/aes_cfb.c (1.1.2.7), "Exp", lines: +14 -0
- crypto/evp/c_allc.c (1.8.2.4), "Exp", lines: +1 -0
- crypto/evp/e_aes.c (1.6.2.7), "Exp", lines: +4 -9
- crypto/evp/evptests.txt (1.9.2.3), "Exp", lines: +48 -0
- crypto/objects/obj_dat.h (1.49.2.15), "Exp", lines: +20 -5
- crypto/objects/obj_mac.h (1.19.2.15), "Exp", lines: +15 -0
- crypto/objects/obj_mac.num (1.15.2.11), "Exp", lines: +3 -0
- crypto/objects/objects.txt (1.20.2.16), "Exp", lines: +3 -0
- fips/aes/fips_aesavs.c (1.1.2.7), "Exp", lines: +11 -0
-
- AES CFB8.
-
-2003-07-30 20:30 ben
-
- Changed:
- Makefile.org (1.154.2.70), "Exp", lines: +16 -5
- crypto/des/cfb_enc.c (1.7.2.1), "Exp", lines: +2 -1
- crypto/des/des_enc.c (1.11.2.2), "Exp", lines: +4 -0
- crypto/evp/e_aes.c (1.6.2.8), "Exp", lines: +7 -14
- crypto/evp/e_des.c (1.5.2.3), "Exp", lines: +37 -1
- crypto/evp/evp.h (1.86.2.12), "Exp", lines: +6 -0
- crypto/evp/evp_locl.h (1.7.2.4), "Exp", lines: +9 -0
- crypto/objects/obj_dat.h (1.49.2.16), "Exp", lines: +48 -23
- crypto/objects/obj_mac.h (1.19.2.16), "Exp", lines: +31 -6
- crypto/objects/obj_mac.num (1.15.2.12), "Exp", lines: +5 -0
- crypto/objects/objects.txt (1.20.2.17), "Exp", lines: +12 -6
- fips/Makefile.ssl (1.1.2.4), "Exp", lines: +8 -1
- fips/fips_make_sha1 (1.1.2.3), "Exp", lines: +3 -0
- fips/aes/Makefile.ssl (1.1.2.4), "Exp", lines: +1 -1
- fips/des/.cvsignore (1.1.2.1), "Exp", lines: +3 -0
- fips/des/Makefile.ssl (1.1.2.1), "Exp", lines: +96 -0
- fips/des/fingerprint.sha1 (1.1.2.1), "Exp", lines: +2 -0
- fips/des/fips_des_enc.c (1.1.2.1), "Exp", lines: +288 -0
- fips/des/fips_des_locl.h (1.1.2.1), "Exp", lines: +428 -0
- fips/des/fips_desmovs.c (1.1.2.1), "Exp", lines: +659 -0
-
- Whoops, forgot FIPS DES, also add EVPs for DES CFB1 and 8.
-
-2003-08-01 12:25 ben
-
- Changed:
- crypto/des/cfb_enc.c (1.7.2.2), "Exp", lines: +45 -36
- crypto/evp/c_allc.c (1.8.2.5), "Exp", lines: +2 -0
- crypto/evp/e_des.c (1.5.2.4), "Exp", lines: +8 -3
- crypto/evp/evptests.txt (1.9.2.4), "Exp", lines: +6 -0
-
- Fix DES CFB-r.
-
-2003-08-01 12:31 ben
-
- Changed:
- crypto/evp/evptests.txt (1.9.2.5), "Exp", lines: +4 -0
-
- DES CFB8 test.
-
-2005-04-19 16:21 appro
-
- Changed:
- Configure (1.314.2.117), "Exp", lines: +24 -21
- Makefile.org (1.154.2.100), "Exp", lines: +1 -11
- TABLE (1.99.2.52), "Exp", lines: +20 -20
- apps/Makefile (1.1.4.15), "Exp", lines: +1 -1
- test/Makefile (1.1.4.12), "Exp", lines: +1 -1
-
- Enable shared link on HP-UX.
-
diff --git a/ChangeLog.0_9_7-stable_not-in-head_FIPS b/ChangeLog.0_9_7-stable_not-in-head_FIPS
deleted file mode 100644
index 1e6c88f77abf..000000000000
--- a/ChangeLog.0_9_7-stable_not-in-head_FIPS
+++ /dev/null
@@ -1,1494 +0,0 @@
-See file ChangeLog.0_9_7-stable_not-in-head for explanations.
-This is the "FIPS"-related part.
-
-
-
-2003-07-27 19:00 ben
-
- Changed:
- Configure (1.314.2.85), "Exp", lines: +2 -0
- Makefile.org (1.154.2.67), "Exp", lines: +12 -3
- crypto/cryptlib.c (1.32.2.9), "Exp", lines: +5 -0
- crypto/md32_common.h (1.22.2.4), "Exp", lines: +11 -0
- crypto/aes/Makefile.ssl (1.4.2.6), "Exp", lines: +2 -1
- crypto/aes/aes_core.c (1.1.2.4), "Exp", lines: +4 -0
- crypto/des/des.h (1.40.2.4), "Exp", lines: +1 -1
- crypto/des/des_old.c (1.11.2.4), "Exp", lines: +1 -1
- crypto/des/destest.c (1.30.2.6), "Exp", lines: +2 -2
- crypto/des/ecb3_enc.c (1.8.2.1), "Exp", lines: +1 -3
- crypto/dsa/Makefile.ssl (1.49.2.5), "Exp", lines: +7 -4
- crypto/dsa/dsa_ossl.c (1.12.2.4), "Exp", lines: +2 -0
- crypto/dsa/dsa_sign.c (1.10.2.3), "Exp", lines: +12 -0
- crypto/dsa/dsa_vrf.c (1.10.2.3), "Exp", lines: +8 -0
- crypto/engine/engine.h (1.36.2.6), "Exp", lines: +4 -0
- crypto/err/err.h (1.35.2.3), "Exp", lines: +2 -0
- crypto/err/err_all.c (1.17.2.2), "Exp", lines: +4 -0
- crypto/err/openssl.ec (1.11.2.1), "Exp", lines: +1 -0
- crypto/evp/Makefile.ssl (1.64.2.8), "Exp", lines: +8 -7
- crypto/evp/c_all.c (1.7.8.7), "Exp", lines: +1 -0
- crypto/evp/e_aes.c (1.6.2.4), "Exp", lines: +12 -4
- crypto/evp/e_des3.c (1.8.2.2), "Exp", lines: +1 -1
- crypto/evp/evp.h (1.86.2.10), "Exp", lines: +2 -0
- crypto/evp/evp_err.c (1.23.2.1), "Exp", lines: +3 -1
- crypto/md4/Makefile.ssl (1.6.2.4), "Exp", lines: +7 -4
- crypto/md5/Makefile.ssl (1.33.2.7), "Exp", lines: +7 -4
- crypto/rand/Makefile.ssl (1.56.2.4), "Exp", lines: +17 -15
- crypto/rand/md_rand.c (1.69.2.2), "Exp", lines: +9 -0
- crypto/rand/rand.h (1.26.2.5), "Exp", lines: +2 -0
- crypto/rand/rand_err.c (1.6.2.1), "Exp", lines: +3 -1
- crypto/rand/rand_lib.c (1.15.2.2), "Exp", lines: +11 -0
- crypto/ripemd/Makefile.ssl (1.25.2.5), "Exp", lines: +7 -2
- crypto/sha/Makefile.ssl (1.26.2.5), "Exp", lines: +16 -6
- fips/.cvsignore (1.1.2.1), "Exp", lines: +1 -0
- fips/Makefile.ssl (1.1.2.1), "Exp", lines: +155 -0
- fips/fingerprint.sha1 (1.1.2.1), "Exp", lines: +3 -0
- fips/fips.c (1.1.2.1), "Exp", lines: +74 -0
- fips/fips.h (1.1.2.1), "Exp", lines: +85 -0
- fips/fips_check_sha1 (1.1.2.1), "Exp", lines: +7 -0
- fips/fips_err.c (1.1.2.1), "Exp", lines: +96 -0
- fips/fips_make_sha1 (1.1.2.1), "Exp", lines: +21 -0
- fips/lib (1.1.2.1), "Exp", lines: +0 -0
- fips/aes/.cvsignore (1.1.2.1), "Exp", lines: +4 -0
- fips/aes/Makefile.ssl (1.1.2.1), "Exp", lines: +95 -0
- fips/aes/fingerprint.sha1 (1.1.2.1), "Exp", lines: +2 -0
- fips/aes/fips_aes_core.c (1.1.2.1), "Exp", lines: +1260 -0
- fips/aes/fips_aes_locl.h (1.1.2.1), "Exp", lines: +85 -0
- fips/aes/fips_aesavs.c (1.1.2.1), "Exp", lines: +896 -0
- fips/dsa/.cvsignore (1.1.2.1), "Exp", lines: +2 -0
- fips/dsa/Makefile.ssl (1.1.2.1), "Exp", lines: +95 -0
- fips/dsa/fingerprint.sha1 (1.1.2.1), "Exp", lines: +1 -0
- fips/dsa/fips_dsa_ossl.c (1.1.2.1), "Exp", lines: +366 -0
- fips/dsa/fips_dsatest.c (1.1.2.1), "Exp", lines: +252 -0
- fips/rand/.cvsignore (1.1.2.1), "Exp", lines: +2 -0
- fips/rand/Makefile.ssl (1.1.2.1), "Exp", lines: +94 -0
- fips/rand/fingerprint.sha1 (1.1.2.1), "Exp", lines: +2 -0
- fips/rand/fips_rand.c (1.1.2.1), "Exp", lines: +236 -0
- fips/rand/fips_rand.h (1.1.2.1), "Exp", lines: +55 -0
- fips/rand/fips_randtest.c (1.1.2.1), "Exp", lines: +348 -0
- fips/sha1/.cvsignore (1.1.2.1), "Exp", lines: +3 -0
- fips/sha1/Makefile.ssl (1.1.2.1), "Exp", lines: +94 -0
- fips/sha1/fingerprint.sha1 (1.1.2.1), "Exp", lines: +3 -0
- fips/sha1/fips_md32_common.h (1.1.2.1), "Exp", lines: +637 -0
- fips/sha1/fips_sha1dgst.c (1.1.2.1), "Exp", lines: +76 -0
- fips/sha1/fips_sha1test.c (1.1.2.1), "Exp", lines: +128 -0
- fips/sha1/fips_sha_locl.h (1.1.2.1), "Exp", lines: +472 -0
- fips/sha1/fips_standalone_sha1.c (1.1.2.1), "Exp", lines: +101 -0
- fips/sha1/standalone.sha1 (1.1.2.1), "Exp", lines: +4 -0
- test/Makefile.ssl (1.84.2.29), "Exp", lines: +81 -13
- util/mkerr.pl (1.18.2.4), "Exp", lines: +2 -1
-
- Unfinished FIPS stuff for review/improvement.
-
-2003-07-27 19:19 ben
-
- Changed:
- fips/fips_check_sha1 (1.1.2.2), "Exp", lines: +1 -1
-
- Use unified diff.
-
-2003-07-27 19:23 ben
-
- Changed:
- fips/Makefile.ssl (1.1.2.2), "Exp", lines: +3 -3
- fips/fingerprint.sha1 (1.1.2.2), "Exp", lines: +2 -1
- fips/fips_make_sha1 (1.1.2.2), "Exp", lines: +1 -1
-
- Build in non-FIPS mode.
-
-2003-07-27 23:13 ben
-
- Changed:
- Makefile.org (1.154.2.68), "Exp", lines: +1 -1
- fips/fips_check_sha1 (1.1.2.3), "Exp", lines: +2 -1
- fips/aes/fips_aesavs.c (1.1.2.2), "Exp", lines: +2 -0
- fips/dsa/fips_dsa_ossl.c (1.1.2.2), "Exp", lines: +8 -0
- fips/dsa/fips_dsatest.c (1.1.2.2), "Exp", lines: +2 -1
- fips/sha1/fingerprint.sha1 (1.1.2.2), "Exp", lines: +1 -1
- fips/sha1/fips_sha1dgst.c (1.1.2.2), "Exp", lines: +5 -1
- fips/sha1/fips_standalone_sha1.c (1.1.2.2), "Exp", lines: +2 -0
- fips/sha1/standalone.sha1 (1.1.2.2), "Exp", lines: +1 -1
-
- Build when not FIPS.
-
-2003-07-28 11:56 ben
-
- Changed:
- fips/dsa/fingerprint.sha1 (1.1.2.2), "Exp", lines: +1 -1
- fips/sha1/standalone.sha1 (1.1.2.3), "Exp", lines: +1 -1
-
- New fingerprints.
-
-2003-07-29 16:06 ben
-
- Changed:
- fips/aes/fips_aesavs.c (1.1.2.5), "Exp", lines: +295 -303
-
- Reformat.
-
-2003-07-29 16:34 ben
-
- Changed:
- fips/aes/fips_aesavs.c (1.1.2.6), "Exp", lines: +43 -17
-
- MMT for CFB1
-
-2003-07-29 17:17 ben
-
- Changed:
- fips/fips_err_wrapper.c (1.1.2.1), "Exp", lines: +5 -0
- fips/sha1/sha1hashes.txt (1.1.2.1), "Exp", lines: +342 -0
- fips/sha1/sha1vectors.txt (1.1.2.1), "Exp", lines: +2293 -0
-
- Missing files.
-
-2003-07-31 23:30 levitte
-
- Changed:
- Makefile.org (1.154.2.71), "Exp", lines: +2 -0
-
- If FDIRS is to be treated like SDIRS, let's not forget to
- initialize it in Makefile.org.
-
-2003-07-31 23:41 levitte
-
- Changed:
- fips/sha1/fips_sha1test.c (1.1.2.2), "Exp", lines: +3 -3
-
- No C++ comments in C programs!
-
-2003-08-01 15:07 steve
-
- Changed:
- fips/aes/fips_aesavs.c (1.1.2.8), "Exp", lines: +3 -3
-
- Replace C++ style comments.
-
-2003-08-03 14:22 ben
-
- Changed:
- fips/des/fips_desmovs.c (1.1.2.2), "Exp", lines: +55 -37
-
- Make tests work (CFB1 still doesn't produce the right answers,
- strangely).
-
-2003-08-08 12:08 levitte
-
- Changed:
- fips/des/fips_des_enc.c (1.1.2.2), "Exp", lines: +9 -0
-
- Avoid clashing with the regular DES functions when not compiling
- with -DFIPS. This is basically only visible when building with
- shared library supoort...
-
-2003-08-11 11:36 levitte
-
- Deleted:
- fips/sha1/.cvsignore (1.1.2.2)
- fips/sha1/Makefile.ssl (1.1.2.3)
- fips/sha1/fingerprint.sha1 (1.1.2.3)
- fips/sha1/fips_md32_common.h (1.1.2.2)
- fips/sha1/fips_sha1dgst.c (1.1.2.3)
- fips/sha1/fips_sha1test.c (1.1.2.3)
- fips/sha1/fips_sha_locl.h (1.1.2.2)
- fips/sha1/fips_standalone_sha1.c (1.1.2.3)
- fips/sha1/sha1hashes.txt (1.1.2.2)
- fips/sha1/sha1vectors.txt (1.1.2.2)
- fips/sha1/standalone.sha1 (1.1.2.4)
- fips/dsa/.cvsignore (1.1.2.2)
- fips/dsa/Makefile.ssl (1.1.2.2)
- fips/dsa/fingerprint.sha1 (1.1.2.3)
- fips/dsa/fips_dsa_ossl.c (1.1.2.3)
- fips/dsa/fips_dsatest.c (1.1.2.3)
- fips/rand/.cvsignore (1.1.2.2)
- fips/rand/Makefile.ssl (1.1.2.2)
- fips/rand/fingerprint.sha1 (1.1.2.2)
- fips/rand/fips_rand.c (1.1.2.2)
- fips/rand/fips_rand.h (1.1.2.2)
- fips/rand/fips_randtest.c (1.1.2.2)
- fips/des/.cvsignore (1.1.2.2)
- fips/des/Makefile.ssl (1.1.2.3)
- fips/des/fingerprint.sha1 (1.1.2.2)
- fips/des/fips_des_enc.c (1.1.2.3)
- fips/des/fips_des_locl.h (1.1.2.2)
- fips/des/fips_desmovs.c (1.1.2.3)
- fips/aes/.cvsignore (1.1.2.2)
- fips/aes/Makefile.ssl (1.1.2.5)
- fips/aes/fingerprint.sha1 (1.1.2.2)
- fips/aes/fips_aes_core.c (1.1.2.2)
- fips/aes/fips_aes_locl.h (1.1.2.2)
- fips/aes/fips_aesavs.c (1.1.2.9)
- fips/.cvsignore (1.1.2.2)
- fips/Makefile.ssl (1.1.2.6)
- fips/fingerprint.sha1 (1.1.2.3)
- fips/fips.c (1.1.2.2)
- fips/fips.h (1.1.2.2)
- fips/fips_check_sha1 (1.1.2.4)
- fips/fips_err.c (1.1.2.2)
- fips/fips_err_wrapper.c (1.1.2.2)
- fips/fips_make_sha1 (1.1.2.4)
- fips/lib (1.1.2.2)
- Changed:
- util/libeay.num (1.173.2.16), "Exp", lines: +11 -38
- util/mkerr.pl (1.18.2.5), "Exp", lines: +1 -2
- test/Makefile.ssl (1.84.2.31), "Exp", lines: +54 -180
- crypto/ripemd/Makefile.ssl (1.25.2.6), "Exp", lines: +2 -7
- crypto/sha/Makefile.ssl (1.26.2.6), "Exp", lines: +6 -16
- crypto/rand/Makefile.ssl (1.56.2.5), "Exp", lines: +15 -17
- crypto/rand/md_rand.c (1.69.2.3), "Exp", lines: +0 -9
- crypto/rand/rand.h (1.26.2.6), "Exp", lines: +0 -2
- crypto/rand/rand_err.c (1.6.2.2), "Exp", lines: +1 -3
- crypto/rand/rand_lib.c (1.15.2.3), "Exp", lines: +0 -11
- crypto/objects/obj_dat.h (1.49.2.18), "Exp", lines: +3 -27
- crypto/objects/obj_mac.h (1.19.2.18), "Exp", lines: +0 -32
- crypto/objects/obj_mac.num (1.15.2.14), "Exp", lines: +0 -8
- crypto/objects/objects.txt (1.20.2.19), "Exp", lines: +0 -11
- crypto/md4/Makefile.ssl (1.6.2.5), "Exp", lines: +4 -7
- crypto/md5/Makefile.ssl (1.33.2.8), "Exp", lines: +4 -7
- crypto/evp/Makefile.ssl (1.64.2.9), "Exp", lines: +7 -8
- crypto/evp/c_allc.c (1.8.2.6), "Exp", lines: +0 -4
- crypto/evp/e_aes.c (1.6.2.9), "Exp", lines: +4 -22
- crypto/evp/e_des.c (1.5.2.5), "Exp", lines: +2 -43
- crypto/evp/e_des3.c (1.8.2.4), "Exp", lines: +3 -3
- crypto/evp/evp.h (1.86.2.13), "Exp", lines: +11 -36
- crypto/evp/evp_err.c (1.23.2.2), "Exp", lines: +1 -3
- crypto/evp/evp_lib.c (1.6.8.3), "Exp", lines: +0 -24
- crypto/evp/evp_locl.h (1.7.2.5), "Exp", lines: +2 -11
- crypto/evp/evp_test.c (1.14.2.12), "Exp", lines: +8 -17
- crypto/evp/evptests.txt (1.9.2.6), "Exp", lines: +1 -106
- crypto/dsa/Makefile.ssl (1.49.2.7), "Exp", lines: +6 -10
- crypto/dsa/dsa_ossl.c (1.12.2.5), "Exp", lines: +0 -2
- crypto/dsa/dsa_sign.c (1.10.2.4), "Exp", lines: +0 -12
- crypto/dsa/dsa_vrf.c (1.10.2.4), "Exp", lines: +0 -8
- crypto/err/Makefile.ssl (1.48.2.5), "Exp", lines: +16 -17
- crypto/err/err.h (1.35.2.4), "Exp", lines: +0 -2
- crypto/err/err_all.c (1.17.2.3), "Exp", lines: +0 -4
- crypto/err/openssl.ec (1.11.2.2), "Exp", lines: +0 -1
- crypto/des/des.h (1.40.2.5), "Exp", lines: +1 -1
- crypto/des/des_enc.c (1.11.2.3), "Exp", lines: +0 -4
- crypto/des/des_old.c (1.11.2.5), "Exp", lines: +1 -1
- crypto/des/destest.c (1.30.2.7), "Exp", lines: +2 -2
- crypto/des/ecb3_enc.c (1.8.2.2), "Exp", lines: +3 -1
- crypto/aes/Makefile.ssl (1.4.2.7), "Exp", lines: +1 -2
- crypto/aes/aes.h (1.1.2.8), "Exp", lines: +0 -9
- crypto/aes/aes_cfb.c (1.1.2.8), "Exp", lines: +0 -93
- crypto/aes/aes_core.c (1.1.2.5), "Exp", lines: +0 -4
- crypto/cryptlib.c (1.32.2.10), "Exp", lines: +0 -5
- crypto/md32_common.h (1.22.2.5), "Exp", lines: +0 -11
- Configure (1.314.2.86), "Exp", lines: +0 -2
- Makefile.org (1.154.2.72), "Exp", lines: +8 -34
- TABLE (1.99.2.30), "Exp", lines: +0 -50
-
- A new branch for FIPS-related changes has been created with the
- name OpenSSL-fips-0_9_7-stable.
-
- Since the 0.9.7-stable branch is supposed to be in freeze
- and should only contain bug corrections, this change removes the
- FIPS changes from that branch.
-
-2004-05-11 14:44 ben
-
- Deleted:
- apps/Makefile.ssl (1.100.2.27)
- crypto/Makefile.ssl (1.84.2.12)
- crypto/aes/Makefile.ssl (1.4.2.9)
- crypto/asn1/Makefile.ssl (1.77.2.7)
- crypto/bf/Makefile.ssl (1.25.2.6)
- crypto/bio/Makefile.ssl (1.52.2.4)
- crypto/bn/Makefile.ssl (1.65.2.9)
- crypto/buffer/Makefile.ssl (1.32.2.4)
- crypto/cast/Makefile.ssl (1.31.2.6)
- crypto/comp/Makefile.ssl (1.32.2.4)
- crypto/conf/Makefile.ssl (1.38.2.8)
- crypto/des/Makefile.ssl (1.61.2.13)
- crypto/dh/Makefile.ssl (1.43.2.5)
- crypto/dsa/Makefile.ssl (1.49.2.9)
- crypto/dso/Makefile.ssl (1.11.2.4)
- crypto/ec/Makefile.ssl (1.7.2.4)
- crypto/engine/Makefile.ssl (1.30.2.13)
- crypto/err/Makefile.ssl (1.48.2.7)
- crypto/evp/Makefile.ssl (1.64.2.12)
- crypto/hmac/Makefile.ssl (1.33.2.6)
- crypto/idea/Makefile.ssl (1.20.2.4)
- crypto/krb5/Makefile.ssl (1.5.2.6)
- crypto/lhash/Makefile.ssl (1.28.2.4)
- crypto/md2/Makefile.ssl (1.29.2.5)
- crypto/md4/Makefile.ssl (1.6.2.7)
- crypto/md5/Makefile.ssl (1.33.2.10)
- crypto/mdc2/Makefile.ssl (1.30.2.4)
- crypto/objects/Makefile.ssl (1.46.2.6)
- crypto/ocsp/Makefile.ssl (1.19.2.7)
- crypto/pem/Makefile.ssl (1.51.2.5)
- crypto/pkcs12/Makefile.ssl (1.37.2.5)
- crypto/pkcs7/Makefile.ssl (1.47.2.5)
- crypto/rand/Makefile.ssl (1.56.2.8)
- crypto/rc2/Makefile.ssl (1.20.2.4)
- crypto/rc4/Makefile.ssl (1.25.2.6)
- crypto/rc5/Makefile.ssl (1.22.2.6)
- crypto/ripemd/Makefile.ssl (1.25.2.9)
- crypto/rsa/Makefile.ssl (1.53.2.6)
- crypto/sha/Makefile.ssl (1.26.2.9)
- crypto/stack/Makefile.ssl (1.28.2.4)
- crypto/txt_db/Makefile.ssl (1.26.2.4)
- crypto/ui/Makefile.ssl (1.10.2.6)
- crypto/x509/Makefile.ssl (1.56.2.5)
- crypto/x509v3/Makefile.ssl (1.62.2.5)
- ssl/Makefile.ssl (1.53.2.11)
- test/Makefile.ssl (1.84.2.36)
- tools/Makefile.ssl (1.9.2.4)
- Changed:
- .cvsignore (1.7.6.2), "Exp", lines: +2 -1
- Configure (1.314.2.92), "Exp", lines: +38 -8
- FAQ (1.61.2.31), "Exp", lines: +1 -1
- INSTALL (1.45.2.9), "Exp", lines: +2 -2
- INSTALL.W32 (1.30.2.14), "Exp", lines: +9 -4
- Makefile.org (1.154.2.78), "Exp", lines: +51 -19
- PROBLEMS (1.4.2.10), "Exp", lines: +2 -2
- e_os.h (1.56.2.17), "Exp", lines: +20 -1
- apps/.cvsignore (1.5.8.1), "Exp", lines: +1 -0
- apps/Makefile (1.1.4.1), "Exp", lines: +1147 -0
- apps/apps.c (1.49.2.27), "Exp", lines: +0 -10
- apps/ca.c (1.102.2.31), "Exp", lines: +0 -10
- apps/dgst.c (1.23.2.10), "Exp", lines: +39 -11
- apps/openssl.c (1.48.2.9), "Exp", lines: +19 -0
- crypto/Makefile (1.1.4.1), "Exp", lines: +217 -0
- crypto/cryptlib.c (1.32.2.11), "Exp", lines: +5 -0
- crypto/crypto-lib.com (1.53.2.12), "Exp", lines: +1 -1
- crypto/md32_common.h (1.22.2.6), "Exp", lines: +12 -0
- crypto/aes/Makefile (1.1.4.1), "Exp", lines: +102 -0
- crypto/aes/aes.h (1.1.2.9), "Exp", lines: +9 -0
- crypto/aes/aes_cfb.c (1.1.2.9), "Exp", lines: +93 -0
- crypto/aes/aes_core.c (1.1.2.6), "Exp", lines: +4 -0
- crypto/asn1/Makefile (1.1.4.1), "Exp", lines: +1150 -0
- crypto/bf/Makefile (1.1.4.1), "Exp", lines: +113 -0
- crypto/bio/Makefile (1.1.4.1), "Exp", lines: +214 -0
- crypto/bio/bio.h (1.56.2.6), "Exp", lines: +1 -0
- crypto/bn/Makefile (1.1.4.1), "Exp", lines: +324 -0
- crypto/bn/bntest.c (1.55.2.4), "Exp", lines: +1 -1
- crypto/buffer/Makefile (1.1.4.1), "Exp", lines: +92 -0
- crypto/cast/Makefile (1.1.4.1), "Exp", lines: +118 -0
- crypto/cast/asm/.cvsignore (1.2.8.1), "Exp", lines: +1 -0
- crypto/comp/Makefile (1.1.4.1), "Exp", lines: +112 -0
- crypto/conf/Makefile (1.1.4.1), "Exp", lines: +181 -0
- crypto/des/Makefile (1.1.4.1), "Exp", lines: +314 -0
- crypto/des/cfb64ede.c (1.6.2.4), "Exp", lines: +111 -0
- crypto/des/des.h (1.40.2.6), "Exp", lines: +5 -1
- crypto/des/des_enc.c (1.11.2.4), "Exp", lines: +8 -0
- crypto/des/des_old.c (1.11.2.6), "Exp", lines: +1 -1
- crypto/des/destest.c (1.30.2.8), "Exp", lines: +2 -2
- crypto/des/ecb3_enc.c (1.8.2.3), "Exp", lines: +1 -3
- crypto/des/set_key.c (1.18.2.2), "Exp", lines: +4 -0
- crypto/dh/Makefile (1.1.4.1), "Exp", lines: +131 -0
- crypto/dsa/Makefile (1.1.4.1), "Exp", lines: +173 -0
- crypto/dsa/dsa_gen.c (1.19.2.1), "Exp", lines: +4 -1
- crypto/dsa/dsa_key.c (1.9.2.1), "Exp", lines: +2 -0
- crypto/dsa/dsa_ossl.c (1.12.2.6), "Exp", lines: +2 -0
- crypto/dsa/dsa_sign.c (1.10.2.5), "Exp", lines: +12 -0
- crypto/dsa/dsa_vrf.c (1.10.2.5), "Exp", lines: +8 -0
- crypto/dso/Makefile (1.1.4.1), "Exp", lines: +140 -0
- crypto/ec/Makefile (1.1.4.1), "Exp", lines: +126 -0
- crypto/engine/Makefile (1.1.4.1), "Exp", lines: +536 -0
- crypto/engine/hw_cryptodev.c (1.1.2.6), "Exp", lines: +6 -2
- crypto/err/Makefile (1.1.4.1), "Exp", lines: +118 -0
- crypto/err/err.h (1.35.2.6), "Exp", lines: +2 -0
- crypto/err/err_all.c (1.17.2.4), "Exp", lines: +4 -0
- crypto/err/openssl.ec (1.11.2.3), "Exp", lines: +1 -0
- crypto/evp/Makefile (1.1.4.1), "Exp", lines: +1057 -0
- crypto/evp/bio_md.c (1.11.2.1), "Exp", lines: +6 -0
- crypto/evp/c_allc.c (1.8.2.7), "Exp", lines: +8 -0
- crypto/evp/e_aes.c (1.6.2.10), "Exp", lines: +22 -4
- crypto/evp/e_des.c (1.5.2.8), "Exp", lines: +36 -3
- crypto/evp/e_des3.c (1.8.2.7), "Exp", lines: +43 -4
- crypto/evp/evp.h (1.86.2.15), "Exp", lines: +39 -11
- crypto/evp/evp_err.c (1.23.2.3), "Exp", lines: +3 -1
- crypto/evp/evp_lib.c (1.6.8.4), "Exp", lines: +24 -0
- crypto/evp/evp_locl.h (1.7.2.6), "Exp", lines: +11 -2
- crypto/evp/evp_test.c (1.14.2.13), "Exp", lines: +17 -8
- crypto/evp/evptests.txt (1.9.2.7), "Exp", lines: +106 -1
- crypto/hmac/Makefile (1.1.4.1), "Exp", lines: +99 -0
- crypto/idea/Makefile (1.1.4.1), "Exp", lines: +89 -0
- crypto/krb5/Makefile (1.1.4.1), "Exp", lines: +88 -0
- crypto/lhash/Makefile (1.1.4.1), "Exp", lines: +91 -0
- crypto/md2/Makefile (1.1.4.1), "Exp", lines: +91 -0
- crypto/md4/Makefile (1.1.4.1), "Exp", lines: +93 -0
- crypto/md5/Makefile (1.1.4.1), "Exp", lines: +129 -0
- crypto/mdc2/Makefile (1.1.4.1), "Exp", lines: +96 -0
- crypto/objects/Makefile (1.1.4.1), "Exp", lines: +121 -0
- crypto/objects/obj_dat.h (1.49.2.19), "Exp", lines: +33 -3
- crypto/objects/obj_mac.h (1.19.2.19), "Exp", lines: +40 -0
- crypto/objects/obj_mac.num (1.15.2.15), "Exp", lines: +10 -0
- crypto/objects/objects.txt (1.20.2.20), "Exp", lines: +13 -0
- crypto/ocsp/Makefile (1.1.4.1), "Exp", lines: +291 -0
- crypto/pem/Makefile (1.1.4.1), "Exp", lines: +334 -0
- crypto/pkcs12/Makefile (1.1.4.1), "Exp", lines: +415 -0
- crypto/pkcs7/Makefile (1.1.4.1), "Exp", lines: +241 -0
- crypto/rand/Makefile (1.1.4.1), "Exp", lines: +196 -0
- crypto/rand/md_rand.c (1.69.2.4), "Exp", lines: +9 -0
- crypto/rand/rand.h (1.26.2.7), "Exp", lines: +3 -0
- crypto/rand/rand_err.c (1.6.2.3), "Exp", lines: +4 -1
- crypto/rand/rand_lib.c (1.15.2.4), "Exp", lines: +11 -0
- crypto/rc2/Makefile (1.1.4.1), "Exp", lines: +89 -0
- crypto/rc4/Makefile (1.1.4.1), "Exp", lines: +108 -0
- crypto/rc5/Makefile (1.1.4.1), "Exp", lines: +106 -0
- crypto/ripemd/Makefile (1.1.4.1), "Exp", lines: +111 -0
- crypto/rsa/Makefile (1.1.4.1), "Exp", lines: +239 -0
- crypto/rsa/rsa_eay.c (1.28.2.9), "Exp", lines: +1 -1
- crypto/rsa/rsa_gen.c (1.8.6.1), "Exp", lines: +3 -0
- crypto/sha/Makefile (1.1.4.1), "Exp", lines: +118 -0
- crypto/sha/sha1dgst.c (1.21.2.1), "Exp", lines: +8 -0
- crypto/stack/Makefile (1.1.4.1), "Exp", lines: +86 -0
- crypto/txt_db/Makefile (1.1.4.1), "Exp", lines: +86 -0
- crypto/ui/Makefile (1.1.4.1), "Exp", lines: +115 -0
- crypto/x509/Makefile (1.1.4.1), "Exp", lines: +592 -0
- crypto/x509v3/Makefile (1.1.4.1), "Exp", lines: +601 -0
- fips/Makefile (1.1.4.1), "Exp", lines: +202 -0
- fips/fingerprint.sha1 (1.1.2.4), "Exp", lines: +4 -4
- fips/fips.c (1.1.2.3), "Exp", lines: +120 -5
- fips/fips.h (1.1.2.3), "Exp", lines: +42 -2
- fips/fips_check_sha1 (1.1.2.5), "Exp", lines: +2 -2
- fips/fips_err.h (1.1.4.1), "Exp", lines: +117 -0
- fips/fips_err_wrapper.c (1.1.2.3), "Exp", lines: +4 -2
- fips/fips_locl.h (1.1.4.1), "Exp", lines: +62 -0
- fips/fips_make_sha1 (1.1.2.5), "Exp", lines: +9 -6
- fips/fips_test_suite.c (1.1.4.1), "Exp", lines: +302 -0
- fips/openssl_fips_fingerprint (1.1.4.1), "Exp", lines: +25 -0
- fips/aes/Makefile (1.1.4.1), "Exp", lines: +131 -0
- fips/aes/fingerprint.sha1 (1.1.2.3), "Exp", lines: +3 -2
- fips/aes/fips_aes_core.c (1.1.2.3), "Exp", lines: +5 -2
- fips/aes/fips_aes_locl.h (1.1.2.3), "Exp", lines: +0 -0
- fips/aes/fips_aes_selftest.c (1.1.4.1), "Exp", lines: +112 -0
- fips/aes/fips_aesavs.c (1.1.2.10), "Exp", lines: +12 -6
- fips/des/Makefile (1.1.4.1), "Exp", lines: +155 -0
- fips/des/fingerprint.sha1 (1.1.2.3), "Exp", lines: +5 -2
- fips/des/fips_des_enc.c (1.1.2.4), "Exp", lines: +16 -3
- fips/des/fips_des_locl.h (1.1.2.3), "Exp", lines: +1 -1
- fips/des/fips_des_selftest.c (1.1.4.1), "Exp", lines: +200 -0
- fips/des/fips_desmovs.c (1.1.2.4), "Exp", lines: +186 -79
- fips/des/fips_set_key.c (1.1.4.1), "Exp", lines: +415 -0
- fips/des/asm/fips-dx86-elf.s (1.1.4.1), "Exp", lines: +2697 -0
- fips/dsa/Makefile (1.1.4.1), "Exp", lines: +159 -0
- fips/dsa/fingerprint.sha1 (1.1.2.4), "Exp", lines: +3 -1
- fips/dsa/fips_dsa_gen.c (1.1.4.1), "Exp", lines: +373 -0
- fips/dsa/fips_dsa_ossl.c (1.1.2.4), "Exp", lines: +16 -3
- fips/dsa/fips_dsa_selftest.c (1.1.4.1), "Exp", lines: +168 -0
- fips/dsa/fips_dsatest.c (1.1.2.4), "Exp", lines: +10 -6
- fips/dsa/fips_dssvs.c (1.1.4.1), "Exp", lines: +306 -0
- fips/rand/Makefile (1.1.4.1), "Exp", lines: +104 -0
- fips/rand/fingerprint.sha1 (1.1.2.3), "Exp", lines: +2 -2
- fips/rand/fips_rand.c (1.1.2.3), "Exp", lines: +60 -10
- fips/rand/fips_rand.h (1.1.2.3), "Exp", lines: +19 -1
- fips/rand/fips_randtest.c (1.1.2.3), "Exp", lines: +31 -10
- fips/rsa/Makefile (1.1.4.1), "Exp", lines: +112 -0
- fips/rsa/fingerprint.sha1 (1.1.4.1), "Exp", lines: +3 -0
- fips/rsa/fips_rsa_eay.c (1.1.4.1), "Exp", lines: +735 -0
- fips/rsa/fips_rsa_gen.c (1.1.4.1), "Exp", lines: +249 -0
- fips/rsa/fips_rsa_selftest.c (1.1.4.1), "Exp", lines: +207 -0
- fips/sha1/.cvsignore (1.1.2.3), "Exp", lines: +1 -2
- fips/sha1/Makefile (1.1.4.1), "Exp", lines: +158 -0
- fips/sha1/fingerprint.sha1 (1.1.2.4), "Exp", lines: +5 -3
- fips/sha1/fips_md32_common.h (1.1.2.3), "Exp", lines: +0 -0
- fips/sha1/fips_sha1_selftest.c (1.1.4.1), "Exp", lines: +97 -0
- fips/sha1/fips_sha1dgst.c (1.1.2.4), "Exp", lines: +4 -4
- fips/sha1/fips_sha1test.c (1.1.2.4), "Exp", lines: +17 -0
- fips/sha1/fips_sha_locl.h (1.1.2.3), "Exp", lines: +7 -0
- fips/sha1/fips_standalone_sha1.c (1.1.2.4), "Exp", lines: +60 -7
- fips/sha1/sha1hashes.txt (1.1.2.3), "Exp", lines: +0 -0
- fips/sha1/sha1vectors.txt (1.1.2.3), "Exp", lines: +0 -0
- fips/sha1/standalone.sha1 (1.1.2.5), "Exp", lines: +6 -4
- fips/sha1/asm/sx86-elf.s (1.1.4.1), "Exp", lines: +1568 -0
- ms/do_masm.bat (1.1.8.2), "Exp", lines: +12 -10
- ms/do_ms.bat (1.4.8.2), "Exp", lines: +11 -11
- ms/do_nasm.bat (1.1.8.2), "Exp", lines: +12 -11
- ms/do_nt.bat (1.2.8.1), "Exp", lines: +4 -4
- shlib/hpux10-cc.sh (1.3.2.2), "Exp", lines: +3 -3
- ssl/Makefile (1.1.4.1), "Exp", lines: +1019 -0
- ssl/s3_clnt.c (1.53.2.16), "Exp", lines: +10 -0
- ssl/s3_srvr.c (1.85.2.21), "Exp", lines: +9 -0
- ssl/ssl_cert.c (1.48.2.7), "Exp", lines: +9 -0
- ssl/ssl_lib.c (1.110.2.12), "Exp", lines: +13 -1
- ssl/ssltest.c (1.53.2.23), "Exp", lines: +33 -1
- ssl/t1_enc.c (1.27.2.8), "Exp", lines: +19 -1
- test/.cvsignore (1.4.8.1), "Exp", lines: +4 -0
- test/Makefile (1.1.4.1), "Exp", lines: +941 -0
- test/bctest (1.14.2.1), "Exp", lines: +1 -1
- test/testenc (1.3.8.1), "Exp", lines: +1 -1
- test/testfipsssl (1.1.4.1), "Exp", lines: +113 -0
- tools/Makefile (1.1.4.1), "Exp", lines: +61 -0
- util/cygwin.sh (1.1.2.5), "Exp", lines: +3 -3
- util/domd (1.6.2.3), "Exp", lines: +5 -5
- util/fixNT.sh (1.1.1.2.8.1), "Exp", lines: +3 -3
- util/libeay.num (1.173.2.19), "Exp", lines: +55 -11
- util/mk1mf.pl (1.41.2.10), "Exp", lines: +6 -4
- util/mkdef.pl (1.67.2.7), "Exp", lines: +11 -4
- util/mkerr.pl (1.18.2.6), "Exp", lines: +2 -1
- util/mkfiles.pl (1.12.2.1), "Exp", lines: +8 -1
- util/pod2mantest (1.1.2.7), "Exp", lines: +1 -1
- util/selftest.pl (1.18.2.1), "Exp", lines: +2 -2
- util/pl/BC-16.pl (1.2.2.1), "Exp", lines: +1 -1
- util/pl/BC-32.pl (1.11.2.4), "Exp", lines: +1 -1
- util/pl/Mingw32.pl (1.12.6.5), "Exp", lines: +1 -1
- util/pl/OS2-EMX.pl (1.1.2.3), "Exp", lines: +1 -1
- util/pl/VC-16.pl (1.3.2.1), "Exp", lines: +2 -2
- util/pl/VC-32.pl (1.11.2.3), "Exp", lines: +2 -2
- util/pl/VC-CE.pl (1.1.2.5), "Exp", lines: +1 -1
- util/pl/ultrix.pl (1.2.8.1), "Exp", lines: +1 -1
-
- Pull FIPS back into stable.
-
-2004-05-12 10:27 levitte
-
- Changed:
- apps/Makefile (1.1.4.2), "Exp", lines: +3 -1
-
- Only check for FIPS signatures when FIPS is enabled.
-
-2004-05-12 10:28 levitte
-
- Changed:
- crypto/des/FILES0 (1.1.4.2), "Exp", lines: +1 -1
-
- Makefile.ssl changed name to Makefile.
-
-2004-05-12 10:28 levitte
-
- Changed:
- fips/rand/fips_rand.c (1.1.2.4), "Exp", lines: +5 -1
-
- Only really build this file when OPENSSL_FIPS is defined. And oh,
- let's keep internal variables static.
-
-2004-05-12 10:42 levitte
-
- Changed:
- fips/rand/fingerprint.sha1 (1.1.2.4), "Exp", lines: +1 -1
-
- I forgot to modify the signature for fips_rand.c...
-
-2004-05-12 10:46 levitte
-
- Changed:
- fips/rsa/.cvsignore (1.1.4.1), "Exp", lines: +1 -0
- fips/.cvsignore (1.1.2.3), "Exp", lines: +1 -1
- fips/aes/.cvsignore (1.1.2.3), "Exp", lines: +0 -3
- fips/des/.cvsignore (1.1.2.3), "Exp", lines: +0 -2
- fips/dsa/.cvsignore (1.1.2.3), "Exp", lines: +0 -1
- fips/rand/.cvsignore (1.1.2.3), "Exp", lines: +0 -1
-
- Ignore the 'lib' timestamp file.
-
-2004-05-12 12:07 levitte
-
- Changed:
- fips/.cvsignore (1.1.2.4), "Exp", lines: +1 -0
- fips/aes/.cvsignore (1.1.2.4), "Exp", lines: +1 -0
- fips/des/.cvsignore (1.1.2.4), "Exp", lines: +1 -0
- fips/dsa/.cvsignore (1.1.2.4), "Exp", lines: +1 -0
- fips/rand/.cvsignore (1.1.2.4), "Exp", lines: +1 -0
- fips/rsa/.cvsignore (1.1.4.2), "Exp", lines: +1 -0
- fips/sha1/.cvsignore (1.1.2.4), "Exp", lines: +1 -0
-
- Ignore 'Makefile.save'
-
-2004-05-12 16:11 ben
-
- Changed:
- crypto/rand/rand.h (1.26.2.8), "Exp", lines: +2 -0
- crypto/rand/rand_err.c (1.6.2.4), "Exp", lines: +2 -0
- fips/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1
- fips/fips.c (1.1.2.4), "Exp", lines: +5 -1
- fips/rand/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1
- fips/rand/fips_rand.c (1.1.2.5), "Exp", lines: +29 -0
-
- Blow up in people's faces if they don't reseed.
-
-2004-05-15 19:51 ben
-
- Changed:
- crypto/dh/dh.h (1.23.2.6), "Exp", lines: +1 -0
- crypto/dh/dh_err.c (1.6.2.3), "Exp", lines: +2 -1
- crypto/dh/dh_gen.c (1.8.8.2), "Exp", lines: +9 -0
- fips/fips_test_suite.c (1.1.4.2), "Exp", lines: +4 -3
- fips/aes/fips_aesavs.c (1.1.2.11), "Exp", lines: +49 -1
- fips/des/fingerprint.sha1 (1.1.2.4), "Exp", lines: +1 -1
- fips/des/fips_desmovs.c (1.1.2.5), "Exp", lines: +49 -1
- fips/des/fips_set_key.c (1.1.4.2), "Exp", lines: +2 -0
- fips/sha1/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1
- fips/sha1/fips_md32_common.h (1.1.2.4), "Exp", lines: +3 -0
- fips/sha1/standalone.sha1 (1.1.2.6), "Exp", lines: +1 -1
-
- Fix self-tests, ban some things in FIPS mode, fix copyrights.
-
-2004-05-17 06:28 levitte
-
- Changed:
- util/mk1mf.pl (1.41.2.11), "Exp", lines: +8 -2
- util/pl/BC-16.pl (1.2.2.2), "Exp", lines: +9 -4
- util/pl/BC-32.pl (1.11.2.5), "Exp", lines: +8 -3
- util/pl/Mingw32.pl (1.12.6.6), "Exp", lines: +7 -2
- util/pl/OS2-EMX.pl (1.1.2.4), "Exp", lines: +7 -2
- util/pl/VC-16.pl (1.3.2.2), "Exp", lines: +7 -2
- util/pl/VC-32.pl (1.11.2.4), "Exp", lines: +7 -2
- util/pl/VC-CE.pl (1.1.2.6), "Exp", lines: +7 -2
- util/pl/linux.pl (1.3.6.1), "Exp", lines: +7 -2
- util/pl/ultrix.pl (1.2.8.2), "Exp", lines: +7 -2
- util/pl/unix.pl (1.2.8.1), "Exp", lines: +7 -2
-
- Generate SHA1 files on Windows and other platforms supported by
- mk1mf.pl, when building in FIPS mode.
-
- Note: UNTESTED!
-
-2004-05-17 06:30 levitte
-
- Changed:
- apps/apps.h (1.44.2.14), "Exp", lines: +3 -0
- apps/openssl.c (1.48.2.10), "Exp", lines: +9 -5
-
- Make sure the applications know when we are running in FIPS mode.
- We can't use the variable in libcrypto, since it's supposedly
- unknown.
-
- Note: currently only supported in MONOLITH mode.
-
-2004-05-17 06:31 levitte
-
- Changed:
- apps/enc.c (1.35.2.9), "Exp", lines: +10 -1
-
- When in FIPS mode, use SHA1 to digest the key, rather than MD5, as
- MD5 isn't a FIPS-approved algorithm.
-
- Note: this means the user needs to keep track of this, and
- we need to add support for that...
-
-2004-05-19 16:16 levitte
-
- Changed:
- fips/rsa/fingerprint.sha1 (1.1.4.2), "Exp", lines: +2 -2
- fips/rsa/fips_rsa_eay.c (1.1.4.2), "Exp", lines: +8 -8
- fips/rsa/fips_rsa_gen.c (1.1.4.2), "Exp", lines: +1 -1
- fips/dsa/fingerprint.sha1 (1.1.2.5), "Exp", lines: +2 -2
- fips/dsa/fips_dsa_gen.c (1.1.4.2), "Exp", lines: +2 -2
- fips/dsa/fips_dsa_ossl.c (1.1.2.5), "Exp", lines: +4 -4
- fips/aes/fingerprint.sha1 (1.1.2.4), "Exp", lines: +1 -1
- fips/aes/fips_aes_core.c (1.1.2.4), "Exp", lines: +5 -5
- crypto/rsa/rsa.h (1.36.2.11), "Exp", lines: +4 -0
- crypto/aes/aes.h (1.1.2.10), "Exp", lines: +6 -0
- crypto/dsa/dsa.h (1.26.2.5), "Exp", lines: +4 -0
-
- Define FIPS_*_SIZE_T for AES, DSA and RSA as well, in preparation
- for size_t-ification of those algorithms in future version of
- OpenSSL...
-
-2004-05-27 11:33 levitte
-
- Changed:
- makevms.com (1.35.2.3), "Exp", lines: +27 -0
-
- Copy the FIPS files to the temporary openssl include directory.
-
-2004-05-27 12:04 levitte
-
- Changed:
- fips/fips-lib.com (1.1.2.1), "Exp", lines: +1179 -0
- makevms.com (1.35.2.4), "Exp", lines: +8 -0
-
- Compile the FIPS directory on VMS as well. fips-lib.com is
- essentially a copy of crypto-lib.com, with just a few edits.
-
-2004-05-27 12:07 levitte
-
- Changed:
- fips/install.com (1.1.2.1), "Exp", lines: +55 -0
- install.com (1.4.2.2), "Exp", lines: +6 -6
-
- Run an installation of FIPS stuff as well.
-
-2004-05-27 12:19 levitte
-
- Changed:
- test/maketests.com (1.13.2.5), "Exp", lines: +3 -3
- apps/makeapps.com (1.18.2.5), "Exp", lines: +3 -3
-
- Make sure o_str.h is reachable.
-
-2004-06-19 15:15 ben
-
- Changed:
- Makefile.org (1.154.2.80), "Exp", lines: +1 -1
- crypto/dh/dh.h (1.23.2.7), "Exp", lines: +0 -1
- crypto/dh/dh_check.c (1.6.2.1), "Exp", lines: +4 -0
- crypto/dh/dh_err.c (1.6.2.4), "Exp", lines: +0 -1
- crypto/dh/dh_gen.c (1.8.8.3), "Exp", lines: +5 -9
- crypto/dh/dh_key.c (1.16.2.3), "Exp", lines: +4 -0
- fips/Makefile (1.1.4.2), "Exp", lines: +13 -14
- fips/fingerprint.sha1 (1.1.2.6), "Exp", lines: +2 -2
- fips/fips.h (1.1.2.4), "Exp", lines: +1 -0
- fips/fips_err.h (1.1.4.2), "Exp", lines: +1 -0
- fips/fips_make_sha1 (1.1.2.6), "Exp", lines: +3 -0
- fips/fips_test_suite.c (1.1.4.3), "Exp", lines: +13 -9
- fips/openssl_fips_fingerprint (1.1.4.2), "Exp", lines: +1 -2
-
- The version that was actually submitted for FIPS testing.
-
-2004-06-19 15:16 ben
-
- Changed:
- fips/dh/Makefile (1.1.2.1), "Exp", lines: +92 -0
- fips/dh/fingerprint.sha1 (1.1.2.1), "Exp", lines: +3 -0
- fips/dh/fips_dh_check.c (1.1.2.1), "Exp", lines: +119 -0
- fips/dh/fips_dh_gen.c (1.1.2.1), "Exp", lines: +182 -0
- fips/dh/fips_dh_key.c (1.1.2.1), "Exp", lines: +222 -0
-
- Add Diffie-Hellman to FIPS.
-
-2004-06-19 15:18 ben
-
- Changed:
- fips/.cvsignore (1.1.2.5), "Exp", lines: +2 -0
- fips/dh/.cvsignore (1.1.2.1), "Exp", lines: +1 -0
-
- Update ignores.
-
-2004-06-21 11:07 levitte
-
- Changed:
- fips/aes/Makefile (1.1.4.2), "Exp", lines: +7 -5
- fips/des/Makefile (1.1.4.2), "Exp", lines: +7 -5
- fips/dh/Makefile (1.1.2.2), "Exp", lines: +7 -6
- fips/dsa/Makefile (1.1.4.2), "Exp", lines: +7 -6
- fips/rsa/Makefile (1.1.4.2), "Exp", lines: +7 -6
- fips/sha1/Makefile (1.1.4.2), "Exp", lines: +7 -5
-
- Make sure we don't try to loop over an empty EXHEADER. In the
- Makefiles where this was fixed by commenting away code, change it
- to check for an empty EXHEADER instead, so we have less hassle in a
- future where EXHEADER changes.
-
- PR: 900
-
-2004-06-21 20:05 levitte
-
- Changed:
- Makefile.org (1.154.2.82), "Exp", lines: +3 -1
-
- Standard sh doesn't tolerate ! as part of the conditional command.
-
- PR: 900
-
-2004-06-28 22:33 levitte
-
- Changed:
- fips/dh/fips_dh_check.c (1.1.2.2), "Exp", lines: +6 -0
- fips/dh/fips_dh_gen.c (1.1.2.2), "Exp", lines: +6 -2
- fips/dh/fips_dh_key.c (1.1.2.2), "Exp", lines: +8 -0
-
- Make sure the FIPS stuff is only really compiled when in FIPS mode.
-
-2004-07-12 19:59 ben
-
- Changed:
- fips/fips_test_suite.c (1.1.4.4), "Exp", lines: +39 -6
- fips/dh/fingerprint.sha1 (1.1.2.2), "Exp", lines: +3 -3
-
- Corrected test program.
-
-2004-07-17 14:48 appro
-
- Changed:
- fips/des/Makefile (1.1.4.3), "Exp", lines: +1 -1
-
- Eliminate enforced -g from CFLAGS. It switches off optimization
- with some compilers, e.g. DEC C.
-
-2004-07-21 19:41 steve
-
- Changed:
- crypto/pem/pem_all.c (1.20.2.1), "Exp", lines: +119 -0
-
- When in FIPS mode write private keys in PKCS#8 and PBES2 format to
- avoid use of prohibited MD5 algorithm.
-
-2004-07-23 15:20 ben
-
- Changed:
- fips/rand/fingerprint.sha1 (1.1.2.7), "Exp", lines: +1 -1
- fips/rand/fips_rand.c (1.1.2.7), "Exp", lines: +22 -7
- fips/rand/fips_randtest.c (1.1.2.5), "Exp", lines: +2 -2
-
- Convert to X9.31.
-
-2004-07-21 19:35 steve
-
- Changed:
- fips/fingerprint.sha1 (1.1.2.7), "Exp", lines: +1 -1
- fips/fips.c (1.1.2.5), "Exp", lines: +3 -3
- fips/rsa/fingerprint.sha1 (1.1.4.3), "Exp", lines: +1 -1
- fips/rsa/fips_rsa_selftest.c (1.1.4.2), "Exp", lines: +8 -8
-
- Avoid compiler warnings.
-
-2004-07-27 02:17 steve
-
- Changed:
- fips/fips_test_suite.c (1.1.4.5), "Exp", lines: +9 -8
-
- Stop compiler warnings.
-
-2004-07-27 02:20 steve
-
- Changed:
- crypto/err/err.c (1.51.2.6), "Exp", lines: +1 -0
-
- Add FIPS name to error library.
-
-2004-07-27 14:22 steve
-
- Changed:
- Makefile.org (1.154.2.84), "Exp", lines: +3 -3
- fips/fips_check_sha1 (1.1.2.6), "Exp", lines: +1 -1
- fips/openssl_fips_fingerprint (1.1.4.3), "Exp", lines: +1 -1
-
- Rename libcrypto.sha1 to libcrypto.a.sha1
-
-2004-07-27 20:28 steve
-
- Changed:
- ssl/s3_lib.c (1.57.2.11), "Exp", lines: +33 -33
- ssl/ssl.h (1.126.2.20), "Exp", lines: +1 -0
- ssl/ssl_ciph.c (1.33.2.9), "Exp", lines: +11 -0
- ssl/ssl_locl.h (1.47.2.3), "Exp", lines: +2 -1
-
- New cipher "strength" FIPS which specifies that a cipher suite is
- FIPS compatible.
-
- New cipherstring "FIPS" is all FIPS compatible ciphersuites
- except eNULL.
-
- Only allow FIPS ciphersuites in FIPS mode.
-
-2004-07-28 04:24 levitte
-
- Changed:
- makevms.com (1.35.2.6), "Exp", lines: +2 -2
-
- From the FIPS directory, darnit!
-
-2004-07-28 15:47 levitte
-
- Changed:
- makevms.com (1.35.2.7), "Exp", lines: +5 -1
-
- Define OPENSSL_FIPS in opensslconf.h if a logical name with the
- same name is defined.
-
- Go up one directory level before dealing with FIPS stuff.
-
-2004-07-30 00:26 levitte
-
- Changed:
- fips/fips-lib.com (1.1.2.2), "Exp", lines: +3 -3
-
- We're building crypto stuff, not ssl stuff. Additionally, we're in
- the fips subdirectory, not the crypto one...
-
-2004-07-30 16:37 levitte
-
- Changed:
- fips/sha1/fingerprint.sha1 (1.1.2.7), "Exp", lines: +2 -2
- fips/sha1/fips_md32_common.h (1.1.2.6), "Exp", lines: +1 -1
- fips/sha1/fips_sha_locl.h (1.1.2.5), "Exp", lines: +2 -2
- fips/sha1/fips_standalone_sha1.c (1.1.2.5), "Exp", lines: +1 -1
- fips/sha1/standalone.sha1 (1.1.2.8), "Exp", lines: +3 -3
- ssl/ssl_ciph.c (1.33.2.10), "Exp", lines: +2 -2
- fips/rsa/fingerprint.sha1 (1.1.4.4), "Exp", lines: +2 -2
- fips/rsa/fips_rsa_eay.c (1.1.4.3), "Exp", lines: +1 -1
- fips/rsa/fips_rsa_gen.c (1.1.4.3), "Exp", lines: +1 -1
- fips/dh/fingerprint.sha1 (1.1.2.3), "Exp", lines: +1 -1
- fips/dh/fips_dh_gen.c (1.1.2.3), "Exp", lines: +1 -1
- fips/dsa/fingerprint.sha1 (1.1.2.6), "Exp", lines: +2 -2
- fips/dsa/fips_dsa_gen.c (1.1.4.3), "Exp", lines: +4 -3
- fips/dsa/fips_dsa_ossl.c (1.1.2.6), "Exp", lines: +2 -2
- fips/des/fingerprint.sha1 (1.1.2.5), "Exp", lines: +2 -2
- fips/des/fips_des_enc.c (1.1.2.5), "Exp", lines: +2 -2
- fips/des/fips_set_key.c (1.1.4.3), "Exp", lines: +3 -3
- fips/fingerprint.sha1 (1.1.2.8), "Exp", lines: +2 -2
- fips/fips.c (1.1.2.6), "Exp", lines: +76 -23
- fips/fips.h (1.1.2.5), "Exp", lines: +2 -3
- fips/fips_locl.h (1.1.4.2), "Exp", lines: +7 -2
- fips/aes/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1
- fips/aes/fips_aes_core.c (1.1.2.5), "Exp", lines: +1 -1
- crypto/rand/md_rand.c (1.69.2.5), "Exp", lines: +1 -1
- crypto/rand/rand_lib.c (1.15.2.5), "Exp", lines: +2 -1
- crypto/dsa/dsa_sign.c (1.10.2.6), "Exp", lines: +2 -2
- crypto/dsa/dsa_vrf.c (1.10.2.6), "Exp", lines: +1 -1
- crypto/pem/pem_all.c (1.20.2.2), "Exp", lines: +2 -2
- crypto/cryptlib.c (1.32.2.12), "Exp", lines: +122 -6
- crypto/crypto.h (1.62.2.8), "Exp", lines: +8 -1
- crypto/md32_common.h (1.22.2.7), "Exp", lines: +2 -2
-
- To protect FIPS-related global variables, add locking mechanisms
- around them.
-
- NOTE: because two new locks are added, this adds potential
- binary incompatibility with earlier versions in the 0.9.7 series.
- However, those locks will only ever be touched when FIPS_mode_set()
- is called and after, thanks to a variable that's only changed from
- 0 to 1 once (when FIPS_mode_set() is called). So basically, as
- long as FIPS mode hasn't been engaged explicitely by the calling
- application, the new locks are treated as if they didn't exist at
- all, thus not becoming a problem. Applications that are built or
- rebuilt to use FIPS functionality will need to be recompiled in any
- case, thus not being a problem either.
-
-2004-08-02 16:15 levitte
-
- Changed:
- crypto/cryptlib.c (1.32.2.13), "Exp", lines: +4 -4
-
- Let's lock a write lock when changing values, shall we?
-
- Thanks to Dr Stephen Henson <shenson@drh-consultancy.co.uk>
- for making me aware of this error.
-
-2004-08-05 20:11 steve
-
- Changed:
- fips/fingerprint.sha1 (1.1.2.9), "Exp", lines: +1 -1
- fips/fips.c (1.1.2.7), "Exp", lines: +1 -1
-
- Stop compiler giving bogus shadow warning.
-
-2004-08-09 14:13 levitte
-
- Changed:
- makevms.com (1.35.2.8), "Exp", lines: +1 -1
-
- In the fips directory, we use FIPS-LIB.COM, not CRYPTO-LIB.COM...
-
-2004-08-09 14:14 levitte
-
- Changed:
- fips/fips-lib.com (1.1.2.3), "Exp", lines: +4 -4
-
- Correct typos and include directory specifications.
-
-2004-08-10 11:11 levitte
-
- Changed:
- fips/fips-lib.com (1.1.2.4), "Exp", lines: +2 -1
-
- Update the VMS fips library builder with the DH library.
-
-2004-08-10 12:04 levitte
-
- Changed:
- fips/rand/fingerprint.sha1 (1.1.2.8), "Exp", lines: +1 -1
- fips/rand/fips_rand.c (1.1.2.8), "Exp", lines: +7 -1
-
- With DEC C in ANSI C mode, we need to define _XOPEN_SOURCE_EXTENDED
- to get struct timeval and gettimeofday().
-
-2004-09-06 16:19 levitte
-
- Changed:
- fips/fips.c (1.1.2.8), "Exp", lines: +5 -4
-
- Replace the bogus checks of n with proper uses of feof(), ferror()
- and clearerr().
-
-2004-09-06 16:21 levitte
-
- Changed:
- fips/sha1/fips_sha_locl.h (1.1.2.6), "Exp", lines: +2 -2
-
- num is an unsigned long, but since it was transfered from
- crypto/sha/sha_locl.h, where it is in fact an int, we need to check
- for less-than-zero as if it was an int...
-
-2004-10-08 12:03 ben
-
- Changed:
- fips/fingerprint.sha1 (1.1.2.10), "Exp", lines: +1 -1
- fips/sha1/fingerprint.sha1 (1.1.2.8), "Exp", lines: +1 -1
- fips/sha1/standalone.sha1 (1.1.2.9), "Exp", lines: +1 -1
-
- Update fingerprints.
-
-2004-10-14 07:51 levitte
-
- Changed:
- VMS/mkshared.com (1.3.2.1), "Exp", lines: +8 -0
-
- We need to check for OPENSSL_FIPS when building shared libraries,
- so we get correct transfer vectors for those functions when
- required.
-
-2004-10-26 13:47 steve
-
- Changed:
- util/mkfiles.pl (1.12.2.2), "Exp", lines: +1 -0
-
- Add fips/dh directory to mkfiles.pl
-
-2004-10-26 14:17 levitte
-
- Changed:
- fips/sha1/Makefile (1.1.4.4), "Exp", lines: +3 -1
- util/mkfiles.pl (1.12.2.3), "Exp", lines: +1 -0
- fips/Makefile (1.1.4.5), "Exp", lines: +7 -1
- crypto/sha/Makefile (1.1.4.4), "Exp", lines: +1 -7
-
- fips/dh was missing in mkfiles.pl. make update
-
-2004-10-26 15:01 steve
-
- Changed:
- util/mkfiles.pl (1.12.2.4), "Exp", lines: +0 -1
-
- Only add fips/dh once...
-
-2004-11-01 09:20 levitte
-
- Changed:
- fips/rand/fingerprint.sha1 (1.1.2.9), "Exp", lines: +1 -1
- fips/rand/fips_rand.c (1.1.2.9), "Exp", lines: +3 -1
-
- Make sure _XOPEN_SOURCE_EXTENDED is correctly defined, and only if
- not already defined.
-
-2004-12-09 19:03 appro
-
- vChanged:
- crypto/Makefile (1.1.4.4), "Exp", lines: +2 -0
-
- Postpone linking of shared libcrypto in FIPS build.
-
-2004-12-09 19:13 appro
-
- Changed:
- fips/fingerprint.sha1 (1.1.2.11), "Exp", lines: +1 -1
- fips/fips.c (1.1.2.9), "Exp", lines: +13 -1
- fips/openssl_fips_fingerprint (1.1.4.4), "Exp", lines: +4 -2
-
- Cygwin specific FIPS fix-ups.
-
-2004-12-09 23:43 appro
-
- Changed:
- Configure (1.314.2.100), "Exp", lines: +2 -3
- crypto/des/des_enc.c (1.11.2.5), "Exp", lines: +2 -2
-
- Eliminate false dependency on 386 config option is FIPS context.
- At the same time limit assembler support to ELF platforms [that's
- what is there, ELF modules].
-
-2004-12-10 12:37 appro
-
- Changed:
- Configure (1.314.2.101), "Exp", lines: +10 -3
- crypto/des/des_enc.c (1.11.2.6), "Exp", lines: +2 -2
-
- Respect no-asm with fips option and disable FIPS DES assembler in
- shared context [because it's not PIC].
-
-2004-12-10 14:15 appro
-
- Changed:
- fips/sha1/fingerprint.sha1 (1.1.2.10), "Exp", lines: +1 -1
- fips/sha1/standalone.sha1 (1.1.2.11), "Exp", lines: +1 -1
- fips/sha1/asm/sx86-elf.s (1.1.4.3), "Exp", lines: +32 -32
-
- Solaris x86 assembler update.
-
-2004-12-10 17:30 appro
-
- Changed:
- fips/fips_check_sha1 (1.1.2.7), "Exp", lines: +1 -1
- fips/openssl_fips_fingerprint (1.1.4.5), "Exp", lines: +1 -1
- fips/sha1/Makefile (1.1.4.6), "Exp", lines: +1 -1
-
- Adapt FIPS sub-tree for mingw.
-
-2005-01-03 18:46 steve
-
- Changed:
- fips/rsa/fingerprint.sha1 (1.1.4.5), "Exp", lines: +1 -1
- fips/rsa/fips_rsa_selftest.c (1.1.4.3), "Exp", lines: +55 -11
-
- RSA KAT.
-
-2005-01-11 17:54 levitte
-
- Changed:
- fips/rsa/fingerprint.sha1 (1.1.4.6), "Exp", lines: +1 -1
- fips/rsa/fips_rsa_selftest.c (1.1.4.4), "Exp", lines: +2 -2
-
- Clear signed vs. unsigned conflicts. Change the fingerprint
- accordingly.
-
-2005-01-11 19:25 levitte
-
- Changed:
- ssl/ssltest.c (1.53.2.24), "Exp", lines: +2 -2
- fips/rand/fips_randtest.c (1.1.2.6), "Exp", lines: +3 -3
- fips/sha1/fips_sha1test.c (1.1.2.5), "Exp", lines: +10 -4
- fips/des/fips_desmovs.c (1.1.2.6), "Exp", lines: +8 -7
- fips/dsa/fips_dsatest.c (1.1.2.5), "Exp", lines: +2 -2
- apps/openssl.c (1.48.2.12), "Exp", lines: +1 -1
- fips/aes/fips_aesavs.c (1.1.2.12), "Exp", lines: +8 -7
-
- Use EXIT() instead of exit().
-
-2005-01-26 21:00 steve
-
- Changed:
- apps/dgst.c (1.23.2.13), "Exp", lines: +10 -0
- apps/pkcs12.c (1.60.2.13), "Exp", lines: +8 -1
- crypto/crypto.h (1.62.2.9), "Exp", lines: +49 -0
- crypto/md32_common.h (1.22.2.9), "Exp", lines: +1 -1
- crypto/bf/bf_skey.c (1.6.2.1), "Exp", lines: +2 -1
- crypto/bf/blowfish.h (1.9.2.1), "Exp", lines: +4 -1
- crypto/cast/c_skey.c (1.5.6.1), "Exp", lines: +3 -1
- crypto/cast/cast.h (1.7.2.1), "Exp", lines: +4 -1
- crypto/evp/bio_md.c (1.11.2.3), "Exp", lines: +2 -7
- crypto/evp/digest.c (1.21.2.7), "Exp", lines: +11 -0
- crypto/evp/e_aes.c (1.6.2.11), "Exp", lines: +11 -11
- crypto/evp/e_des.c (1.5.2.9), "Exp", lines: +5 -3
- crypto/evp/e_des3.c (1.8.2.8), "Exp", lines: +6 -6
- crypto/evp/evp.h (1.86.2.16), "Exp", lines: +17 -0
- crypto/evp/evp_enc.c (1.28.2.11), "Exp", lines: +15 -1
- crypto/evp/evp_err.c (1.23.2.4), "Exp", lines: +6 -1
- crypto/evp/evp_locl.h (1.7.2.7), "Exp", lines: +17 -2
- crypto/evp/m_dss.c (1.8.2.1), "Exp", lines: +1 -1
- crypto/evp/m_md2.c (1.9.2.1), "Exp", lines: +1 -0
- crypto/evp/m_md4.c (1.8.2.1), "Exp", lines: +1 -0
- crypto/evp/m_md5.c (1.9.2.1), "Exp", lines: +1 -0
- crypto/evp/m_mdc2.c (1.9.2.1), "Exp", lines: +1 -0
- crypto/evp/m_sha.c (1.8.2.2), "Exp", lines: +1 -0
- crypto/evp/m_sha1.c (1.8.2.1), "Exp", lines: +1 -1
- crypto/evp/names.c (1.7.2.1), "Exp", lines: +3 -0
- crypto/hmac/hmac.c (1.12.2.3), "Exp", lines: +7 -0
- crypto/hmac/hmac.h (1.14.2.2), "Exp", lines: +1 -0
- crypto/idea/i_skey.c (1.5.6.1), "Exp", lines: +13 -0
- crypto/idea/idea.h (1.10.2.1), "Exp", lines: +4 -0
- crypto/md2/md2.h (1.11.2.1), "Exp", lines: +3 -0
- crypto/md2/md2_dgst.c (1.13.2.4), "Exp", lines: +3 -1
- crypto/md4/md4.h (1.3.2.1), "Exp", lines: +3 -0
- crypto/md4/md4_dgst.c (1.2.2.2), "Exp", lines: +1 -1
- crypto/md5/md5.h (1.10.2.3), "Exp", lines: +3 -0
- crypto/md5/md5_dgst.c (1.16.2.2), "Exp", lines: +1 -1
- crypto/mdc2/mdc2.h (1.9.2.1), "Exp", lines: +3 -1
- crypto/mdc2/mdc2dgst.c (1.13.2.1), "Exp", lines: +3 -1
- crypto/rc2/rc2.h (1.10.2.1), "Exp", lines: +4 -1
- crypto/rc2/rc2_skey.c (1.4.6.1), "Exp", lines: +13 -0
- crypto/rc4/rc4.h (1.10.2.2), "Exp", lines: +3 -0
- crypto/rc4/rc4_skey.c (1.10.8.2), "Exp", lines: +2 -1
- crypto/rc5/rc5.h (1.5.2.1), "Exp", lines: +4 -1
- crypto/rc5/rc5_skey.c (1.4.6.1), "Exp", lines: +14 -0
- crypto/ripemd/ripemd.h (1.8.2.1), "Exp", lines: +3 -0
- crypto/ripemd/rmd_dgst.c (1.13.2.2), "Exp", lines: +2 -1
- crypto/sha/sha.h (1.11.2.2), "Exp", lines: +3 -0
- crypto/sha/sha_locl.h (1.16.2.3), "Exp", lines: +4 -0
- crypto/x509/x509_cmp.c (1.22.2.4), "Exp", lines: +7 -1
- crypto/x509/x509_vfy.c (1.56.2.13), "Exp", lines: +1 -1
- ssl/s3_clnt.c (1.53.2.18), "Exp", lines: +2 -0
- ssl/s3_enc.c (1.31.2.9), "Exp", lines: +3 -0
- ssl/s3_srvr.c (1.85.2.23), "Exp", lines: +2 -0
- ssl/t1_enc.c (1.27.2.9), "Exp", lines: +2 -0
-
- FIPS algorithm blocking.
-
- Non FIPS algorithms are not normally allowed in FIPS mode.
-
- Any attempt to use them via high level functions will
- return an error.
-
- The low level non-FIPS algorithm functions cannot return
- errors so they produce assertion failures. HMAC also has to give an
- assertion error because it (erroneously) can't return an error
- either.
-
- There are exceptions (such as MD5 in TLS and non
- cryptographic use of algorithms) and applications can override the
- blocking and use non FIPS algorithms anyway.
-
- For low level functions the override is perfomed by
- prefixing the algorithm initalization function with "private_" for
- example private_MD5_Init().
-
- For high level functions an override is performed by
- setting a flag in the context.
-
-2005-01-27 02:49 steve
-
- Changed:
- apps/dgst.c (1.23.2.14), "Exp", lines: +9 -5
- crypto/crypto.h (1.62.2.10), "Exp", lines: +3 -0
- crypto/evp/digest.c (1.21.2.8), "Exp", lines: +34 -0
- crypto/hmac/hmac.c (1.12.2.4), "Exp", lines: +9 -0
-
- More FIPS algorithm blocking.
-
- Catch attempted use of non FIPS algorithms with HMAC.
-
- Give an assertion error for applications that ignore FIPS
- digest errors.
-
- Make -non-fips-allow work with dgst and HMAC.
-
-2005-01-28 15:03 steve
-
- Changed:
- apps/dgst.c (1.23.2.15), "Exp", lines: +2 -1
- apps/enc.c (1.35.2.13), "Exp", lines: +38 -4
- crypto/evp/e_rc4.c (1.11.2.2), "Exp", lines: +1 -0
- crypto/evp/evp.h (1.86.2.17), "Exp", lines: +3 -0
- crypto/evp/evp_enc.c (1.28.2.12), "Exp", lines: +60 -15
- crypto/evp/evp_locl.h (1.7.2.8), "Exp", lines: +1 -0
- test/testenc (1.3.8.2), "Exp", lines: +8 -8
-
- Further FIPS algorithm blocking.
-
- Fixes to cipher blocking and enabling code.
-
- Add option -non-fips-allow to 'enc' and update testenc.
-
-2005-01-31 02:33 steve
-
- Changed:
- ssl/s23_clnt.c (1.20.2.7), "Exp", lines: +16 -0
- ssl/s23_srvr.c (1.41.2.6), "Exp", lines: +9 -0
- ssl/s3_clnt.c (1.53.2.19), "Exp", lines: +0 -8
- ssl/s3_enc.c (1.31.2.10), "Exp", lines: +1 -0
- ssl/s3_srvr.c (1.85.2.24), "Exp", lines: +0 -8
- ssl/ssl.h (1.126.2.21), "Exp", lines: +1 -0
- ssl/ssl_cert.c (1.48.2.10), "Exp", lines: +0 -8
- ssl/ssl_err.c (1.41.2.4), "Exp", lines: +2 -1
- ssl/ssl_lib.c (1.110.2.13), "Exp", lines: +8 -9
- ssl/t1_enc.c (1.27.2.10), "Exp", lines: +0 -18
-
- Only allow TLS is FIPS mode.
-
- Remove old FIPS_allow_md5() calls.
-
-2005-02-05 19:24 steve
-
- Changed:
- apps/req.c (1.88.2.18), "Exp", lines: +8 -1
- apps/x509.c (1.67.2.20), "Exp", lines: +8 -1
-
- In FIPS mode use SHA1 as default digest in x509 and req utilities.
-
-2005-03-15 10:46 appro
-
- Changed:
- Makefile.org (1.154.2.96), "Exp", lines: +1 -1
- crypto/Makefile (1.1.4.6), "Exp", lines: +2 -3
- fips/Makefile (1.1.4.8), "Exp", lines: +4 -1
-
- Real Bourne shell doesn't accept ! as in "if ! grep ..." Fix this
- in crypto/Makefile and make Makefile.org and fips/Makefile more
- discreet.
-
-2005-03-22 18:29 steve
-
- Changed:
- fips/fingerprint.sha1 (1.1.2.12), "Exp", lines: +1 -1
- fips/fips.c (1.1.2.10), "Exp", lines: +1 -0
-
- Fix memory leak.
-
-2005-03-27 05:36 steve
-
- Changed:
- crypto/evp/e_null.c (1.9.2.1), "Exp", lines: +1 -1
- ssl/s3_lib.c (1.57.2.13), "Exp", lines: +3 -3
-
- Allow 'null' cipher and appropriate Kerberos ciphersuites in FIPS
- mode.
-
-2005-04-14 14:44 steve
-
- Changed:
- fips/fipshashes.sha1 (1.1.2.1), "Exp", lines: +29 -0
- util/checkhash.pl (1.1.2.1), "Exp", lines: +181 -0
-
- Perl script that checks or rebuilds FIPS hash files. This works on
- both Unix and Windows.
-
- Merge all FIPS hash files into a single hash file
- fips/fips.sha1
-
-2005-04-15 05:27 steve
-
- Changed:
- fips/Makefile (1.1.4.9), "Exp", lines: +1 -1
- fips/aes/Makefile (1.1.4.4), "Exp", lines: +1 -4
- fips/des/Makefile (1.1.4.6), "Exp", lines: +1 -4
- fips/dh/Makefile (1.1.2.5), "Exp", lines: +1 -4
- fips/dsa/Makefile (1.1.4.4), "Exp", lines: +1 -4
- fips/rand/Makefile (1.1.4.3), "Exp", lines: +1 -4
- fips/rsa/Makefile (1.1.4.5), "Exp", lines: +1 -4
- fips/sha1/Makefile (1.1.4.9), "Exp", lines: +1 -7
-
- Update hash checking in makefiles to use new perl script.
-
-2005-04-17 06:37 steve
-
- Changed:
- util/checkhash.pl (1.1.2.2), "Exp", lines: +163 -127
-
- Modify checkhash.pl so it can be run standalone or included as a
- funtion in another perl script.
-
-2005-04-17 16:00 appro
-
- Changed:
- fips/sha1/Makefile (1.1.4.10), "Exp", lines: +9 -5
-
- Bring back fips_standalone_sha1.
-
-2005-04-17 16:17 appro
-
- Deleted:
- fips/sha1/asm/sx86-elf.s (1.1.4.4)
- Changed:
- Configure (1.314.2.114), "Exp", lines: +1 -1
- fips/fipshashes.sha1 (1.1.2.2), "Exp", lines: +1 -1
- fips/sha1/Makefile (1.1.4.11), "Exp", lines: +1 -1
- fips/sha1/standalone.sha1 (1.1.2.13), "Exp", lines: +1 -1
- fips/sha1/asm/fips-sx86-elf.s (1.1.2.1), "Exp", lines: +1568 -0
-
- Rename fips/sha1/sx86-elf.s to fips/sha1/fips-sx86-elf.s.
-
-2005-04-17 16:21 steve
-
- Changed:
- util/checkhash.pl (1.1.2.3), "Exp", lines: +2 -0
-
- Return 0 for successful hash check.
-
-2005-04-17 16:54 appro
-
- Changed:
- Configure (1.314.2.116), "Exp", lines: +8 -1
- Makefile.org (1.154.2.99), "Exp", lines: +3 -2
- crypto/aes/aes_cbc.c (1.1.2.11), "Exp", lines: +2 -0
- fips/fipshashes.sha1 (1.1.2.4), "Exp", lines: +1 -0
- fips/aes/Makefile (1.1.4.5), "Exp", lines: +4 -2
- fips/aes/asm/fips-ax86-elf.s (1.1.2.1), "Exp", lines: +1822 -0
-
- Throw in fips/aes/asm/fips-ax86-elf.s.
-
-2005-04-17 16:35 appro
-
- Changed:
- Configure (1.314.2.115), "Exp", lines: +1 -1
- fips/fipshashes.sha1 (1.1.2.3), "Exp", lines: +1 -1
- fips/des/asm/fips-dx86-elf.s (1.1.4.2), "Exp", lines: +108 -98
-
- Regenerate fips/des/asm/fips-dx86-elf.s with -fPIC flag.
-
-2005-04-17 17:26 appro
-
- Changed:
- crypto/cryptlib.c (1.32.2.18), "Exp", lines: +6 -55
- crypto/crypto.h (1.62.2.11), "Exp", lines: +0 -3
- fips/fips.c (1.1.2.11), "Exp", lines: +62 -8
- fips/fips.h (1.1.2.7), "Exp", lines: +2 -3
- fips/fips_locl.h (1.1.4.3), "Exp", lines: +6 -3
- fips/fipshashes.sha1 (1.1.2.5), "Exp", lines: +4 -4
- fips/rand/fips_rand.c (1.1.2.10), "Exp", lines: +3 -1
- fips/rsa/fips_rsa_gen.c (1.1.4.4), "Exp", lines: +4 -2
-
- Resolve minor binary compatibility issues in fips.
-
-2005-04-17 18:22 appro
-
- Changed:
- fips/fipshashes.sha1 (1.1.2.6), "Exp", lines: +12 -12
- fips/des/fips_des_locl.h (1.1.2.4), "Exp", lines: +1 -1
- fips/des/fips_set_key.c (1.1.4.4), "Exp", lines: +2 -2
- fips/dh/fips_dh_key.c (1.1.2.3), "Exp", lines: +1 -1
- fips/dsa/fips_dsa_ossl.c (1.1.2.7), "Exp", lines: +1 -1
- fips/dsa/fips_dsa_selftest.c (1.1.4.2), "Exp", lines: +3 -3
- fips/rand/fips_rand.c (1.1.2.11), "Exp", lines: +2 -2
- fips/rand/fips_rand.h (1.1.2.5), "Exp", lines: +1 -1
- fips/rsa/fips_rsa_eay.c (1.1.4.4), "Exp", lines: +1 -1
- fips/rsa/fips_rsa_gen.c (1.1.4.5), "Exp", lines: +1 -1
- fips/rsa/fips_rsa_selftest.c (1.1.4.5), "Exp", lines: +11 -11
- fips/sha1/fips_sha1_selftest.c (1.1.4.2), "Exp", lines: +1 -1
- fips/sha1/fips_sha1dgst.c (1.1.2.5), "Exp", lines: +1 -1
- fips/sha1/standalone.sha1 (1.1.2.14), "Exp", lines: +2 -2
-
- Minor fips const-ification.
-
-2005-04-18 07:02 steve
-
- Changed:
- crypto/bf/bf_skey.c (1.6.2.2), "Exp", lines: +1 -0
- crypto/cast/c_skey.c (1.5.6.2), "Exp", lines: +1 -0
- crypto/idea/i_skey.c (1.5.6.2), "Exp", lines: +1 -0
- crypto/rc2/rc2_skey.c (1.4.6.2), "Exp", lines: +1 -0
- crypto/rc4/rc4_skey.c (1.10.8.3), "Exp", lines: +1 -0
- crypto/rc5/rc5_skey.c (1.4.6.2), "Exp", lines: +1 -0
-
- Pick up definition of FIPS_mode() in fips.h to avoid warnings.
-
-2005-04-18 10:34 steve
-
- Deleted:
- fips/fingerprint.sha1 (1.1.2.14)
- fips/fips_check_sha1 (1.1.2.8)
- fips/fips_make_sha1 (1.1.2.7)
- fips/aes/fingerprint.sha1 (1.1.2.7)
- fips/des/fingerprint.sha1 (1.1.2.6)
- fips/dh/fingerprint.sha1 (1.1.2.4)
- fips/dsa/fingerprint.sha1 (1.1.2.7)
- fips/rand/fingerprint.sha1 (1.1.2.10)
- fips/rsa/fingerprint.sha1 (1.1.4.7)
- fips/sha1/fingerprint.sha1 (1.1.2.12)
- Changed:
- fips/sha1/Makefile (1.1.4.12), "Exp", lines: +1 -4
-
- Remove obsolete fingerprint.sha1 files and associated scripts.
- Delete test in fips/sha1/Makefile: the top level test checks the
- same files.
-
-2005-04-19 09:11 appro
-
- Deleted:
- fips/fipshashes.sha1 (1.1.2.7)
- fips/sha1/standalone.sha1 (1.1.2.15)
- Changed:
- fips/fipshashes.c (1.1.2.1), "Exp", lines: +32 -0
- util/checkhash.pl (1.1.2.4), "Exp", lines: +7 -4
-
- Maintain fingerprint hashes as C source.
-
-2005-04-19 09:17 appro
-
- Changed:
- util/checkhash.pl (1.1.2.5), "Exp", lines: +1 -1
-
- Complete the transition C-code hashes.
-
-2005-04-21 19:06 steve
-
- Changed:
- apps/openssl.c (1.48.2.13), "Exp", lines: +0 -2
- fips/fips.c (1.1.2.12), "Exp", lines: +0 -27
- fips/fips.h (1.1.2.8), "Exp", lines: +0 -2
- fips/fipshashes.c (1.1.2.2), "Exp", lines: +2 -2
-
- Remove defunct FIPS_allow_md5() and related functions.
-
-2005-04-22 06:15 appro
-
- Changed:
- fips/fips.c (1.1.2.13), "Exp", lines: +3 -3
- fips/fips_err.h (1.1.4.4), "Exp", lines: +3 -3
- fips/fipshashes.c (1.1.2.4), "Exp", lines: +2 -2
-
- Move some variables to .bss.
-
diff --git a/Configure b/Configure
index 820be609c96d..f24d738febc3 100755
--- a/Configure
+++ b/Configure
@@ -10,7 +10,7 @@ use strict;
# see INSTALL for instructions.
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [enable-montasm] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
# Options:
#
@@ -54,6 +54,8 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lx
# [no-]zlib [don't] compile support for zlib compression.
# zlib-dynamic Like "zlib", but the zlib library is expected to be a shared
# library and will be loaded in run-time by the OpenSSL library.
+# enable-montasm 0.9.8 branch only: enable Montgomery x86 assembler backport
+# from 0.9.9
# 386 generate 80386 code
# no-sse2 disables IA-32 SSE2 code, above option implies no-sse2
# no-<cipher> build without specified algorithm (rsa, idea, rc5, ...)
@@ -114,12 +116,12 @@ my $tlib="-lnsl -lsocket";
my $bits1="THIRTY_TWO_BIT ";
my $bits2="SIXTY_FOUR_BIT ";
-my $x86_elf_asm="x86cpuid-elf.o:bn86-elf.o co86-elf.o:dx86-elf.o yx86-elf.o:ax86-elf.o:bx86-elf.o:mx86-elf.o:sx86-elf.o s512sse2-elf.o:cx86-elf.o:rx86-elf.o:rm86-elf.o:r586-elf.o";
-my $x86_coff_asm="x86cpuid-cof.o:bn86-cof.o co86-cof.o:dx86-cof.o yx86-cof.o:ax86-cof.o:bx86-cof.o:mx86-cof.o:sx86-cof.o s512sse2-cof.o:cx86-cof.o:rx86-cof.o:rm86-cof.o:r586-cof.o";
-my $x86_out_asm="x86cpuid-out.o:bn86-out.o co86-out.o:dx86-out.o yx86-out.o:ax86-out.o:bx86-out.o:mx86-out.o:sx86-out.o s512sse2-out.o:cx86-out.o:rx86-out.o:rm86-out.o:r586-out.o";
+my $x86_elf_asm="x86cpuid-elf.o:bn86-elf.o co86-elf.o MAYBE-MO86-elf.o:dx86-elf.o yx86-elf.o:ax86-elf.o:bx86-elf.o:mx86-elf.o:sx86-elf.o s512sse2-elf.o:cx86-elf.o:rx86-elf.o rc4_skey.o:rm86-elf.o:r586-elf.o";
+my $x86_coff_asm="x86cpuid-cof.o:bn86-cof.o co86-cof.o MAYBE-MO86-cof.o:dx86-cof.o yx86-cof.o:ax86-cof.o:bx86-cof.o:mx86-cof.o:sx86-cof.o s512sse2-cof.o:cx86-cof.o:rx86-cof.o rc4_skey.o:rm86-cof.o:r586-cof.o";
+my $x86_out_asm="x86cpuid-out.o:bn86-out.o co86-out.o MAYBE-MO86-out.o:dx86-out.o yx86-out.o:ax86-out.o:bx86-out.o:mx86-out.o:sx86-out.o s512sse2-out.o:cx86-out.o:rx86-out.o rc4_skey.o:rm86-out.o:r586-out.o";
-my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o::::md5-x86_64.o:::rc4-x86_64.o::";
-my $ia64_asm=":bn-ia64.o::aes_core.o aes_cbc.o aes-ia64.o:::sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o::";
+my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o::";
+my $ia64_asm=":bn-ia64.o::aes_core.o aes_cbc.o aes-ia64.o:::sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o::";
my $no_asm="::::::::::";
@@ -155,7 +157,10 @@ my %table=(
"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll",
-"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -march=i486 -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared",
+"debug-steve64", "gcc:-m64 -DL_ENDIAN -DTERMIO -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DOPENSSL_NO_DEPRECATED -g -pedantic -Wall -Werror -Wno-long-long -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-steve32", "gcc:-m32 -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DOPENSSL_NO_DEPRECATED -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -m32 -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared",
+"debug-steve-opt", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -m32 -O3 -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared",
"debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT:${no_asm}:dlfcn:linux-shared",
"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -201,11 +206,11 @@ my %table=(
"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc
-"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
####
"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o::::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### SPARC Solaris with Sun C setups
# SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
@@ -213,11 +218,11 @@ my %table=(
# SC5.0 note: Compiler common patch 107357-01 or later is required!
"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
+"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
####
"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8.o::::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8plus.o::::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8plus.o::::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### SunOS configs, assuming sparc for the gcc one.
#"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::",
@@ -231,10 +236,10 @@ my %table=(
# Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
# './Configure irix-cc -o32' manually.
"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT::bn-mips3.o::::::::::dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT::bn-mips3.o::::::::::dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT::bn-mips3.o::::::::::dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# N64 ABI builds.
"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG::bn-mips3.o::::::::::dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG::bn-mips3.o::::::::::dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG::bn-mips3.o::::::::::dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### Unified HP-UX ANSI C configs.
# Special notes:
@@ -321,8 +326,7 @@ my %table=(
"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
####
"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# -bpowerpc64-linux is transient option, -m64 should be the one to use...
-"linux-ppc64", "gcc:-bpowerpc64-linux -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc64.o::::::::::dlfcn:linux-shared:-fPIC:-bpowerpc64-linux:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc64.o::::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -333,9 +337,9 @@ my %table=(
"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# it's a real mess with -mcpu=ultrasparc option under Linux, but
# -Wa,-Av8plus should do the trick no matter what.
-"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# GCC 3.1 is a requirement
-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### Alpha Linux with GNU C and Compaq C setups
# Special notes:
# - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
@@ -365,7 +369,7 @@ my %table=(
# -DMD32_REG_T=int doesn't actually belong in sparc64 target, it
# simply *happens* to work around a compiler bug in gcc 3.3.3,
# triggered by RIPEMD160 code.
-"BSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"BSD-ia64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"BSD-x86_64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -403,12 +407,12 @@ my %table=(
#### IBM's AIX.
"aix3-cc", "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::",
-"aix-gcc", "gcc:-O -DB_ENDIAN::-D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:",
-"aix64-gcc","gcc:-O -DB_ENDIAN::-D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn::::::-X64",
+"aix-gcc", "gcc:-O -DB_ENDIAN::-pthread:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
+"aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-pthread:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-maix64 -shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64",
# Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE
# at build time. $OBJECT_MODE is respected at ./config stage!
-"aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384::-qthreaded:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-q32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
-"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-q64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
+"aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
+"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
#
# Cray T90 and similar (SDSC)
@@ -479,15 +483,20 @@ my %table=(
"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_coff_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
"debug-Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::CYGWIN32:::${no_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
-# NetWare from David Ward (dsward@novell.com) - requires MetroWerks NLM development tools
+# NetWare from David Ward (dsward@novell.com)
+# requires either MetroWerks NLM development tools, or gcc / nlmconv
+# NetWare defaults socket bio to WinSock sockets. However,
+# the builds can be configured to use BSD sockets instead.
# netware-clib => legacy CLib c-runtime support
-"netware-clib", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::",
+"netware-clib", "mwccnlm::::::${x86_gcc_opts}::",
+"netware-clib-bsdsock", "mwccnlm::::::${x86_gcc_opts}::",
+"netware-clib-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -I/ndk/ws295sdk/include -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYSNAME_NETWARE -O2 -Wall:::::${x86_gcc_opts}::",
+"netware-clib-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -DNETWARE_BSDSOCK -DNETDB_USE_INTERNET -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYSNAME_NETWARE -O2 -Wall:::::${x86_gcc_opts}::",
# netware-libc => LibC/NKS support
-# NetWare defaults socket bio to WinSock sockets. However, the LibC build can be
-# configured to use BSD sockets instead.
"netware-libc", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::",
"netware-libc-bsdsock", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::",
"netware-libc-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -I/ndk/libc/include/winsock -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::",
+"netware-libc-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::",
# DJGPP
"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:",
@@ -500,8 +509,11 @@ my %table=(
##### MacOS X (a.k.a. Rhapsody or Darwin) setup
"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}::",
-"darwin-ppc-cc","cc:-O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"darwin-i386-cc","cc:-O3 -fomit-frame-pointer -fno-common::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin-ppc-cc","cc:-arch ppc -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc64.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"debug-darwin-i386-cc","cc:-arch i386 -g3 -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -fomit-frame-pointer -DL_ENDIAN -DMD32_REG_T=int -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
"debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
##### A/UX
@@ -530,7 +542,9 @@ my %table=(
my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A
VC-NT VC-CE VC-WIN32
- BC-32 OS2-EMX netware-clib netware-libc netware-libc-bsdsock);
+ BC-32 OS2-EMX
+ netware-clib netware-clib-bsdsock
+ netware-libc netware-libc-bsdsock);
my $idx = 0;
my $idx_cc = $idx++;
@@ -569,6 +583,7 @@ my $no_shared=0; # but "no-shared" is default
my $zlib=1; # but "no-zlib" is default
my $no_krb5=0; # but "no-krb5" is implied unless "--with-krb5-..." is used
my $no_rfc3779=1; # but "no-rfc3779" is default
+my $montasm=1; # but "no-montasm" is default
my $no_asm=0;
my $no_dso=0;
my $no_gmp=0;
@@ -588,7 +603,7 @@ my $des_enc="des_enc.o fcrypt_b.o";
my $aes_enc="aes_core.o aes_cbc.o";
my $bf_enc ="bf_enc.o";
my $cast_enc="c_enc.o";
-my $rc4_enc="rc4_enc.o";
+my $rc4_enc="rc4_enc.o rc4_skey.o";
my $rc5_enc="rc5_enc.o";
my $md5_obj="";
my $sha1_obj="";
@@ -601,12 +616,17 @@ my $perl;
# All of the following is disabled by default (RC5 was enabled before 0.9.8):
my %disabled = ( # "what" => "comment"
- "camellia" => "default",
- "gmp" => "default",
+ "camellia" => "default",
+ "capieng" => "default",
+ "cms" => "default",
+ "gmp" => "default",
"mdc2" => "default",
+ "montasm" => "default", # explicit option in 0.9.8 only (implicitly enabled in 0.9.9)
"rc5" => "default",
- "rfc3779" => "default",
+ "rfc3779" => "default",
+ "seed" => "default",
"shared" => "default",
+ "tlsext" => "default",
"zlib" => "default",
"zlib-dynamic" => "default"
);
@@ -616,7 +636,7 @@ my %disabled = ( # "what" => "comment"
# For symmetry, "disable-..." is a synonym for "no-...".
# This is what $depflags will look like with the above default:
-my $default_depflags = "-DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 ";
+my $default_depflags = "-DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED -DOPENSSL_NO_TLSEXT ";
my $no_sse2=0;
@@ -838,6 +858,10 @@ if (defined($disabled{"md5"}) || defined($disabled{"sha"})
$disabled{"tls1"} = "forced";
}
+if (defined($disabled{"tls1"}))
+ {
+ $disabled{"tlsext"} = "forced";
+ }
if ($target eq "TABLE") {
foreach $target (sort keys %table) {
@@ -877,6 +901,8 @@ foreach (sort (keys %disabled))
{ $no_shared = 1; }
elsif (/^zlib$/)
{ $zlib = 0; }
+ elsif (/^montasm$/)
+ { $montasm = 0; }
elsif (/^static-engine$/)
{ }
elsif (/^zlib-dynamic$/)
@@ -924,6 +950,7 @@ my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds;
$IsMK1MF=1 if ($target eq "mingw" && $^O ne "cygwin" && !is_msys());
$exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target eq "mingw");
+$exe_ext=".nlm" if ($target =~ /netware/);
$exe_ext=".pm" if ($target =~ /vos/);
$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
$prefix=$openssldir if $prefix eq "";
@@ -968,6 +995,11 @@ my $shared_extension = $fields[$idx_shared_extension];
my $ranlib = $fields[$idx_ranlib];
my $arflags = $fields[$idx_arflags];
+# '%' in $lflags is used to split flags to "pre-" and post-flags
+my ($prelflags,$postlflags)=split('%',$lflags);
+if (defined($postlflags)) { $lflags=$postlflags; }
+else { $lflags=$prelflags; undef $prelflags; }
+
my $no_shared_warn=0;
my $no_user_cflags=0;
@@ -1097,6 +1129,14 @@ if ($no_asm)
$cpuid_obj=$bn_obj=$des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj="";
$sha1_obj=$md5_obj=$rmd160_obj="";
}
+if ($montasm)
+ {
+ $bn_obj =~ s/MAYBE-MO86-/mo86-/;
+ }
+else
+ {
+ $bn_obj =~ s/MAYBE-MO86-[a-z.]*//;
+ }
if (!$no_shared)
{
@@ -1150,12 +1190,18 @@ if (!$IsMK1MF)
}
$cpuid_obj.=" uplink.o uplink-cof.o" if ($cflags =~ /\-DOPENSSL_USE_APPLINK/);
-# Compiler fix-ups
-if ($target =~ /icc$/)
+
+#
+# Platform fix-ups
+#
+if ($target =~ /\-icc$/) # Intel C compiler
{
- my($iccver)=`$cc -V 2>&1`;
- if ($iccver =~ /Version ([0-9]+)\./) { $iccver=$1; }
- else { $iccver=0; }
+ my $iccver=0;
+ if (open(FD,"$cc -V 2>&1 |"))
+ {
+ while(<FD>) { $iccver=$1 if (/Version ([0-9]+)\./); }
+ close(FD);
+ }
if ($iccver>=8)
{
# Eliminate unnecessary dependency from libirc.a. This is
@@ -1163,6 +1209,28 @@ if ($target =~ /icc$/)
# apps/openssl can end up in endless loop upon startup...
$cflags.=" -Dmemcpy=__builtin_memcpy -Dmemset=__builtin_memset";
}
+ if ($iccver>=9)
+ {
+ $cflags.=" -i-static";
+ $cflags=~s/\-no_cpprt/-no-cpprt/;
+ }
+ if ($iccver>=10)
+ {
+ $cflags=~s/\-i\-static/-static-intel/;
+ }
+ }
+
+# Unlike other OSes (like Solaris, Linux, Tru64, IRIX) BSD run-time
+# linkers (tested OpenBSD, NetBSD and FreeBSD) "demand" RPATH set on
+# .so objects. Apparently application RPATH is not global and does
+# not apply to .so linked with other .so. Problem manifests itself
+# when libssl.so fails to load libcrypto.so. One can argue that we
+# should engrave this into Makefile.shared rules or into BSD-* config
+# lines above. Meanwhile let's try to be cautious and pass -rpath to
+# linker only when --prefix is not /usr.
+if ($target =~ /^BSD\-/)
+ {
+ $shared_ldflag.=" -Wl,-rpath,\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
}
if ($sys_id ne "")
@@ -1187,6 +1255,7 @@ $bn_obj = $bn_asm unless $bn_obj ne "";
# bn86* is the only one implementing bn_*_part_words
$cflags.=" -DOPENSSL_BN_ASM_PART_WORDS" if ($bn_obj =~ /bn86/);
$cflags.=" -DOPENSSL_IA32_SSE2" if (!$no_sse2 && $bn_obj =~ /bn86/);
+$cflags.=" -DOPENSSL_BN_ASM_MONT" if ($bn_obj =~ /\-mont|mo86\-/);
$des_obj=$des_enc unless ($des_obj =~ /\.o$/);
$bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/);
@@ -1199,7 +1268,7 @@ if ($sha1_obj =~ /\.o$/)
$cflags.=" -DSHA1_ASM" if ($sha1_obj =~ /sx86/ || $sha1_obj =~ /sha1/);
$cflags.=" -DSHA256_ASM" if ($sha1_obj =~ /sha256/);
$cflags.=" -DSHA512_ASM" if ($sha1_obj =~ /sha512/);
- if ($sha1_obj =~ /x86/)
+ if ($sha1_obj =~ /sse2/)
{ if ($no_sse2)
{ $sha1_obj =~ s/\S*sse2\S+//; }
elsif ($cflags !~ /OPENSSL_IA32_SSE2/)
@@ -1294,6 +1363,7 @@ while (<IN>)
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc";
s/^CFLAG=.*$/CFLAG= $cflags/;
s/^DEPFLAG=.*$/DEPFLAG= $depflags/;
+ s/^PEX_LIBS=.*$/PEX_LIBS= $prelflags/;
s/^EX_LIBS=.*$/EX_LIBS= $lflags/;
s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/;
s/^CPUID_OBJ=.*$/CPUID_OBJ= $cpuid_obj/;
@@ -1581,7 +1651,7 @@ EOF
}
# create the ms/version32.rc file if needed
-if ($IsMK1MF) {
+if ($IsMK1MF && ($target !~ /^netware/)) {
my ($v1, $v2, $v3, $v4);
if ($version_num =~ /(^[0-9a-f]{1})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) {
$v1=hex $1;
diff --git a/FAQ b/FAQ
index 74bf952ddcd5..1b14ffe9a465 100644
--- a/FAQ
+++ b/FAQ
@@ -32,6 +32,8 @@ OpenSSL - Frequently Asked Questions
* How do I install a CA certificate into a browser?
* Why is OpenSSL x509 DN output not conformant to RFC2253?
* What is a "128 bit certificate"? Can I create one with OpenSSL?
+* Why does OpenSSL set the authority key identifier extension incorrectly?
+* How can I set up a bundle of commercial root CA certificates?
[BUILD] Questions about building and testing OpenSSL
@@ -66,6 +68,8 @@ OpenSSL - Frequently Asked Questions
* Why doesn't my server application receive a client certificate?
* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
* I think I've detected a memory leak, is this a bug?
+* Why does Valgrind complain about the use of uninitialized data?
+* Why doesn't a memory BIO work when a file does?
===============================================================================
@@ -74,7 +78,7 @@ OpenSSL - Frequently Asked Questions
* Which is the current version of OpenSSL?
The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.8e was released on February 23rd, 2007.
+OpenSSL 0.9.8i was released on Sep 15th, 2008.
In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL:
@@ -401,10 +405,10 @@ You can't generally create such a certificate using OpenSSL but there is no
need to any more. Nowadays web browsers using unrestricted strong encryption
are generally available.
-When there were tight export restrictions on the export of strong encryption
+When there were tight restrictions on the export of strong encryption
software from the US only weak encryption algorithms could be freely exported
(initially 40 bit and then 56 bit). It was widely recognised that this was
-inadequate. A relaxation the rules allowed the use of strong encryption but
+inadequate. A relaxation of the rules allowed the use of strong encryption but
only to an authorised server.
Two slighly different techniques were developed to support this, one used by
@@ -425,6 +429,39 @@ The export laws were later changed to allow almost unrestricted use of strong
encryption so these certificates are now obsolete.
+* Why does OpenSSL set the authority key identifier (AKID) extension incorrectly?
+
+It doesn't: this extension is often the cause of confusion.
+
+Consider a certificate chain A->B->C so that A signs B and B signs C. Suppose
+certificate C contains AKID.
+
+The purpose of this extension is to identify the authority certificate B. This
+can be done either by including the subject key identifier of B or its issuer
+name and serial number.
+
+In this latter case because it is identifying certifcate B it must contain the
+issuer name and serial number of B.
+
+It is often wrongly assumed that it should contain the subject name of B. If it
+did this would be redundant information because it would duplicate the issuer
+name of C.
+
+
+* How can I set up a bundle of commercial root CA certificates?
+
+The OpenSSL software is shipped without any root CA certificate as the
+OpenSSL project does not have any policy on including or excluding
+any specific CA and does not intend to set up such a policy. Deciding
+about which CAs to support is up to application developers or
+administrators.
+
+Other projects do have other policies so you can for example extract the CA
+bundle used by Mozilla and/or modssl as described in this article:
+
+ http://www.mail-archive.com/modssl-users@modssl.org/msg16980.html
+
+
[BUILD] =======================================================================
* Why does the linker complain about undefined symbols?
@@ -822,11 +859,11 @@ code itself (the hex digits after the second colon).
* Why do I get errors about unknown algorithms?
-This can happen under several circumstances such as reading in an
-encrypted private key or attempting to decrypt a PKCS#12 file. The cause
-is forgetting to load OpenSSL's table of algorithms with
-OpenSSL_add_all_algorithms(). See the manual page for more information.
-
+The cause is forgetting to load OpenSSL's table of algorithms with
+OpenSSL_add_all_algorithms(). See the manual page for more information. This
+can cause several problems such as being unable to read in an encrypted
+PEM file, unable to decrypt a PKCS#12 file or signature failure when
+verifying certificates.
* Why can't the OpenSSH configure script detect OpenSSL?
@@ -894,5 +931,35 @@ thread-safe):
ERR_free_strings(), EVP_cleanup() and CRYPTO_cleanup_all_ex_data().
-===============================================================================
+* Why does Valgrind complain about the use of uninitialized data?
+
+When OpenSSL's PRNG routines are called to generate random numbers the supplied
+buffer contents are mixed into the entropy pool: so it technically does not
+matter whether the buffer is initialized at this point or not. Valgrind (and
+other test tools) will complain about this. When using Valgrind, make sure the
+OpenSSL library has been compiled with the PURIFY macro defined (-DPURIFY)
+to get rid of these warnings.
+
+
+* Why doesn't a memory BIO work when a file does?
+
+This can occur in several cases for example reading an S/MIME email message.
+The reason is that a memory BIO can do one of two things when all the data
+has been read from it.
+
+The default behaviour is to indicate that no more data is available and that
+the call should be retried, this is to allow the application to fill up the BIO
+again if necessary.
+Alternatively it can indicate that no more data is available and that EOF has
+been reached.
+
+If a memory BIO is to behave in the same way as a file this second behaviour
+is needed. This must be done by calling:
+
+ BIO_set_mem_eof_return(bio, 0);
+
+See the manual pages for more details.
+
+
+===============================================================================
diff --git a/INSTALL b/INSTALL
index 83439f1aa4f6..c72cc1dcee42 100644
--- a/INSTALL
+++ b/INSTALL
@@ -158,7 +158,7 @@
standard headers). If it is a problem with OpenSSL itself, please
report the problem to <openssl-bugs@openssl.org> (note that your
message will be recorded in the request tracker publicly readable
- via http://www.openssl.org/support/rt2.html and will be forwarded to a
+ via http://www.openssl.org/support/rt.html and will be forwarded to a
public mailing list). Include the output of "make report" in your message.
Please check out the request tracker. Maybe the bug was already
reported or has already been fixed.
@@ -180,7 +180,7 @@
in Makefile.ssl and run "make clean; make". Please send a bug
report to <openssl-bugs@openssl.org>, including the output of
"make report" in order to be added to the request tracker at
- http://www.openssl.org/support/rt2.html.
+ http://www.openssl.org/support/rt.html.
4. If everything tests ok, install OpenSSL with
diff --git a/LICENSE b/LICENSE
index ff99d9724177..a2c4adcbe6a5 100644
--- a/LICENSE
+++ b/LICENSE
@@ -12,7 +12,7 @@
---------------
/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2008 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
diff --git a/Makefile b/Makefile
index e2223b7dbd47..43b1d9796aac 100644
--- a/Makefile
+++ b/Makefile
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=0.9.8e
+VERSION=0.9.8i
MAJOR=0
MINOR=9.8
SHLIB_VERSION_NUMBER=0.9.8
@@ -13,7 +13,7 @@ SHLIB_MAJOR=0
SHLIB_MINOR=9.8
SHLIB_EXT=
PLATFORM=dist
-OPTIONS= no-camellia no-gmp no-krb5 no-mdc2 no-rc5 no-rfc3779 no-shared no-zlib no-zlib-dynamic
+OPTIONS= no-camellia no-capieng no-cms no-gmp no-krb5 no-mdc2 no-montasm no-rc5 no-rfc3779 no-seed no-shared no-tlsext no-zlib no-zlib-dynamic
CONFIGURE_ARGS=dist
SHLIB_TARGET=
@@ -61,7 +61,7 @@ OPENSSLDIR=/usr/local/ssl
CC= cc
CFLAG= -O
-DEPFLAG= -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779
+DEPFLAG= -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED -DOPENSSL_NO_TLSEXT
PEX_LIBS=
EX_LIBS=
EXE_EXT=
@@ -92,7 +92,7 @@ DES_ENC= des_enc.o fcrypt_b.o
AES_ASM_OBJ= aes_core.o aes_cbc.o
BF_ENC= bf_enc.o
CAST_ENC= c_enc.o
-RC4_ENC= rc4_enc.o
+RC4_ENC= rc4_enc.o rc4_skey.o
RC5_ENC= rc5_enc.o
MD5_ASM_OBJ=
SHA1_ASM_OBJ=
diff --git a/Makefile.org b/Makefile.org
index c1334c6e1e9f..22b169925742 100644
--- a/Makefile.org
+++ b/Makefile.org
@@ -111,11 +111,11 @@ SHLIBDIRS= crypto ssl
SDIRS= \
objects \
md2 md4 md5 sha mdc2 hmac ripemd \
- des aes rc2 rc4 rc5 idea bf cast camellia \
+ des aes rc2 rc4 rc5 idea bf cast camellia seed \
bn ec rsa dsa ecdsa dh ecdh dso engine \
buffer bio stack lhash rand err \
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
- store pqueue
+ store cms pqueue
# keep in mind that the above list is adjusted by ./Configure
# according to no-xxx arguments...
diff --git a/Makefile.shared b/Makefile.shared
index 1b94aa18bcb3..c6006f70bf5c 100644
--- a/Makefile.shared
+++ b/Makefile.shared
@@ -236,24 +236,30 @@ link_o.cygwin:
@ $(CALC_VERSIONS); \
INHIBIT_SYMLINKS=yes; \
SHLIB=cyg$(LIBNAME); \
- expr $(PLATFORM) : 'mingw' > /dev/null && SHLIB=$(LIBNAME)eay32; \
+ base=-Wl,--enable-auto-image-base; \
+ if expr $(PLATFORM) : 'mingw' > /dev/null; then \
+ SHLIB=$(LIBNAME)eay32; base=; \
+ fi; \
SHLIB_SUFFIX=.dll; \
LIBVERSION="$(LIBVERSION)"; \
SHLIB_SOVER=${LIBVERSION:+"-$(LIBVERSION)"}; \
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a"; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a"; \
$(LINK_SO_O)
link_a.cygwin:
@ $(CALC_VERSIONS); \
INHIBIT_SYMLINKS=yes; \
SHLIB=cyg$(LIBNAME); \
- expr $(PLATFORM) : 'mingw' > /dev/null && SHLIB=$(LIBNAME)eay32; \
+ base=-Wl,--enable-auto-image-base; \
+ if expr $(PLATFORM) : 'mingw' > /dev/null; then \
+ SHLIB=$(LIBNAME)eay32; \
+ base=; [ $(LIBNAME) = "crypto" ] && base=-Wl,--image-base,0x63000000; \
+ fi; \
SHLIB_SUFFIX=.dll; \
SHLIB_SOVER=-$(LIBVERSION); \
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
- base=; [ $(LIBNAME) = "crypto" ] && base=-Wl,--image-base,0x63000000; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a"; \
[ -f apps/$$SHLIB$$SHLIB_SUFFIX ] && rm apps/$$SHLIB$$SHLIB_SUFFIX; \
[ -f test/$$SHLIB$$SHLIB_SUFFIX ] && rm test/$$SHLIB$$SHLIB_SUFFIX; \
@@ -278,7 +284,7 @@ link_o.alpha-osf1:
SHLIB_SOVER=; \
ALLSYMSFLAGS='-all'; \
NOALLSYMSFLAGS='-none'; \
- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared"; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \
if [ -n "$$SHLIB_HIST" ]; then \
SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \
fi; \
@@ -299,7 +305,7 @@ link_a.alpha-osf1:
SHLIB_SOVER=; \
ALLSYMSFLAGS='-all'; \
NOALLSYMSFLAGS='-none'; \
- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared"; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \
if [ -n "$$SHLIB_HIST" ]; then \
SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \
fi; \
@@ -422,7 +428,7 @@ link_o.irix:
($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \
ALLSYMSFLAGS="$${MINUSWL}-all"; \
NOALLSYMSFLAGS="$${MINUSWL}-none"; \
- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,-B,symbolic"; \
fi; \
$(LINK_SO_O)
link_a.irix:
@@ -436,7 +442,7 @@ link_a.irix:
($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \
ALLSYMSFLAGS="$${MINUSWL}-all"; \
NOALLSYMSFLAGS="$${MINUSWL}-none"; \
- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,-B,symbolic"; \
fi; \
$(LINK_SO_A)
link_app.irix:
@@ -460,7 +466,7 @@ link_o.hpux:
ALLSYMSFLAGS='-Wl,-Fl'; \
NOALLSYMSFLAGS=''; \
expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,+cdp,../:,+cdp,./:"; \
fi; \
rm -f $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX || :; \
$(LINK_SO_O) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
@@ -473,7 +479,7 @@ link_a.hpux:
ALLSYMSFLAGS='-Wl,-Fl'; \
NOALLSYMSFLAGS=''; \
expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,+cdp,../:,+cdp,./:"; \
fi; \
rm -f $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX || :; \
$(LINK_SO_A) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
@@ -485,26 +491,26 @@ link_app.hpux:
link_o.aix:
@ $(CALC_VERSIONS); \
- OBJECT_MODE=`expr x$(SHARED_LDFLAGS) : 'x\-[a-z]\([0-9]*\)'`; \
+ OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || :; \
OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
- ALLSYMSFLAGS='-bnogc'; \
+ ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
- SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -G -bE:lib$(LIBNAME).exp -bM:SRE'; \
- $(LINK_SO_O); rm -rf lib$(LIBNAME).exp
+ SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
+ $(LINK_SO_O);
link_a.aix:
@ $(CALC_VERSIONS); \
- OBJECT_MODE=`expr x$(SHARED_LDFLAGS) : 'x\-[a-z]\([0-9]*\)'`; \
+ OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || : ; \
OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS='-bnogc'; \
NOALLSYMSFLAGS=''; \
- SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -G -bE:lib$(LIBNAME).exp -bM:SRE'; \
+ SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
$(LINK_SO_A_VIA_O)
link_app.aix:
- LDFLAGS="$(CFLAGS) -blibpath:$(LIBRPATH):$${LIBPATH:-/usr/lib:/lib}"; \
+ LDFLAGS="$(CFLAGS) -Wl,-brtl,-blibpath:$(LIBRPATH):$${LIBPATH:-/usr/lib:/lib}"; \
$(LINK_APP)
link_o.reliantunix:
diff --git a/NEWS b/NEWS
index c808a76ccf58..6488ffa122f8 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,29 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h:
+
+ o CryptoAPI ENGINE support.
+ o Various precautionary measures.
+ o Fix for bugs affecting certificate request creation.
+ o Support for local machine keyset attribute in PKCS#12 files.
+
+ Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g:
+
+ o Backport of CMS functionality to 0.9.8.
+ o Fixes for bugs introduced with 0.9.8f.
+
+ Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f:
+
+ o Add gcc 4.2 support.
+ o Add support for AES and SSE2 assembly lanugauge optimization
+ for VC++ build.
+ o Support for RFC4507bis and server name extensions if explicitly
+ selected at compile time.
+ o DTLS improvements.
+ o RFC4507bis support.
+ o TLS Extensions support.
+
Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e:
o Various ciphersuite selection fixes.
diff --git a/README b/README
index 907e2354bf6a..a2d87d4a497d 100644
--- a/README
+++ b/README
@@ -1,7 +1,7 @@
- OpenSSL 0.9.8e 23 Feb 2007
+ OpenSSL 0.9.8i
- Copyright (c) 1998-2007 The OpenSSL Project
+ Copyright (c) 1998-2008 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
@@ -36,12 +36,13 @@
actually logically part of it. It includes routines for the following:
Ciphers
- libdes - EAY's libdes DES encryption package which has been floating
- around the net for a few years. It includes 15
- 'modes/variations' of DES (1, 2 and 3 key versions of ecb,
- cbc, cfb and ofb; pcbc and a more general form of cfb and
- ofb) including desx in cbc mode, a fast crypt(3), and
- routines to read passwords from the keyboard.
+ libdes - EAY's libdes DES encryption package which was floating
+ around the net for a few years, and was then relicensed by
+ him as part of SSLeay. It includes 15 'modes/variations'
+ of DES (1, 2 and 3 key versions of ecb, cbc, cfb and ofb;
+ pcbc and a more general form of cfb and ofb) including desx
+ in cbc mode, a fast crypt(3), and routines to read
+ passwords from the keyboard.
RC4 encryption,
RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb.
Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb.
@@ -160,7 +161,7 @@
- Stack Traceback (if the application dumps core)
Report the bug to the OpenSSL project via the Request Tracker
- (http://www.openssl.org/support/rt2.html) by mail to:
+ (http://www.openssl.org/support/rt.html) by mail to:
openssl-bugs@openssl.org
diff --git a/apps/Makefile b/apps/Makefile
index 41cd3ca016bd..7eade4e2741b 100644
--- a/apps/Makefile
+++ b/apps/Makefile
@@ -38,7 +38,7 @@ EXE= $(PROGRAM)$(EXE_EXT)
E_EXE= verify asn1pars req dgst dh dhparam enc passwd gendh errstr \
ca crl rsa rsautl dsa dsaparam ec ecparam \
x509 genrsa gendsa s_server s_client speed \
- s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \
+ s_time version pkcs7 cms crl2pkcs7 sess_id ciphers nseq pkcs12 \
pkcs8 spkac smime rand engine ocsp prime
PROGS= $(PROGRAM).c
@@ -56,7 +56,7 @@ E_OBJ= verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o er
x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \
ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o \
- ocsp.o prime.o
+ ocsp.o prime.o cms.o
E_SRC= verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \
pkcs7.c crl2p7.c crl.c \
@@ -64,7 +64,7 @@ E_SRC= verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.
x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \
ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c engine.c \
- ocsp.c prime.c
+ ocsp.c prime.c cms.c
SRC=$(E_SRC)
@@ -153,11 +153,7 @@ $(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
shlib_target="$(SHLIB_TARGET)"; \
fi; \
- if [ "$${shlib_target}" = "darwin-shared" ] ; then \
- LIBRARIES="$(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO)" ; \
- else \
- LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \
- fi; \
+ LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \
$(MAKE) -f $(TOP)/Makefile.shared -e \
APPNAME=$(EXE) OBJECTS="$(PROGRAM).o $(E_OBJ)" \
LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
@@ -179,13 +175,14 @@ app_rand.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
app_rand.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
app_rand.o: ../include/openssl/evp.h ../include/openssl/lhash.h
app_rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-app_rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-app_rand.o: ../include/openssl/rand.h ../include/openssl/safestack.h
-app_rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
-app_rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-app_rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h app_rand.c
-app_rand.o: apps.h
+app_rand.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+app_rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+app_rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+app_rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+app_rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+app_rand.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+app_rand.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h
+app_rand.o: app_rand.c apps.h
apps.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
apps.o: ../include/openssl/bn.h ../include/openssl/buffer.h
apps.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -194,15 +191,15 @@ apps.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
apps.o: ../include/openssl/engine.h ../include/openssl/err.h
apps.o: ../include/openssl/evp.h ../include/openssl/lhash.h
apps.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-apps.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-apps.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
-apps.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
-apps.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-apps.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-apps.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-apps.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-apps.o: ../include/openssl/x509v3.h apps.c apps.h
+apps.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+apps.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+apps.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+apps.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
+apps.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+apps.o: ../include/openssl/sha.h ../include/openssl/stack.h
+apps.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+apps.o: ../include/openssl/ui.h ../include/openssl/x509.h
+apps.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.c apps.h
asn1pars.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
asn1pars.o: ../include/openssl/buffer.h ../include/openssl/conf.h
asn1pars.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@@ -210,13 +207,14 @@ asn1pars.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
asn1pars.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
asn1pars.o: ../include/openssl/err.h ../include/openssl/evp.h
asn1pars.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-asn1pars.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-asn1pars.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-asn1pars.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-asn1pars.o: ../include/openssl/sha.h ../include/openssl/stack.h
-asn1pars.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+asn1pars.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+asn1pars.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+asn1pars.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+asn1pars.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+asn1pars.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+asn1pars.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+asn1pars.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+asn1pars.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
asn1pars.o: asn1pars.c
ca.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
ca.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -241,9 +239,10 @@ ciphers.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
ciphers.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
ciphers.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
ciphers.o: ../include/openssl/engine.h ../include/openssl/err.h
-ciphers.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-ciphers.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-ciphers.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ciphers.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+ciphers.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+ciphers.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ciphers.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
ciphers.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h
ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
@@ -253,7 +252,22 @@ ciphers.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
ciphers.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
ciphers.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
ciphers.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-ciphers.o: ../include/openssl/x509_vfy.h apps.h ciphers.c
+ciphers.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+ciphers.o: ciphers.c
+cms.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+cms.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+cms.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+cms.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+cms.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+cms.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+cms.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+cms.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+cms.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+cms.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+cms.o: ../include/openssl/sha.h ../include/openssl/stack.h
+cms.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+cms.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+cms.o: ../include/openssl/x509v3.h apps.h cms.c
crl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
crl.o: ../include/openssl/buffer.h ../include/openssl/conf.h
crl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@@ -261,14 +275,14 @@ crl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
crl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
crl.o: ../include/openssl/err.h ../include/openssl/evp.h
crl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-crl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-crl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-crl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-crl.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-crl.o: ../include/openssl/sha.h ../include/openssl/stack.h
-crl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-crl.o: ../include/openssl/x509v3.h apps.h crl.c
+crl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+crl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+crl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+crl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+crl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+crl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+crl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h crl.c
crl2p7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
crl2p7.o: ../include/openssl/buffer.h ../include/openssl/conf.h
crl2p7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@@ -276,13 +290,14 @@ crl2p7.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
crl2p7.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
crl2p7.o: ../include/openssl/err.h ../include/openssl/evp.h
crl2p7.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-crl2p7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-crl2p7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-crl2p7.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-crl2p7.o: ../include/openssl/sha.h ../include/openssl/stack.h
-crl2p7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+crl2p7.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+crl2p7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+crl2p7.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+crl2p7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+crl2p7.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+crl2p7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+crl2p7.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+crl2p7.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
crl2p7.o: crl2p7.c
dgst.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
dgst.o: ../include/openssl/buffer.h ../include/openssl/conf.h
@@ -292,13 +307,14 @@ dgst.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
dgst.o: ../include/openssl/err.h ../include/openssl/evp.h
dgst.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
dgst.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-dgst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dgst.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-dgst.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-dgst.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-dgst.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-dgst.o: ../include/openssl/x509_vfy.h apps.h dgst.c
+dgst.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+dgst.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+dgst.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+dgst.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+dgst.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dgst.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+dgst.o: ../include/openssl/x509v3.h apps.h dgst.c
dh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
dh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -307,13 +323,14 @@ dh.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
dh.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
dh.o: ../include/openssl/err.h ../include/openssl/evp.h
dh.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-dh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-dh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-dh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-dh.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-dh.o: ../include/openssl/sha.h ../include/openssl/stack.h
-dh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dh.c
+dh.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+dh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+dh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+dh.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+dh.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h dh.c
dsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
dsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -322,13 +339,14 @@ dsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
dsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
dsa.o: ../include/openssl/err.h ../include/openssl/evp.h
dsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-dsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-dsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-dsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-dsa.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-dsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
-dsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dsa.c
+dsa.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+dsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+dsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+dsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+dsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h dsa.c
dsaparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
dsaparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -338,15 +356,16 @@ dsaparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
dsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h
dsaparam.o: ../include/openssl/evp.h ../include/openssl/lhash.h
dsaparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-dsaparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dsaparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-dsaparam.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-dsaparam.o: ../include/openssl/stack.h ../include/openssl/store.h
-dsaparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-dsaparam.o: ../include/openssl/ui.h ../include/openssl/x509.h
-dsaparam.o: ../include/openssl/x509_vfy.h apps.h dsaparam.c
+dsaparam.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+dsaparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+dsaparam.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+dsaparam.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+dsaparam.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dsaparam.o: ../include/openssl/store.h ../include/openssl/symhacks.h
+dsaparam.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+dsaparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+dsaparam.o: ../include/openssl/x509v3.h apps.h dsaparam.c
ec.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
ec.o: ../include/openssl/buffer.h ../include/openssl/conf.h
ec.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@@ -354,13 +373,14 @@ ec.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
ec.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
ec.o: ../include/openssl/err.h ../include/openssl/evp.h
ec.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-ec.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ec.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ec.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ec.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-ec.o: ../include/openssl/sha.h ../include/openssl/stack.h
-ec.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-ec.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h ec.c
+ec.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+ec.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ec.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ec.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ec.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ec.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ec.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+ec.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ec.c
ecparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
ecparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
ecparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -369,13 +389,14 @@ ecparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
ecparam.o: ../include/openssl/engine.h ../include/openssl/err.h
ecparam.o: ../include/openssl/evp.h ../include/openssl/lhash.h
ecparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ecparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ecparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-ecparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ecparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ecparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ecparam.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-ecparam.o: ../include/openssl/x509_vfy.h apps.h ecparam.c
+ecparam.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+ecparam.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ecparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ecparam.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+ecparam.o: ../include/openssl/sha.h ../include/openssl/stack.h
+ecparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+ecparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ecparam.o: ../include/openssl/x509v3.h apps.h ecparam.c
enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
enc.o: ../include/openssl/buffer.h ../include/openssl/conf.h
enc.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@@ -383,14 +404,15 @@ enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
enc.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
enc.o: ../include/openssl/err.h ../include/openssl/evp.h
enc.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-enc.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-enc.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-enc.o: ../include/openssl/x509_vfy.h apps.h enc.c
+enc.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+enc.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+enc.o: ../include/openssl/sha.h ../include/openssl/stack.h
+enc.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+enc.o: ../include/openssl/x509v3.h apps.h enc.c
engine.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
engine.o: ../include/openssl/bn.h ../include/openssl/buffer.h
engine.o: ../include/openssl/comp.h ../include/openssl/conf.h
@@ -398,9 +420,10 @@ engine.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
engine.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
engine.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
engine.o: ../include/openssl/engine.h ../include/openssl/err.h
-engine.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-engine.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-engine.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+engine.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+engine.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+engine.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+engine.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
engine.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
engine.o: ../include/openssl/pem.h ../include/openssl/pem2.h
engine.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
@@ -410,7 +433,8 @@ engine.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
engine.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
engine.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
engine.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-engine.o: ../include/openssl/x509_vfy.h apps.h engine.c
+engine.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+engine.o: engine.c
errstr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
errstr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
errstr.o: ../include/openssl/comp.h ../include/openssl/conf.h
@@ -418,9 +442,10 @@ errstr.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
errstr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
errstr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
errstr.o: ../include/openssl/engine.h ../include/openssl/err.h
-errstr.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-errstr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-errstr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+errstr.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+errstr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+errstr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+errstr.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
errstr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
errstr.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
@@ -430,7 +455,8 @@ errstr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
errstr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
errstr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
errstr.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-errstr.o: ../include/openssl/x509_vfy.h apps.h errstr.c
+errstr.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+errstr.o: errstr.c
gendh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
gendh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -440,15 +466,16 @@ gendh.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
gendh.o: ../include/openssl/engine.h ../include/openssl/err.h
gendh.o: ../include/openssl/evp.h ../include/openssl/lhash.h
gendh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-gendh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-gendh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-gendh.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-gendh.o: ../include/openssl/stack.h ../include/openssl/store.h
-gendh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-gendh.o: ../include/openssl/ui.h ../include/openssl/x509.h
-gendh.o: ../include/openssl/x509_vfy.h apps.h gendh.c
+gendh.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+gendh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+gendh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+gendh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+gendh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+gendh.o: ../include/openssl/sha.h ../include/openssl/stack.h
+gendh.o: ../include/openssl/store.h ../include/openssl/symhacks.h
+gendh.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+gendh.o: ../include/openssl/x509v3.h apps.h gendh.c
gendsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
gendsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -457,13 +484,14 @@ gendsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
gendsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h
gendsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-gendsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-gendsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-gendsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-gendsa.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-gendsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
-gendsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-gendsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+gendsa.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+gendsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+gendsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+gendsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+gendsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+gendsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+gendsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
gendsa.o: gendsa.c
genrsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
genrsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -474,15 +502,16 @@ genrsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
genrsa.o: ../include/openssl/engine.h ../include/openssl/err.h
genrsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h
genrsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-genrsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-genrsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-genrsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-genrsa.o: ../include/openssl/stack.h ../include/openssl/store.h
-genrsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-genrsa.o: ../include/openssl/ui.h ../include/openssl/x509.h
-genrsa.o: ../include/openssl/x509_vfy.h apps.h genrsa.c
+genrsa.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+genrsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+genrsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+genrsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+genrsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+genrsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+genrsa.o: ../include/openssl/store.h ../include/openssl/symhacks.h
+genrsa.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+genrsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+genrsa.o: ../include/openssl/x509v3.h apps.h genrsa.c
nseq.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
nseq.o: ../include/openssl/buffer.h ../include/openssl/conf.h
nseq.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@@ -490,13 +519,14 @@ nseq.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
nseq.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
nseq.o: ../include/openssl/err.h ../include/openssl/evp.h
nseq.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-nseq.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-nseq.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-nseq.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-nseq.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-nseq.o: ../include/openssl/sha.h ../include/openssl/stack.h
-nseq.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h nseq.c
+nseq.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+nseq.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+nseq.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+nseq.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+nseq.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+nseq.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+nseq.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+nseq.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h nseq.c
ocsp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
ocsp.o: ../include/openssl/bn.h ../include/openssl/buffer.h
ocsp.o: ../include/openssl/comp.h ../include/openssl/conf.h
@@ -504,20 +534,20 @@ ocsp.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
ocsp.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
ocsp.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
ocsp.o: ../include/openssl/engine.h ../include/openssl/err.h
-ocsp.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-ocsp.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-ocsp.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-ocsp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ocsp.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-ocsp.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ocsp.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
-ocsp.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ocsp.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ocsp.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ocsp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ocsp.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
-ocsp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-ocsp.o: ../include/openssl/x509v3.h apps.h ocsp.c
+ocsp.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+ocsp.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+ocsp.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ocsp.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+ocsp.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ocsp.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ocsp.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
+ocsp.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
+ocsp.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ocsp.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ocsp.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ocsp.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ocsp.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+ocsp.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ocsp.c
openssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
openssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
openssl.o: ../include/openssl/comp.h ../include/openssl/conf.h
@@ -525,9 +555,10 @@ openssl.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
openssl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
openssl.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
openssl.o: ../include/openssl/engine.h ../include/openssl/err.h
-openssl.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-openssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-openssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+openssl.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+openssl.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+openssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+openssl.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
openssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
openssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
openssl.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
@@ -537,7 +568,8 @@ openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
openssl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-openssl.o: ../include/openssl/x509_vfy.h apps.h openssl.c progs.h s_apps.h
+openssl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+openssl.o: openssl.c progs.h s_apps.h
passwd.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
passwd.o: ../include/openssl/buffer.h ../include/openssl/conf.h
passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h
@@ -547,13 +579,14 @@ passwd.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
passwd.o: ../include/openssl/err.h ../include/openssl/evp.h
passwd.o: ../include/openssl/lhash.h ../include/openssl/md5.h
passwd.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-passwd.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-passwd.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-passwd.o: ../include/openssl/rand.h ../include/openssl/safestack.h
-passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h
-passwd.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-passwd.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-passwd.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+passwd.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+passwd.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+passwd.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+passwd.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+passwd.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+passwd.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+passwd.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+passwd.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
passwd.o: passwd.c
pkcs12.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
pkcs12.o: ../include/openssl/buffer.h ../include/openssl/conf.h
@@ -562,14 +595,15 @@ pkcs12.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
pkcs12.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h
pkcs12.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-pkcs12.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-pkcs12.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-pkcs12.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
-pkcs12.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-pkcs12.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-pkcs12.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-pkcs12.o: ../include/openssl/x509_vfy.h apps.h pkcs12.c
+pkcs12.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+pkcs12.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+pkcs12.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+pkcs12.o: ../include/openssl/sha.h ../include/openssl/stack.h
+pkcs12.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+pkcs12.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+pkcs12.o: ../include/openssl/x509v3.h apps.h pkcs12.c
pkcs7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
pkcs7.o: ../include/openssl/buffer.h ../include/openssl/conf.h
pkcs7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@@ -577,13 +611,15 @@ pkcs7.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
pkcs7.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h
pkcs7.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-pkcs7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-pkcs7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-pkcs7.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-pkcs7.o: ../include/openssl/sha.h ../include/openssl/stack.h
-pkcs7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h pkcs7.c
+pkcs7.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+pkcs7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+pkcs7.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+pkcs7.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+pkcs7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+pkcs7.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+pkcs7.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+pkcs7.o: pkcs7.c
pkcs8.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
pkcs8.o: ../include/openssl/buffer.h ../include/openssl/conf.h
pkcs8.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@@ -591,14 +627,15 @@ pkcs8.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
pkcs8.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
pkcs8.o: ../include/openssl/err.h ../include/openssl/evp.h
pkcs8.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-pkcs8.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-pkcs8.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-pkcs8.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
-pkcs8.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-pkcs8.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-pkcs8.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-pkcs8.o: ../include/openssl/x509_vfy.h apps.h pkcs8.c
+pkcs8.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+pkcs8.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+pkcs8.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+pkcs8.o: ../include/openssl/sha.h ../include/openssl/stack.h
+pkcs8.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+pkcs8.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+pkcs8.o: ../include/openssl/x509v3.h apps.h pkcs8.c
prime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
prime.o: ../include/openssl/bn.h ../include/openssl/buffer.h
prime.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -606,12 +643,14 @@ prime.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
prime.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
prime.o: ../include/openssl/engine.h ../include/openssl/evp.h
prime.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-prime.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-prime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-prime.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-prime.o: ../include/openssl/sha.h ../include/openssl/stack.h
-prime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-prime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h prime.c
+prime.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+prime.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+prime.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+prime.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+prime.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+prime.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+prime.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+prime.o: prime.c
rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
rand.o: ../include/openssl/buffer.h ../include/openssl/conf.h
rand.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@@ -619,13 +658,14 @@ rand.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
rand.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
rand.o: ../include/openssl/err.h ../include/openssl/evp.h
rand.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-rand.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-rand.o: ../include/openssl/x509_vfy.h apps.h rand.c
+rand.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+rand.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
+rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+rand.o: ../include/openssl/x509v3.h apps.h rand.c
req.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
req.o: ../include/openssl/bn.h ../include/openssl/buffer.h
req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -635,15 +675,16 @@ req.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
req.o: ../include/openssl/engine.h ../include/openssl/err.h
req.o: ../include/openssl/evp.h ../include/openssl/lhash.h
req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-req.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-req.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-req.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-req.o: ../include/openssl/stack.h ../include/openssl/store.h
-req.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-req.o: ../include/openssl/ui.h ../include/openssl/x509.h
-req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h req.c
+req.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+req.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+req.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+req.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+req.o: ../include/openssl/sha.h ../include/openssl/stack.h
+req.o: ../include/openssl/store.h ../include/openssl/symhacks.h
+req.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+req.o: ../include/openssl/x509v3.h apps.h req.c
rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -652,13 +693,14 @@ rsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
rsa.o: ../include/openssl/engine.h ../include/openssl/err.h
rsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h
rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-rsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-rsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
-rsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h rsa.c
+rsa.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+rsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+rsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+rsa.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
+rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+rsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+rsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h rsa.c
rsautl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
rsautl.o: ../include/openssl/buffer.h ../include/openssl/conf.h
rsautl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@@ -666,14 +708,15 @@ rsautl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
rsautl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
rsautl.o: ../include/openssl/err.h ../include/openssl/evp.h
rsautl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-rsautl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-rsautl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-rsautl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-rsautl.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
-rsautl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-rsautl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-rsautl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-rsautl.o: ../include/openssl/x509_vfy.h apps.h rsautl.c
+rsautl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+rsautl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+rsautl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+rsautl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+rsautl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+rsautl.o: ../include/openssl/sha.h ../include/openssl/stack.h
+rsautl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+rsautl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+rsautl.o: ../include/openssl/x509v3.h apps.h rsautl.c
s_cb.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
s_cb.o: ../include/openssl/bn.h ../include/openssl/buffer.h
s_cb.o: ../include/openssl/comp.h ../include/openssl/conf.h
@@ -681,9 +724,10 @@ s_cb.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
s_cb.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
s_cb.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
s_cb.o: ../include/openssl/engine.h ../include/openssl/err.h
-s_cb.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-s_cb.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-s_cb.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s_cb.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+s_cb.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s_cb.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s_cb.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
s_cb.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h
s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
@@ -693,7 +737,8 @@ s_cb.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
s_cb.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
s_cb.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-s_cb.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_cb.c
+s_cb.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+s_cb.o: s_apps.h s_cb.c
s_client.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
s_client.o: ../include/openssl/bn.h ../include/openssl/buffer.h
s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h
@@ -701,9 +746,10 @@ s_client.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
s_client.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
s_client.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
s_client.o: ../include/openssl/engine.h ../include/openssl/err.h
-s_client.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-s_client.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-s_client.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s_client.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+s_client.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s_client.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s_client.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
s_client.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h
s_client.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
@@ -713,8 +759,8 @@ s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
s_client.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
s_client.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
-s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-s_client.o: s_apps.h s_client.c timeouts.h
+s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+s_client.o: ../include/openssl/x509v3.h apps.h s_apps.h s_client.c timeouts.h
s_server.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
s_server.o: ../include/openssl/bn.h ../include/openssl/buffer.h
s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h
@@ -723,9 +769,10 @@ s_server.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
s_server.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
s_server.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
s_server.o: ../include/openssl/engine.h ../include/openssl/err.h
-s_server.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-s_server.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-s_server.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s_server.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+s_server.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s_server.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s_server.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
s_server.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h
s_server.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
@@ -737,7 +784,8 @@ s_server.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
s_server.o: ../include/openssl/store.h ../include/openssl/symhacks.h
s_server.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
s_server.o: ../include/openssl/ui.h ../include/openssl/x509.h
-s_server.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_server.c timeouts.h
+s_server.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+s_server.o: s_apps.h s_server.c timeouts.h
s_socket.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
s_socket.o: ../include/openssl/bn.h ../include/openssl/buffer.h
s_socket.o: ../include/openssl/comp.h ../include/openssl/conf.h
@@ -745,8 +793,9 @@ s_socket.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
s_socket.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
s_socket.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
s_socket.o: ../include/openssl/engine.h ../include/openssl/evp.h
-s_socket.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s_socket.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s_socket.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
+s_socket.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+s_socket.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
s_socket.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
s_socket.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
@@ -756,8 +805,8 @@ s_socket.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
s_socket.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
s_socket.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
s_socket.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
-s_socket.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-s_socket.o: s_apps.h s_socket.c
+s_socket.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+s_socket.o: ../include/openssl/x509v3.h apps.h s_apps.h s_socket.c
s_time.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
s_time.o: ../include/openssl/bn.h ../include/openssl/buffer.h
s_time.o: ../include/openssl/comp.h ../include/openssl/conf.h
@@ -765,9 +814,10 @@ s_time.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
s_time.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
s_time.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
s_time.o: ../include/openssl/engine.h ../include/openssl/err.h
-s_time.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-s_time.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-s_time.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s_time.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+s_time.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s_time.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s_time.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
s_time.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h
s_time.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
@@ -777,7 +827,8 @@ s_time.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
s_time.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
s_time.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
s_time.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-s_time.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_time.c
+s_time.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+s_time.o: s_apps.h s_time.c
sess_id.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
sess_id.o: ../include/openssl/bn.h ../include/openssl/buffer.h
sess_id.o: ../include/openssl/comp.h ../include/openssl/conf.h
@@ -785,9 +836,10 @@ sess_id.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
sess_id.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
sess_id.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
sess_id.o: ../include/openssl/engine.h ../include/openssl/err.h
-sess_id.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-sess_id.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-sess_id.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+sess_id.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+sess_id.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+sess_id.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+sess_id.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
sess_id.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h
sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
@@ -797,7 +849,8 @@ sess_id.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
sess_id.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
sess_id.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
sess_id.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-sess_id.o: ../include/openssl/x509_vfy.h apps.h sess_id.c
+sess_id.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+sess_id.o: sess_id.c
smime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
smime.o: ../include/openssl/buffer.h ../include/openssl/conf.h
smime.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@@ -805,14 +858,15 @@ smime.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
smime.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
smime.o: ../include/openssl/err.h ../include/openssl/evp.h
smime.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-smime.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-smime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-smime.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-smime.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-smime.o: ../include/openssl/sha.h ../include/openssl/stack.h
-smime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-smime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-smime.o: ../include/openssl/x509v3.h apps.h smime.c
+smime.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+smime.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+smime.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+smime.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+smime.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+smime.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+smime.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+smime.o: smime.c
speed.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
speed.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
speed.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -826,16 +880,17 @@ speed.o: ../include/openssl/evp.h ../include/openssl/hmac.h
speed.o: ../include/openssl/idea.h ../include/openssl/lhash.h
speed.o: ../include/openssl/md2.h ../include/openssl/md4.h
speed.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
-speed.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-speed.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-speed.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-speed.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-speed.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-speed.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-speed.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
-speed.o: ../include/openssl/x509_vfy.h apps.h speed.c testdsa.h testrsa.h
+speed.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+speed.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+speed.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+speed.o: ../include/openssl/rc4.h ../include/openssl/ripemd.h
+speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
+speed.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+speed.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+speed.o: ../include/openssl/x509v3.h apps.h speed.c testdsa.h testrsa.h
spkac.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
spkac.o: ../include/openssl/buffer.h ../include/openssl/conf.h
spkac.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@@ -843,13 +898,15 @@ spkac.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
spkac.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
spkac.o: ../include/openssl/err.h ../include/openssl/evp.h
spkac.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-spkac.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-spkac.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-spkac.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-spkac.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-spkac.o: ../include/openssl/sha.h ../include/openssl/stack.h
-spkac.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-spkac.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h spkac.c
+spkac.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+spkac.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+spkac.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+spkac.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+spkac.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+spkac.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+spkac.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+spkac.o: spkac.c
verify.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
verify.o: ../include/openssl/buffer.h ../include/openssl/conf.h
verify.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@@ -857,14 +914,15 @@ verify.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
verify.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
verify.o: ../include/openssl/err.h ../include/openssl/evp.h
verify.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-verify.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-verify.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-verify.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-verify.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-verify.o: ../include/openssl/sha.h ../include/openssl/stack.h
-verify.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-verify.o: ../include/openssl/x509v3.h apps.h verify.c
+verify.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+verify.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+verify.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+verify.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+verify.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+verify.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+verify.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+verify.o: verify.c
version.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
version.o: ../include/openssl/buffer.h ../include/openssl/conf.h
@@ -875,13 +933,14 @@ version.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
version.o: ../include/openssl/evp.h ../include/openssl/idea.h
version.o: ../include/openssl/lhash.h ../include/openssl/md2.h
version.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-version.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-version.o: ../include/openssl/rc4.h ../include/openssl/safestack.h
-version.o: ../include/openssl/sha.h ../include/openssl/stack.h
-version.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-version.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-version.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+version.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+version.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+version.o: ../include/openssl/pkcs7.h ../include/openssl/rc4.h
+version.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+version.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+version.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+version.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+version.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
version.o: version.c
x509.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
x509.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -891,11 +950,12 @@ x509.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
x509.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
x509.o: ../include/openssl/err.h ../include/openssl/evp.h
x509.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-x509.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-x509.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-x509.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-x509.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
-x509.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-x509.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-x509.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-x509.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h x509.c
+x509.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+x509.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+x509.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+x509.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+x509.o: ../include/openssl/sha.h ../include/openssl/stack.h
+x509.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+x509.o: ../include/openssl/x509v3.h apps.h x509.c
diff --git a/apps/apps.c b/apps/apps.c
index 613c3ba4955c..5209caba2e21 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -2010,7 +2010,7 @@ int parse_yesno(const char *str, int def)
case 'y': /* yes */
case 'Y': /* YES */
case '1': /* 1 */
- ret = 0;
+ ret = 1;
break;
default:
ret = def;
diff --git a/apps/apps.h b/apps/apps.h
index 26dcbc5771d5..0df170813ae1 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -122,6 +122,9 @@
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
+#ifndef OPENSSL_NO_OCSP
+#include <openssl/ocsp.h>
+#endif
#include <openssl/ossl_typ.h>
int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
@@ -228,6 +231,12 @@ extern BIO *bio_err;
# endif
#endif
+#ifdef OPENSSL_SYSNAME_WIN32
+# define openssl_fdset(a,b) FD_SET((unsigned int)a, b)
+#else
+# define openssl_fdset(a,b) FD_SET(a, b)
+#endif
+
typedef struct args_st
{
char **data;
@@ -275,6 +284,12 @@ X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
ENGINE *setup_engine(BIO *err, const char *engine, int debug);
#endif
+#ifndef OPENSSL_NO_OCSP
+OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
+ char *host, char *path, char *port, int use_ssl,
+ int req_timeout);
+#endif
+
int load_config(BIO *err, CONF *cnf);
char *make_config_name(void);
diff --git a/apps/ca.c b/apps/ca.c
index e9d79def61d7..87f0405f5d57 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -2882,13 +2882,22 @@ int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str)
p=(char *)str->data;
for (j=str->length; j>0; j--)
{
+#ifdef CHARSET_EBCDIC
+ if ((*p >= 0x20) && (*p <= 0x7e))
+ BIO_printf(bp,"%c",os_toebcdic[*p]);
+#else
if ((*p >= ' ') && (*p <= '~'))
BIO_printf(bp,"%c",*p);
+#endif
else if (*p & 0x80)
BIO_printf(bp,"\\0x%02X",*p);
else if ((unsigned char)*p == 0xf7)
BIO_printf(bp,"^?");
+#ifdef CHARSET_EBCDIC
+ else BIO_printf(bp,"^%c",os_toebcdic[*p+0x40]);
+#else
else BIO_printf(bp,"^%c",*p+'@');
+#endif
p++;
}
BIO_printf(bp,"'\n");
diff --git a/apps/cms.c b/apps/cms.c
new file mode 100644
index 000000000000..6d227acabe82
--- /dev/null
+++ b/apps/cms.c
@@ -0,0 +1,1347 @@
+/* apps/cms.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+/* CMS utility function */
+
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+
+#ifndef OPENSSL_NO_CMS
+
+#include <openssl/crypto.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/x509_vfy.h>
+#include <openssl/x509v3.h>
+#include <openssl/cms.h>
+
+#undef PROG
+#define PROG cms_main
+static int save_certs(char *signerfile, STACK_OF(X509) *signers);
+static int cms_cb(int ok, X509_STORE_CTX *ctx);
+static void receipt_request_print(BIO *out, CMS_ContentInfo *cms);
+static CMS_ReceiptRequest *make_receipt_request(STACK *rr_to, int rr_allorfirst,
+ STACK *rr_from);
+
+#define SMIME_OP 0x10
+#define SMIME_IP 0x20
+#define SMIME_SIGNERS 0x40
+#define SMIME_ENCRYPT (1 | SMIME_OP)
+#define SMIME_DECRYPT (2 | SMIME_IP)
+#define SMIME_SIGN (3 | SMIME_OP | SMIME_SIGNERS)
+#define SMIME_VERIFY (4 | SMIME_IP)
+#define SMIME_CMSOUT (5 | SMIME_IP | SMIME_OP)
+#define SMIME_RESIGN (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS)
+#define SMIME_DATAOUT (7 | SMIME_IP)
+#define SMIME_DATA_CREATE (8 | SMIME_OP)
+#define SMIME_DIGEST_VERIFY (9 | SMIME_IP)
+#define SMIME_DIGEST_CREATE (10 | SMIME_OP)
+#define SMIME_UNCOMPRESS (11 | SMIME_IP)
+#define SMIME_COMPRESS (12 | SMIME_OP)
+#define SMIME_ENCRYPTED_DECRYPT (13 | SMIME_IP)
+#define SMIME_ENCRYPTED_ENCRYPT (14 | SMIME_OP)
+#define SMIME_SIGN_RECEIPT (15 | SMIME_IP | SMIME_OP)
+#define SMIME_VERIFY_RECEIPT (16 | SMIME_IP)
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ ENGINE *e = NULL;
+ int operation = 0;
+ int ret = 0;
+ char **args;
+ const char *inmode = "r", *outmode = "w";
+ char *infile = NULL, *outfile = NULL, *rctfile = NULL;
+ char *signerfile = NULL, *recipfile = NULL;
+ STACK *sksigners = NULL, *skkeys = NULL;
+ char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
+ char *certsoutfile = NULL;
+ const EVP_CIPHER *cipher = NULL;
+ CMS_ContentInfo *cms = NULL, *rcms = NULL;
+ X509_STORE *store = NULL;
+ X509 *cert = NULL, *recip = NULL, *signer = NULL;
+ EVP_PKEY *key = NULL;
+ STACK_OF(X509) *encerts = NULL, *other = NULL;
+ BIO *in = NULL, *out = NULL, *indata = NULL, *rctin = NULL;
+ int badarg = 0;
+ int flags = CMS_DETACHED;
+ int rr_print = 0, rr_allorfirst = -1;
+ STACK *rr_to = NULL, *rr_from = NULL;
+ CMS_ReceiptRequest *rr = NULL;
+ char *to = NULL, *from = NULL, *subject = NULL;
+ char *CAfile = NULL, *CApath = NULL;
+ char *passargin = NULL, *passin = NULL;
+ char *inrand = NULL;
+ int need_rand = 0;
+ const EVP_MD *sign_md = NULL;
+ int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
+ int rctformat = FORMAT_SMIME, keyform = FORMAT_PEM;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine=NULL;
+#endif
+ unsigned char *secret_key = NULL, *secret_keyid = NULL;
+ size_t secret_keylen = 0, secret_keyidlen = 0;
+
+ ASN1_OBJECT *econtent_type = NULL;
+
+ X509_VERIFY_PARAM *vpm = NULL;
+
+ args = argv + 1;
+ ret = 1;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ {
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
+ }
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ while (!badarg && *args && *args[0] == '-')
+ {
+ if (!strcmp (*args, "-encrypt"))
+ operation = SMIME_ENCRYPT;
+ else if (!strcmp (*args, "-decrypt"))
+ operation = SMIME_DECRYPT;
+ else if (!strcmp (*args, "-sign"))
+ operation = SMIME_SIGN;
+ else if (!strcmp (*args, "-sign_receipt"))
+ operation = SMIME_SIGN_RECEIPT;
+ else if (!strcmp (*args, "-resign"))
+ operation = SMIME_RESIGN;
+ else if (!strcmp (*args, "-verify"))
+ operation = SMIME_VERIFY;
+ else if (!strcmp(*args,"-verify_receipt"))
+ {
+ operation = SMIME_VERIFY_RECEIPT;
+ if (!args[1])
+ goto argerr;
+ args++;
+ rctfile = *args;
+ }
+ else if (!strcmp (*args, "-cmsout"))
+ operation = SMIME_CMSOUT;
+ else if (!strcmp (*args, "-data_out"))
+ operation = SMIME_DATAOUT;
+ else if (!strcmp (*args, "-data_create"))
+ operation = SMIME_DATA_CREATE;
+ else if (!strcmp (*args, "-digest_verify"))
+ operation = SMIME_DIGEST_VERIFY;
+ else if (!strcmp (*args, "-digest_create"))
+ operation = SMIME_DIGEST_CREATE;
+ else if (!strcmp (*args, "-compress"))
+ operation = SMIME_COMPRESS;
+ else if (!strcmp (*args, "-uncompress"))
+ operation = SMIME_UNCOMPRESS;
+ else if (!strcmp (*args, "-EncryptedData_decrypt"))
+ operation = SMIME_ENCRYPTED_DECRYPT;
+ else if (!strcmp (*args, "-EncryptedData_encrypt"))
+ operation = SMIME_ENCRYPTED_ENCRYPT;
+#ifndef OPENSSL_NO_DES
+ else if (!strcmp (*args, "-des3"))
+ cipher = EVP_des_ede3_cbc();
+ else if (!strcmp (*args, "-des"))
+ cipher = EVP_des_cbc();
+#endif
+#ifndef OPENSSL_NO_SEED
+ else if (!strcmp (*args, "-seed"))
+ cipher = EVP_seed_cbc();
+#endif
+#ifndef OPENSSL_NO_RC2
+ else if (!strcmp (*args, "-rc2-40"))
+ cipher = EVP_rc2_40_cbc();
+ else if (!strcmp (*args, "-rc2-128"))
+ cipher = EVP_rc2_cbc();
+ else if (!strcmp (*args, "-rc2-64"))
+ cipher = EVP_rc2_64_cbc();
+#endif
+#ifndef OPENSSL_NO_AES
+ else if (!strcmp(*args,"-aes128"))
+ cipher = EVP_aes_128_cbc();
+ else if (!strcmp(*args,"-aes192"))
+ cipher = EVP_aes_192_cbc();
+ else if (!strcmp(*args,"-aes256"))
+ cipher = EVP_aes_256_cbc();
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ else if (!strcmp(*args,"-camellia128"))
+ cipher = EVP_camellia_128_cbc();
+ else if (!strcmp(*args,"-camellia192"))
+ cipher = EVP_camellia_192_cbc();
+ else if (!strcmp(*args,"-camellia256"))
+ cipher = EVP_camellia_256_cbc();
+#endif
+ else if (!strcmp (*args, "-text"))
+ flags |= CMS_TEXT;
+ else if (!strcmp (*args, "-nointern"))
+ flags |= CMS_NOINTERN;
+ else if (!strcmp (*args, "-noverify")
+ || !strcmp (*args, "-no_signer_cert_verify"))
+ flags |= CMS_NO_SIGNER_CERT_VERIFY;
+ else if (!strcmp (*args, "-nocerts"))
+ flags |= CMS_NOCERTS;
+ else if (!strcmp (*args, "-noattr"))
+ flags |= CMS_NOATTR;
+ else if (!strcmp (*args, "-nodetach"))
+ flags &= ~CMS_DETACHED;
+ else if (!strcmp (*args, "-nosmimecap"))
+ flags |= CMS_NOSMIMECAP;
+ else if (!strcmp (*args, "-binary"))
+ flags |= CMS_BINARY;
+ else if (!strcmp (*args, "-keyid"))
+ flags |= CMS_USE_KEYID;
+ else if (!strcmp (*args, "-nosigs"))
+ flags |= CMS_NOSIGS;
+ else if (!strcmp (*args, "-no_content_verify"))
+ flags |= CMS_NO_CONTENT_VERIFY;
+ else if (!strcmp (*args, "-no_attr_verify"))
+ flags |= CMS_NO_ATTR_VERIFY;
+ else if (!strcmp (*args, "-stream"))
+ {
+ args++;
+ continue;
+ }
+ else if (!strcmp (*args, "-indef"))
+ {
+ args++;
+ continue;
+ }
+ else if (!strcmp (*args, "-noindef"))
+ flags &= ~CMS_STREAM;
+ else if (!strcmp (*args, "-nooldmime"))
+ flags |= CMS_NOOLDMIMETYPE;
+ else if (!strcmp (*args, "-crlfeol"))
+ flags |= CMS_CRLFEOL;
+ else if (!strcmp (*args, "-receipt_request_print"))
+ rr_print = 1;
+ else if (!strcmp (*args, "-receipt_request_all"))
+ rr_allorfirst = 0;
+ else if (!strcmp (*args, "-receipt_request_first"))
+ rr_allorfirst = 1;
+ else if (!strcmp(*args,"-receipt_request_from"))
+ {
+ if (!args[1])
+ goto argerr;
+ args++;
+ if (!rr_from)
+ rr_from = sk_new_null();
+ sk_push(rr_from, *args);
+ }
+ else if (!strcmp(*args,"-receipt_request_to"))
+ {
+ if (!args[1])
+ goto argerr;
+ args++;
+ if (!rr_to)
+ rr_to = sk_new_null();
+ sk_push(rr_to, *args);
+ }
+ else if (!strcmp(*args,"-secretkey"))
+ {
+ long ltmp;
+ if (!args[1])
+ goto argerr;
+ args++;
+ secret_key = string_to_hex(*args, &ltmp);
+ if (!secret_key)
+ {
+ BIO_printf(bio_err, "Invalid key %s\n", *args);
+ goto argerr;
+ }
+ secret_keylen = (size_t)ltmp;
+ }
+ else if (!strcmp(*args,"-secretkeyid"))
+ {
+ long ltmp;
+ if (!args[1])
+ goto argerr;
+ args++;
+ secret_keyid = string_to_hex(*args, &ltmp);
+ if (!secret_keyid)
+ {
+ BIO_printf(bio_err, "Invalid id %s\n", *args);
+ goto argerr;
+ }
+ secret_keyidlen = (size_t)ltmp;
+ }
+ else if (!strcmp(*args,"-econtent_type"))
+ {
+ if (!args[1])
+ goto argerr;
+ args++;
+ econtent_type = OBJ_txt2obj(*args, 0);
+ if (!econtent_type)
+ {
+ BIO_printf(bio_err, "Invalid OID %s\n", *args);
+ goto argerr;
+ }
+ }
+ else if (!strcmp(*args,"-rand"))
+ {
+ if (!args[1])
+ goto argerr;
+ args++;
+ inrand = *args;
+ need_rand = 1;
+ }
+#ifndef OPENSSL_NO_ENGINE
+ else if (!strcmp(*args,"-engine"))
+ {
+ if (!args[1])
+ goto argerr;
+ engine = *++args;
+ }
+#endif
+ else if (!strcmp(*args,"-passin"))
+ {
+ if (!args[1])
+ goto argerr;
+ passargin = *++args;
+ }
+ else if (!strcmp (*args, "-to"))
+ {
+ if (!args[1])
+ goto argerr;
+ to = *++args;
+ }
+ else if (!strcmp (*args, "-from"))
+ {
+ if (!args[1])
+ goto argerr;
+ from = *++args;
+ }
+ else if (!strcmp (*args, "-subject"))
+ {
+ if (!args[1])
+ goto argerr;
+ subject = *++args;
+ }
+ else if (!strcmp (*args, "-signer"))
+ {
+ if (!args[1])
+ goto argerr;
+ /* If previous -signer argument add signer to list */
+
+ if (signerfile)
+ {
+ if (!sksigners)
+ sksigners = sk_new_null();
+ sk_push(sksigners, signerfile);
+ if (!keyfile)
+ keyfile = signerfile;
+ if (!skkeys)
+ skkeys = sk_new_null();
+ sk_push(skkeys, keyfile);
+ keyfile = NULL;
+ }
+ signerfile = *++args;
+ }
+ else if (!strcmp (*args, "-recip"))
+ {
+ if (!args[1])
+ goto argerr;
+ recipfile = *++args;
+ }
+ else if (!strcmp (*args, "-certsout"))
+ {
+ if (!args[1])
+ goto argerr;
+ certsoutfile = *++args;
+ }
+ else if (!strcmp (*args, "-md"))
+ {
+ if (!args[1])
+ goto argerr;
+ sign_md = EVP_get_digestbyname(*++args);
+ if (sign_md == NULL)
+ {
+ BIO_printf(bio_err, "Unknown digest %s\n",
+ *args);
+ goto argerr;
+ }
+ }
+ else if (!strcmp (*args, "-inkey"))
+ {
+ if (!args[1])
+ goto argerr;
+ /* If previous -inkey arument add signer to list */
+ if (keyfile)
+ {
+ if (!signerfile)
+ {
+ BIO_puts(bio_err, "Illegal -inkey without -signer\n");
+ goto argerr;
+ }
+ if (!sksigners)
+ sksigners = sk_new_null();
+ sk_push(sksigners, signerfile);
+ signerfile = NULL;
+ if (!skkeys)
+ skkeys = sk_new_null();
+ sk_push(skkeys, keyfile);
+ }
+ keyfile = *++args;
+ }
+ else if (!strcmp (*args, "-keyform"))
+ {
+ if (!args[1])
+ goto argerr;
+ keyform = str2fmt(*++args);
+ }
+ else if (!strcmp (*args, "-rctform"))
+ {
+ if (!args[1])
+ goto argerr;
+ rctformat = str2fmt(*++args);
+ }
+ else if (!strcmp (*args, "-certfile"))
+ {
+ if (!args[1])
+ goto argerr;
+ certfile = *++args;
+ }
+ else if (!strcmp (*args, "-CAfile"))
+ {
+ if (!args[1])
+ goto argerr;
+ CAfile = *++args;
+ }
+ else if (!strcmp (*args, "-CApath"))
+ {
+ if (!args[1])
+ goto argerr;
+ CApath = *++args;
+ }
+ else if (!strcmp (*args, "-in"))
+ {
+ if (!args[1])
+ goto argerr;
+ infile = *++args;
+ }
+ else if (!strcmp (*args, "-inform"))
+ {
+ if (!args[1])
+ goto argerr;
+ informat = str2fmt(*++args);
+ }
+ else if (!strcmp (*args, "-outform"))
+ {
+ if (!args[1])
+ goto argerr;
+ outformat = str2fmt(*++args);
+ }
+ else if (!strcmp (*args, "-out"))
+ {
+ if (!args[1])
+ goto argerr;
+ outfile = *++args;
+ }
+ else if (!strcmp (*args, "-content"))
+ {
+ if (!args[1])
+ goto argerr;
+ contfile = *++args;
+ }
+ else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
+ continue;
+ else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL)
+ badarg = 1;
+ args++;
+ }
+
+ if (((rr_allorfirst != -1) || rr_from) && !rr_to)
+ {
+ BIO_puts(bio_err, "No Signed Receipts Recipients\n");
+ goto argerr;
+ }
+
+ if (!(operation & SMIME_SIGNERS) && (rr_to || rr_from))
+ {
+ BIO_puts(bio_err, "Signed receipts only allowed with -sign\n");
+ goto argerr;
+ }
+ if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners))
+ {
+ BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
+ goto argerr;
+ }
+
+ if (operation & SMIME_SIGNERS)
+ {
+ if (keyfile && !signerfile)
+ {
+ BIO_puts(bio_err, "Illegal -inkey without -signer\n");
+ goto argerr;
+ }
+ /* Check to see if any final signer needs to be appended */
+ if (signerfile)
+ {
+ if (!sksigners)
+ sksigners = sk_new_null();
+ sk_push(sksigners, signerfile);
+ if (!skkeys)
+ skkeys = sk_new_null();
+ if (!keyfile)
+ keyfile = signerfile;
+ sk_push(skkeys, keyfile);
+ }
+ if (!sksigners)
+ {
+ BIO_printf(bio_err, "No signer certificate specified\n");
+ badarg = 1;
+ }
+ signerfile = NULL;
+ keyfile = NULL;
+ need_rand = 1;
+ }
+
+ else if (operation == SMIME_DECRYPT)
+ {
+ if (!recipfile && !keyfile && !secret_key)
+ {
+ BIO_printf(bio_err, "No recipient certificate or key specified\n");
+ badarg = 1;
+ }
+ }
+ else if (operation == SMIME_ENCRYPT)
+ {
+ if (!*args && !secret_key)
+ {
+ BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
+ badarg = 1;
+ }
+ need_rand = 1;
+ }
+ else if (!operation)
+ badarg = 1;
+
+ if (badarg)
+ {
+ argerr:
+ BIO_printf (bio_err, "Usage cms [options] cert.pem ...\n");
+ BIO_printf (bio_err, "where options are\n");
+ BIO_printf (bio_err, "-encrypt encrypt message\n");
+ BIO_printf (bio_err, "-decrypt decrypt encrypted message\n");
+ BIO_printf (bio_err, "-sign sign message\n");
+ BIO_printf (bio_err, "-verify verify signed message\n");
+ BIO_printf (bio_err, "-cmsout output CMS structure\n");
+#ifndef OPENSSL_NO_DES
+ BIO_printf (bio_err, "-des3 encrypt with triple DES\n");
+ BIO_printf (bio_err, "-des encrypt with DES\n");
+#endif
+#ifndef OPENSSL_NO_SEED
+ BIO_printf (bio_err, "-seed encrypt with SEED\n");
+#endif
+#ifndef OPENSSL_NO_RC2
+ BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40 (default)\n");
+ BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n");
+ BIO_printf (bio_err, "-rc2-128 encrypt with RC2-128\n");
+#endif
+#ifndef OPENSSL_NO_AES
+ BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
+ BIO_printf (bio_err, " encrypt PEM output with cbc aes\n");
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
+ BIO_printf (bio_err, " encrypt PEM output with cbc camellia\n");
+#endif
+ BIO_printf (bio_err, "-nointern don't search certificates in message for signer\n");
+ BIO_printf (bio_err, "-nosigs don't verify message signature\n");
+ BIO_printf (bio_err, "-noverify don't verify signers certificate\n");
+ BIO_printf (bio_err, "-nocerts don't include signers certificate when signing\n");
+ BIO_printf (bio_err, "-nodetach use opaque signing\n");
+ BIO_printf (bio_err, "-noattr don't include any signed attributes\n");
+ BIO_printf (bio_err, "-binary don't translate message to text\n");
+ BIO_printf (bio_err, "-certfile file other certificates file\n");
+ BIO_printf (bio_err, "-certsout file certificate output file\n");
+ BIO_printf (bio_err, "-signer file signer certificate file\n");
+ BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n");
+ BIO_printf (bio_err, "-skeyid use subject key identifier\n");
+ BIO_printf (bio_err, "-in file input file\n");
+ BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n");
+ BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n");
+ BIO_printf (bio_err, "-keyform arg input private key format (PEM or ENGINE)\n");
+ BIO_printf (bio_err, "-out file output file\n");
+ BIO_printf (bio_err, "-outform arg output format SMIME (default), PEM or DER\n");
+ BIO_printf (bio_err, "-content file supply or override content for detached signature\n");
+ BIO_printf (bio_err, "-to addr to address\n");
+ BIO_printf (bio_err, "-from ad from address\n");
+ BIO_printf (bio_err, "-subject s subject\n");
+ BIO_printf (bio_err, "-text include or delete text MIME headers\n");
+ BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
+ BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
+ BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
+ BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n");
+#endif
+ BIO_printf (bio_err, "-passin arg input file pass phrase source\n");
+ BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+ BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
+ BIO_printf(bio_err, " the random number generator\n");
+ BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n");
+ goto end;
+ }
+
+#ifndef OPENSSL_NO_ENGINE
+ e = setup_engine(bio_err, engine, 0);
+#endif
+
+ if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))
+ {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
+
+ if (need_rand)
+ {
+ app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+ if (inrand != NULL)
+ BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
+ }
+
+ ret = 2;
+
+ if (!(operation & SMIME_SIGNERS))
+ flags &= ~CMS_DETACHED;
+
+ if (operation & SMIME_OP)
+ {
+ if (outformat == FORMAT_ASN1)
+ outmode = "wb";
+ }
+ else
+ {
+ if (flags & CMS_BINARY)
+ outmode = "wb";
+ }
+
+ if (operation & SMIME_IP)
+ {
+ if (informat == FORMAT_ASN1)
+ inmode = "rb";
+ }
+ else
+ {
+ if (flags & CMS_BINARY)
+ inmode = "rb";
+ }
+
+ if (operation == SMIME_ENCRYPT)
+ {
+ if (!cipher)
+ {
+#ifndef OPENSSL_NO_DES
+ cipher = EVP_des_ede3_cbc();
+#else
+ BIO_printf(bio_err, "No cipher selected\n");
+ goto end;
+#endif
+ }
+
+ if (secret_key && !secret_keyid)
+ {
+ BIO_printf(bio_err, "No sectre key id\n");
+ goto end;
+ }
+
+ if (*args)
+ encerts = sk_X509_new_null();
+ while (*args)
+ {
+ if (!(cert = load_cert(bio_err,*args,FORMAT_PEM,
+ NULL, e, "recipient certificate file")))
+ goto end;
+ sk_X509_push(encerts, cert);
+ cert = NULL;
+ args++;
+ }
+ }
+
+ if (certfile)
+ {
+ if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL,
+ e, "certificate file")))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if (recipfile && (operation == SMIME_DECRYPT))
+ {
+ if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL,
+ e, "recipient certificate file")))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if (operation == SMIME_SIGN_RECEIPT)
+ {
+ if (!(signer = load_cert(bio_err,signerfile,FORMAT_PEM,NULL,
+ e, "receipt signer certificate file")))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if (operation == SMIME_DECRYPT)
+ {
+ if (!keyfile)
+ keyfile = recipfile;
+ }
+ else if ((operation == SMIME_SIGN) || (operation == SMIME_SIGN_RECEIPT))
+ {
+ if (!keyfile)
+ keyfile = signerfile;
+ }
+ else keyfile = NULL;
+
+ if (keyfile)
+ {
+ key = load_key(bio_err, keyfile, keyform, 0, passin, e,
+ "signing key file");
+ if (!key)
+ goto end;
+ }
+
+ if (infile)
+ {
+ if (!(in = BIO_new_file(infile, inmode)))
+ {
+ BIO_printf (bio_err,
+ "Can't open input file %s\n", infile);
+ goto end;
+ }
+ }
+ else
+ in = BIO_new_fp(stdin, BIO_NOCLOSE);
+
+ if (operation & SMIME_IP)
+ {
+ if (informat == FORMAT_SMIME)
+ cms = SMIME_read_CMS(in, &indata);
+ else if (informat == FORMAT_PEM)
+ cms = PEM_read_bio_CMS(in, NULL, NULL, NULL);
+ else if (informat == FORMAT_ASN1)
+ cms = d2i_CMS_bio(in, NULL);
+ else
+ {
+ BIO_printf(bio_err, "Bad input format for CMS file\n");
+ goto end;
+ }
+
+ if (!cms)
+ {
+ BIO_printf(bio_err, "Error reading S/MIME message\n");
+ goto end;
+ }
+ if (contfile)
+ {
+ BIO_free(indata);
+ if (!(indata = BIO_new_file(contfile, "rb")))
+ {
+ BIO_printf(bio_err, "Can't read content file %s\n", contfile);
+ goto end;
+ }
+ }
+ if (certsoutfile)
+ {
+ STACK_OF(X509) *allcerts;
+ allcerts = CMS_get1_certs(cms);
+ if (!save_certs(certsoutfile, allcerts))
+ {
+ BIO_printf(bio_err,
+ "Error writing certs to %s\n",
+ certsoutfile);
+ ret = 5;
+ goto end;
+ }
+ sk_X509_pop_free(allcerts, X509_free);
+ }
+ }
+
+ if (rctfile)
+ {
+ char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r";
+ if (!(rctin = BIO_new_file(rctfile, rctmode)))
+ {
+ BIO_printf (bio_err,
+ "Can't open receipt file %s\n", rctfile);
+ goto end;
+ }
+
+ if (rctformat == FORMAT_SMIME)
+ rcms = SMIME_read_CMS(rctin, NULL);
+ else if (rctformat == FORMAT_PEM)
+ rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL);
+ else if (rctformat == FORMAT_ASN1)
+ rcms = d2i_CMS_bio(rctin, NULL);
+ else
+ {
+ BIO_printf(bio_err, "Bad input format for receipt\n");
+ goto end;
+ }
+
+ if (!rcms)
+ {
+ BIO_printf(bio_err, "Error reading receipt\n");
+ goto end;
+ }
+ }
+
+ if (outfile)
+ {
+ if (!(out = BIO_new_file(outfile, outmode)))
+ {
+ BIO_printf (bio_err,
+ "Can't open output file %s\n", outfile);
+ goto end;
+ }
+ }
+ else
+ {
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
+
+ if ((operation == SMIME_VERIFY) || (operation == SMIME_VERIFY_RECEIPT))
+ {
+ if (!(store = setup_verify(bio_err, CAfile, CApath)))
+ goto end;
+ X509_STORE_set_verify_cb_func(store, cms_cb);
+ if (vpm)
+ X509_STORE_set1_param(store, vpm);
+ }
+
+
+ ret = 3;
+
+ if (operation == SMIME_DATA_CREATE)
+ {
+ cms = CMS_data_create(in, flags);
+ }
+ else if (operation == SMIME_DIGEST_CREATE)
+ {
+ cms = CMS_digest_create(in, sign_md, flags);
+ }
+ else if (operation == SMIME_COMPRESS)
+ {
+ cms = CMS_compress(in, -1, flags);
+ }
+ else if (operation == SMIME_ENCRYPT)
+ {
+ flags |= CMS_PARTIAL;
+ cms = CMS_encrypt(encerts, in, cipher, flags);
+ if (!cms)
+ goto end;
+ if (secret_key)
+ {
+ if (!CMS_add0_recipient_key(cms, NID_undef,
+ secret_key, secret_keylen,
+ secret_keyid, secret_keyidlen,
+ NULL, NULL, NULL))
+ goto end;
+ /* NULL these because call absorbs them */
+ secret_key = NULL;
+ secret_keyid = NULL;
+ }
+ if (!(flags & CMS_STREAM))
+ {
+ if (!CMS_final(cms, in, NULL, flags))
+ goto end;
+ }
+ }
+ else if (operation == SMIME_ENCRYPTED_ENCRYPT)
+ {
+ cms = CMS_EncryptedData_encrypt(in, cipher,
+ secret_key, secret_keylen,
+ flags);
+
+ }
+ else if (operation == SMIME_SIGN_RECEIPT)
+ {
+ CMS_ContentInfo *srcms = NULL;
+ STACK_OF(CMS_SignerInfo) *sis;
+ CMS_SignerInfo *si;
+ sis = CMS_get0_SignerInfos(cms);
+ if (!sis)
+ goto end;
+ si = sk_CMS_SignerInfo_value(sis, 0);
+ srcms = CMS_sign_receipt(si, signer, key, other, flags);
+ if (!srcms)
+ goto end;
+ CMS_ContentInfo_free(cms);
+ cms = srcms;
+ }
+ else if (operation & SMIME_SIGNERS)
+ {
+ int i;
+ /* If detached data content we enable streaming if
+ * S/MIME output format.
+ */
+ if (operation == SMIME_SIGN)
+ {
+
+ if (flags & CMS_DETACHED)
+ {
+ if (outformat == FORMAT_SMIME)
+ flags |= CMS_STREAM;
+ }
+ flags |= CMS_PARTIAL;
+ cms = CMS_sign(NULL, NULL, other, in, flags);
+ if (!cms)
+ goto end;
+ if (econtent_type)
+ CMS_set1_eContentType(cms, econtent_type);
+
+ if (rr_to)
+ {
+ rr = make_receipt_request(rr_to, rr_allorfirst,
+ rr_from);
+ if (!rr)
+ {
+ BIO_puts(bio_err,
+ "Signed Receipt Request Creation Error\n");
+ goto end;
+ }
+ }
+ }
+ else
+ flags |= CMS_REUSE_DIGEST;
+ for (i = 0; i < sk_num(sksigners); i++)
+ {
+ CMS_SignerInfo *si;
+ signerfile = sk_value(sksigners, i);
+ keyfile = sk_value(skkeys, i);
+ signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL,
+ e, "signer certificate");
+ if (!signer)
+ goto end;
+ key = load_key(bio_err, keyfile, keyform, 0, passin, e,
+ "signing key file");
+ if (!key)
+ goto end;
+ si = CMS_add1_signer(cms, signer, key, sign_md, flags);
+ if (!si)
+ goto end;
+ if (rr && !CMS_add1_ReceiptRequest(si, rr))
+ goto end;
+ X509_free(signer);
+ signer = NULL;
+ EVP_PKEY_free(key);
+ key = NULL;
+ }
+ /* If not streaming or resigning finalize structure */
+ if ((operation == SMIME_SIGN) && !(flags & CMS_STREAM))
+ {
+ if (!CMS_final(cms, in, NULL, flags))
+ goto end;
+ }
+ }
+
+ if (!cms)
+ {
+ BIO_printf(bio_err, "Error creating CMS structure\n");
+ goto end;
+ }
+
+ ret = 4;
+ if (operation == SMIME_DECRYPT)
+ {
+
+ if (secret_key)
+ {
+ if (!CMS_decrypt_set1_key(cms,
+ secret_key, secret_keylen,
+ secret_keyid, secret_keyidlen))
+ {
+ BIO_puts(bio_err,
+ "Error decrypting CMS using secret key\n");
+ goto end;
+ }
+ }
+
+ if (key)
+ {
+ if (!CMS_decrypt_set1_pkey(cms, key, recip))
+ {
+ BIO_puts(bio_err,
+ "Error decrypting CMS using private key\n");
+ goto end;
+ }
+ }
+
+ if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags))
+ {
+ BIO_printf(bio_err, "Error decrypting CMS structure\n");
+ goto end;
+ }
+ }
+ else if (operation == SMIME_DATAOUT)
+ {
+ if (!CMS_data(cms, out, flags))
+ goto end;
+ }
+ else if (operation == SMIME_UNCOMPRESS)
+ {
+ if (!CMS_uncompress(cms, indata, out, flags))
+ goto end;
+ }
+ else if (operation == SMIME_DIGEST_VERIFY)
+ {
+ if (CMS_digest_verify(cms, indata, out, flags) > 0)
+ BIO_printf(bio_err, "Verification successful\n");
+ else
+ {
+ BIO_printf(bio_err, "Verification failure\n");
+ goto end;
+ }
+ }
+ else if (operation == SMIME_ENCRYPTED_DECRYPT)
+ {
+ if (!CMS_EncryptedData_decrypt(cms, secret_key, secret_keylen,
+ indata, out, flags))
+ goto end;
+ }
+ else if (operation == SMIME_VERIFY)
+ {
+ if (CMS_verify(cms, other, store, indata, out, flags) > 0)
+ BIO_printf(bio_err, "Verification successful\n");
+ else
+ {
+ BIO_printf(bio_err, "Verification failure\n");
+ goto end;
+ }
+ if (signerfile)
+ {
+ STACK_OF(X509) *signers;
+ signers = CMS_get0_signers(cms);
+ if (!save_certs(signerfile, signers))
+ {
+ BIO_printf(bio_err,
+ "Error writing signers to %s\n",
+ signerfile);
+ ret = 5;
+ goto end;
+ }
+ sk_X509_free(signers);
+ }
+ if (rr_print)
+ receipt_request_print(bio_err, cms);
+
+ }
+ else if (operation == SMIME_VERIFY_RECEIPT)
+ {
+ if (CMS_verify_receipt(rcms, cms, other, store, flags) > 0)
+ BIO_printf(bio_err, "Verification successful\n");
+ else
+ {
+ BIO_printf(bio_err, "Verification failure\n");
+ goto end;
+ }
+ }
+ else
+ {
+ if (outformat == FORMAT_SMIME)
+ {
+ if (to)
+ BIO_printf(out, "To: %s\n", to);
+ if (from)
+ BIO_printf(out, "From: %s\n", from);
+ if (subject)
+ BIO_printf(out, "Subject: %s\n", subject);
+ if (operation == SMIME_RESIGN)
+ ret = SMIME_write_CMS(out, cms, indata, flags);
+ else
+ ret = SMIME_write_CMS(out, cms, in, flags);
+ }
+ else if (outformat == FORMAT_PEM)
+ ret = PEM_write_bio_CMS(out, cms);
+ else if (outformat == FORMAT_ASN1)
+ ret = i2d_CMS_bio(out,cms);
+ else
+ {
+ BIO_printf(bio_err, "Bad output format for CMS file\n");
+ goto end;
+ }
+ if (ret <= 0)
+ {
+ ret = 6;
+ goto end;
+ }
+ }
+ ret = 0;
+end:
+ if (ret)
+ ERR_print_errors(bio_err);
+ if (need_rand)
+ app_RAND_write_file(NULL, bio_err);
+ sk_X509_pop_free(encerts, X509_free);
+ sk_X509_pop_free(other, X509_free);
+ if (vpm)
+ X509_VERIFY_PARAM_free(vpm);
+ if (sksigners)
+ sk_free(sksigners);
+ if (skkeys)
+ sk_free(skkeys);
+ if (secret_key)
+ OPENSSL_free(secret_key);
+ if (secret_keyid)
+ OPENSSL_free(secret_keyid);
+ if (econtent_type)
+ ASN1_OBJECT_free(econtent_type);
+ if (rr)
+ CMS_ReceiptRequest_free(rr);
+ if (rr_to)
+ sk_free(rr_to);
+ if (rr_from)
+ sk_free(rr_from);
+ X509_STORE_free(store);
+ X509_free(cert);
+ X509_free(recip);
+ X509_free(signer);
+ EVP_PKEY_free(key);
+ CMS_ContentInfo_free(cms);
+ CMS_ContentInfo_free(rcms);
+ BIO_free(rctin);
+ BIO_free(in);
+ BIO_free(indata);
+ BIO_free_all(out);
+ if (passin) OPENSSL_free(passin);
+ return (ret);
+}
+
+static int save_certs(char *signerfile, STACK_OF(X509) *signers)
+ {
+ int i;
+ BIO *tmp;
+ if (!signerfile)
+ return 1;
+ tmp = BIO_new_file(signerfile, "w");
+ if (!tmp) return 0;
+ for(i = 0; i < sk_X509_num(signers); i++)
+ PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
+ BIO_free(tmp);
+ return 1;
+ }
+
+
+/* Minimal callback just to output policy info (if any) */
+
+static int cms_cb(int ok, X509_STORE_CTX *ctx)
+ {
+ int error;
+
+ error = X509_STORE_CTX_get_error(ctx);
+
+ if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)
+ && ((error != X509_V_OK) || (ok != 2)))
+ return ok;
+
+ policies_print(NULL, ctx);
+
+ return ok;
+
+ }
+
+static void gnames_stack_print(BIO *out, STACK_OF(GENERAL_NAMES) *gns)
+ {
+ STACK_OF(GENERAL_NAME) *gens;
+ GENERAL_NAME *gen;
+ int i, j;
+ for (i = 0; i < sk_GENERAL_NAMES_num(gns); i++)
+ {
+ gens = sk_GENERAL_NAMES_value(gns, i);
+ for (j = 0; j < sk_GENERAL_NAME_num(gens); j++)
+ {
+ gen = sk_GENERAL_NAME_value(gens, j);
+ BIO_puts(out, " ");
+ GENERAL_NAME_print(out, gen);
+ BIO_puts(out, "\n");
+ }
+ }
+ return;
+ }
+
+static void receipt_request_print(BIO *out, CMS_ContentInfo *cms)
+ {
+ STACK_OF(CMS_SignerInfo) *sis;
+ CMS_SignerInfo *si;
+ CMS_ReceiptRequest *rr;
+ int allorfirst;
+ STACK_OF(GENERAL_NAMES) *rto, *rlist;
+ ASN1_STRING *scid;
+ int i, rv;
+ sis = CMS_get0_SignerInfos(cms);
+ for (i = 0; i < sk_CMS_SignerInfo_num(sis); i++)
+ {
+ si = sk_CMS_SignerInfo_value(sis, i);
+ rv = CMS_get1_ReceiptRequest(si, &rr);
+ BIO_printf(bio_err, "Signer %d:\n", i + 1);
+ if (rv == 0)
+ BIO_puts(bio_err, " No Receipt Request\n");
+ else if (rv < 0)
+ {
+ BIO_puts(bio_err, " Receipt Request Parse Error\n");
+ ERR_print_errors(bio_err);
+ }
+ else
+ {
+ char *id;
+ int idlen;
+ CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst,
+ &rlist, &rto);
+ BIO_puts(out, " Signed Content ID:\n");
+ idlen = ASN1_STRING_length(scid);
+ id = (char *)ASN1_STRING_data(scid);
+ BIO_dump_indent(out, id, idlen, 4);
+ BIO_puts(out, " Receipts From");
+ if (rlist)
+ {
+ BIO_puts(out, " List:\n");
+ gnames_stack_print(out, rlist);
+ }
+ else if (allorfirst == 1)
+ BIO_puts(out, ": First Tier\n");
+ else if (allorfirst == 0)
+ BIO_puts(out, ": All\n");
+ else
+ BIO_printf(out, " Unknown (%d)\n", allorfirst);
+ BIO_puts(out, " Receipts To:\n");
+ gnames_stack_print(out, rto);
+ }
+ if (rr)
+ CMS_ReceiptRequest_free(rr);
+ }
+ }
+
+static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK *ns)
+ {
+ int i;
+ STACK_OF(GENERAL_NAMES) *ret;
+ GENERAL_NAMES *gens = NULL;
+ GENERAL_NAME *gen = NULL;
+ ret = sk_GENERAL_NAMES_new_null();
+ if (!ret)
+ goto err;
+ for (i = 0; i < sk_num(ns); i++)
+ {
+ CONF_VALUE cnf;
+ cnf.name = "email";
+ cnf.value = sk_value(ns, i);
+ gen = v2i_GENERAL_NAME(NULL, NULL, &cnf);
+ if (!gen)
+ goto err;
+ gens = GENERAL_NAMES_new();
+ if (!gens)
+ goto err;
+ if (!sk_GENERAL_NAME_push(gens, gen))
+ goto err;
+ gen = NULL;
+ if (!sk_GENERAL_NAMES_push(ret, gens))
+ goto err;
+ gens = NULL;
+ }
+
+ return ret;
+
+ err:
+ if (ret)
+ sk_GENERAL_NAMES_pop_free(ret, GENERAL_NAMES_free);
+ if (gens)
+ GENERAL_NAMES_free(gens);
+ if (gen)
+ GENERAL_NAME_free(gen);
+ return NULL;
+ }
+
+
+static CMS_ReceiptRequest *make_receipt_request(STACK *rr_to, int rr_allorfirst,
+ STACK *rr_from)
+ {
+ STACK_OF(GENERAL_NAMES) *rct_to, *rct_from;
+ CMS_ReceiptRequest *rr;
+ rct_to = make_names_stack(rr_to);
+ if (!rct_to)
+ goto err;
+ if (rr_from)
+ {
+ rct_from = make_names_stack(rr_from);
+ if (!rct_from)
+ goto err;
+ }
+ else
+ rct_from = NULL;
+ rr = CMS_ReceiptRequest_create0(NULL, -1, rr_allorfirst, rct_from,
+ rct_to);
+ return rr;
+ err:
+ return NULL;
+ }
+
+#endif
diff --git a/apps/dgst.c b/apps/dgst.c
index 09d093451938..c5ecf93d1b0e 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -190,6 +190,8 @@ int MAIN(int argc, char **argv)
out_bin = 1;
else if (strcmp(*argv,"-d") == 0)
debug=1;
+ else if (!strcmp(*argv,"-fips-fingerprint"))
+ hmac_key = "etaonrishdlcupfm";
else if (!strcmp(*argv,"-hmac"))
{
if (--argc < 1)
@@ -227,33 +229,38 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err,"-keyform arg key file format (PEM or ENGINE)\n");
BIO_printf(bio_err,"-signature file signature to verify\n");
BIO_printf(bio_err,"-binary output in binary form\n");
+ BIO_printf(bio_err,"-hmac key create hashed MAC with key\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n");
#endif
- BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n",
+ BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm (default)\n",
LN_md5,LN_md5);
- BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
+ BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
LN_md4,LN_md4);
- BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
+ BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
LN_md2,LN_md2);
#ifndef OPENSSL_NO_SHA
- BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
+ BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
LN_sha1,LN_sha1);
- BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
+ BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
LN_sha,LN_sha);
#ifndef OPENSSL_NO_SHA256
- BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
+ BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
+ LN_sha224,LN_sha224);
+ BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
LN_sha256,LN_sha256);
#endif
#ifndef OPENSSL_NO_SHA512
- BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
+ BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
+ LN_sha384,LN_sha384);
+ BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
LN_sha512,LN_sha512);
#endif
#endif
- BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
+ BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
LN_mdc2,LN_mdc2);
- BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
+ BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
LN_ripemd160,LN_ripemd160);
err=1;
goto end;
diff --git a/apps/dsa.c b/apps/dsa.c
index d503031ec385..7518a2fe964a 100644
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -87,6 +87,7 @@
* -camellia128 - encrypt output if PEM format
* -camellia192 - encrypt output if PEM format
* -camellia256 - encrypt output if PEM format
+ * -seed - encrypt output if PEM format
* -text - print a text version
* -modulus - print the DSA public key
*/
@@ -219,6 +220,9 @@ bad:
BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
BIO_printf(bio_err," encrypt PEM output with cbc camellia\n");
#endif
+#ifndef OPENSSL_NO_SEED
+ BIO_printf(bio_err," -seed encrypt PEM output with cbc seed\n");
+#endif
BIO_printf(bio_err," -text print the key in text\n");
BIO_printf(bio_err," -noout don't print key out\n");
BIO_printf(bio_err," -modulus print the DSA public value\n");
@@ -236,37 +240,27 @@ bad:
goto end;
}
- in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
- if ((in == NULL) || (out == NULL))
+ if (out == NULL)
{
ERR_print_errors(bio_err);
goto end;
}
- if (infile == NULL)
- BIO_set_fp(in,stdin,BIO_NOCLOSE);
- else
- {
- if (BIO_read_filename(in,infile) <= 0)
- {
- perror(infile);
- goto end;
- }
- }
-
BIO_printf(bio_err,"read DSA key\n");
- if (informat == FORMAT_ASN1) {
- if(pubin) dsa=d2i_DSA_PUBKEY_bio(in,NULL);
- else dsa=d2i_DSAPrivateKey_bio(in,NULL);
- } else if (informat == FORMAT_PEM) {
- if(pubin) dsa=PEM_read_bio_DSA_PUBKEY(in,NULL, NULL, NULL);
- else dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL,passin);
- } else
- {
- BIO_printf(bio_err,"bad input format specified for key\n");
- goto end;
- }
+ {
+ EVP_PKEY *pkey;
+ if (pubin)
+ pkey = load_pubkey(bio_err, infile, informat, 1,
+ passin, e, "Public Key");
+ else
+ pkey = load_key(bio_err, infile, informat, 1,
+ passin, e, "Private Key");
+
+ if (pkey != NULL)
+ dsa = pkey == NULL ? NULL : EVP_PKEY_get1_DSA(pkey);
+ EVP_PKEY_free(pkey);
+ }
if (dsa == NULL)
{
BIO_printf(bio_err,"unable to load Key\n");
diff --git a/apps/ec.c b/apps/ec.c
index c63437fe2acd..771e15f3577c 100644
--- a/apps/ec.c
+++ b/apps/ec.c
@@ -244,7 +244,7 @@ bad:
" the ec parameters are encoded\n");
BIO_printf(bio_err, " in the asn1 der "
"encoding\n");
- BIO_printf(bio_err, " possilbe values:"
+ BIO_printf(bio_err, " possible values:"
" named_curve (default)\n");
BIO_printf(bio_err," "
"explicit\n");
diff --git a/apps/gendsa.c b/apps/gendsa.c
index 936a42b810fc..8a296c66e570 100644
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -140,6 +140,10 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv,"-idea") == 0)
enc=EVP_idea_cbc();
#endif
+#ifndef OPENSSL_NO_SEED
+ else if (strcmp(*argv,"-seed") == 0)
+ enc=EVP_seed_cbc();
+#endif
#ifndef OPENSSL_NO_AES
else if (strcmp(*argv,"-aes128") == 0)
enc=EVP_aes_128_cbc();
@@ -178,6 +182,10 @@ bad:
#ifndef OPENSSL_NO_IDEA
BIO_printf(bio_err," -idea - encrypt the generated key with IDEA in cbc mode\n");
#endif
+#ifndef OPENSSL_NO_SEED
+ BIO_printf(bio_err," -seed\n");
+ BIO_printf(bio_err," encrypt PEM output with cbc seed\n");
+#endif
#ifndef OPENSSL_NO_AES
BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
BIO_printf(bio_err," encrypt PEM output with cbc aes\n");
diff --git a/apps/genrsa.c b/apps/genrsa.c
index d716a3cde353..1599bb7a69d6 100644
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -160,6 +160,10 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv,"-idea") == 0)
enc=EVP_idea_cbc();
#endif
+#ifndef OPENSSL_NO_SEED
+ else if (strcmp(*argv,"-seed") == 0)
+ enc=EVP_seed_cbc();
+#endif
#ifndef OPENSSL_NO_AES
else if (strcmp(*argv,"-aes128") == 0)
enc=EVP_aes_128_cbc();
@@ -195,6 +199,10 @@ bad:
#ifndef OPENSSL_NO_IDEA
BIO_printf(bio_err," -idea encrypt the generated key with IDEA in cbc mode\n");
#endif
+#ifndef OPENSSL_NO_SEED
+ BIO_printf(bio_err," -seed\n");
+ BIO_printf(bio_err," encrypt PEM output with cbc seed\n");
+#endif
#ifndef OPENSSL_NO_AES
BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
BIO_printf(bio_err," encrypt PEM output with cbc aes\n");
diff --git a/apps/ocsp.c b/apps/ocsp.c
index 3ee6dfb5ed33..1001f3b25ded 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -56,15 +56,14 @@
*
*/
#ifndef OPENSSL_NO_OCSP
-
+#define USE_SOCKETS
#include <stdio.h>
+#include <stdlib.h>
#include <string.h>
-#include "apps.h"
-#include <openssl/pem.h>
-#include <openssl/ocsp.h>
-#include <openssl/err.h>
+#include "apps.h" /* needs to be included before the openssl headers! */
+#include <openssl/e_os2.h>
#include <openssl/ssl.h>
-#include <openssl/bn.h>
+#include <openssl/err.h>
/* Maximum leeway in validity period: default 5 minutes */
#define MAX_VALIDITY_PERIOD (5 * 60)
@@ -86,6 +85,8 @@ static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
static BIO *init_responder(char *port);
static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port);
static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
+static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
+ OCSP_REQUEST *req, int req_timeout);
#undef PROG
#define PROG ocsp_main
@@ -112,11 +113,11 @@ int MAIN(int argc, char **argv)
BIO *acbio = NULL, *cbio = NULL;
BIO *derbio = NULL;
BIO *out = NULL;
+ int req_timeout = -1;
int req_text = 0, resp_text = 0;
long nsec = MAX_VALIDITY_PERIOD, maxage = -1;
char *CAfile = NULL, *CApath = NULL;
X509_STORE *store = NULL;
- SSL_CTX *ctx = NULL;
STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL;
char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL;
unsigned long sign_flags = 0, verify_flags = 0, rflags = 0;
@@ -154,6 +155,22 @@ int MAIN(int argc, char **argv)
}
else badarg = 1;
}
+ else if (!strcmp(*args, "-timeout"))
+ {
+ if (args[1])
+ {
+ args++;
+ req_timeout = atol(*args);
+ if (req_timeout < 0)
+ {
+ BIO_printf(bio_err,
+ "Illegal timeout value %s\n",
+ *args);
+ badarg = 1;
+ }
+ }
+ else badarg = 1;
+ }
else if (!strcmp(*args, "-url"))
{
if (args[1])
@@ -703,52 +720,14 @@ int MAIN(int argc, char **argv)
else if (host)
{
#ifndef OPENSSL_NO_SOCK
- cbio = BIO_new_connect(host);
+ resp = process_responder(bio_err, req, host, path,
+ port, use_ssl, req_timeout);
+ if (!resp)
+ goto end;
#else
BIO_printf(bio_err, "Error creating connect BIO - sockets not supported.\n");
goto end;
#endif
- if (!cbio)
- {
- BIO_printf(bio_err, "Error creating connect BIO\n");
- goto end;
- }
- if (port) BIO_set_conn_port(cbio, port);
- if (use_ssl == 1)
- {
- BIO *sbio;
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
- ctx = SSL_CTX_new(SSLv23_client_method());
-#elif !defined(OPENSSL_NO_SSL3)
- ctx = SSL_CTX_new(SSLv3_client_method());
-#elif !defined(OPENSSL_NO_SSL2)
- ctx = SSL_CTX_new(SSLv2_client_method());
-#else
- BIO_printf(bio_err, "SSL is disabled\n");
- goto end;
-#endif
- if (ctx == NULL)
- {
- BIO_printf(bio_err, "Error creating SSL context.\n");
- goto end;
- }
- SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
- sbio = BIO_new_ssl(ctx, 1);
- cbio = BIO_push(sbio, cbio);
- }
- if (BIO_do_connect(cbio) <= 0)
- {
- BIO_printf(bio_err, "Error connecting BIO\n");
- goto end;
- }
- resp = OCSP_sendreq_bio(cbio, path, req);
- BIO_free_all(cbio);
- cbio = NULL;
- if (!resp)
- {
- BIO_printf(bio_err, "Error querying OCSP responsder\n");
- goto end;
- }
}
else if (respin)
{
@@ -897,7 +876,6 @@ end:
OPENSSL_free(host);
OPENSSL_free(port);
OPENSSL_free(path);
- SSL_CTX_free(ctx);
}
OPENSSL_EXIT(ret);
@@ -1121,6 +1099,7 @@ static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser)
char *itmp, *row[DB_NUMBER],**rrow;
for (i = 0; i < DB_NUMBER; i++) row[i] = NULL;
bn = ASN1_INTEGER_to_BN(ser,NULL);
+ OPENSSL_assert(bn); /* FIXME: should report an error at this point and abort */
if (BN_is_zero(bn))
itmp = BUF_strdup("00");
else
@@ -1227,8 +1206,141 @@ static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
return 0;
BIO_printf(cbio, http_resp, i2d_OCSP_RESPONSE(resp, NULL));
i2d_OCSP_RESPONSE_bio(cbio, resp);
- BIO_flush(cbio);
+ (void)BIO_flush(cbio);
return 1;
}
+static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
+ OCSP_REQUEST *req, int req_timeout)
+ {
+ int fd;
+ int rv;
+ OCSP_REQ_CTX *ctx = NULL;
+ OCSP_RESPONSE *rsp = NULL;
+ fd_set confds;
+ struct timeval tv;
+
+ if (req_timeout != -1)
+ BIO_set_nbio(cbio, 1);
+
+ rv = BIO_do_connect(cbio);
+
+ if ((rv <= 0) && ((req_timeout == -1) || !BIO_should_retry(cbio)))
+ {
+ BIO_puts(err, "Error connecting BIO\n");
+ return NULL;
+ }
+
+ if (req_timeout == -1)
+ return OCSP_sendreq_bio(cbio, path, req);
+
+ if (BIO_get_fd(cbio, &fd) <= 0)
+ {
+ BIO_puts(err, "Can't get connection fd\n");
+ goto err;
+ }
+
+ if (rv <= 0)
+ {
+ FD_ZERO(&confds);
+ openssl_fdset(fd, &confds);
+ tv.tv_usec = 0;
+ tv.tv_sec = req_timeout;
+ rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv);
+ if (rv == 0)
+ {
+ BIO_puts(err, "Timeout on connect\n");
+ return NULL;
+ }
+ }
+
+
+ ctx = OCSP_sendreq_new(cbio, path, req, -1);
+ if (!ctx)
+ return NULL;
+
+ for (;;)
+ {
+ rv = OCSP_sendreq_nbio(&rsp, ctx);
+ if (rv != -1)
+ break;
+ FD_ZERO(&confds);
+ openssl_fdset(fd, &confds);
+ tv.tv_usec = 0;
+ tv.tv_sec = req_timeout;
+ if (BIO_should_read(cbio))
+ rv = select(fd + 1, (void *)&confds, NULL, NULL, &tv);
+ else if (BIO_should_write(cbio))
+ rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv);
+ else
+ {
+ BIO_puts(err, "Unexpected retry condition\n");
+ goto err;
+ }
+ if (rv == 0)
+ {
+ BIO_puts(err, "Timeout on request\n");
+ break;
+ }
+ if (rv == -1)
+ {
+ BIO_puts(err, "Select error\n");
+ break;
+ }
+
+ }
+ err:
+ if (ctx)
+ OCSP_REQ_CTX_free(ctx);
+
+ return rsp;
+ }
+
+OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
+ char *host, char *path, char *port, int use_ssl,
+ int req_timeout)
+ {
+ BIO *cbio = NULL;
+ SSL_CTX *ctx = NULL;
+ OCSP_RESPONSE *resp = NULL;
+ cbio = BIO_new_connect(host);
+ if (!cbio)
+ {
+ BIO_printf(err, "Error creating connect BIO\n");
+ goto end;
+ }
+ if (port) BIO_set_conn_port(cbio, port);
+ if (use_ssl == 1)
+ {
+ BIO *sbio;
+#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
+ ctx = SSL_CTX_new(SSLv23_client_method());
+#elif !defined(OPENSSL_NO_SSL3)
+ ctx = SSL_CTX_new(SSLv3_client_method());
+#elif !defined(OPENSSL_NO_SSL2)
+ ctx = SSL_CTX_new(SSLv2_client_method());
+#else
+ BIO_printf(err, "SSL is disabled\n");
+ goto end;
+#endif
+ if (ctx == NULL)
+ {
+ BIO_printf(err, "Error creating SSL context.\n");
+ goto end;
+ }
+ SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
+ sbio = BIO_new_ssl(ctx, 1);
+ cbio = BIO_push(sbio, cbio);
+ }
+ resp = query_responder(err, cbio, path, req, req_timeout);
+ if (!resp)
+ BIO_printf(bio_err, "Error querying OCSP responsder\n");
+ end:
+ if (ctx)
+ SSL_CTX_free(ctx);
+ if (cbio)
+ BIO_free_all(cbio);
+ return resp;
+ }
+
#endif
diff --git a/apps/openssl.c b/apps/openssl.c
index 47aee5b71262..ec25f990febb 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -273,9 +273,21 @@ int main(int Argc, char *Argv[])
i=NCONF_load(config,p,&errline);
if (i == 0)
{
- NCONF_free(config);
- config = NULL;
- ERR_clear_error();
+ if (ERR_GET_REASON(ERR_peek_last_error())
+ == CONF_R_NO_SUCH_FILE)
+ {
+ BIO_printf(bio_err,
+ "WARNING: can't open config file: %s\n",p);
+ ERR_clear_error();
+ NCONF_free(config);
+ config = NULL;
+ }
+ else
+ {
+ ERR_print_errors(bio_err);
+ NCONF_free(config);
+ exit(1);
+ }
}
prog=prog_init();
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index d5873e93d498..268390ebe8d8 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -100,6 +100,7 @@ int MAIN(int argc, char **argv)
char **args;
char *name = NULL;
char *csp_name = NULL;
+ int add_lmk = 0;
PKCS12 *p12 = NULL;
char pass[50], macpass[50];
int export_cert = 0;
@@ -153,10 +154,13 @@ int MAIN(int argc, char **argv)
cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
else if (!strcmp (*args, "-export")) export_cert = 1;
else if (!strcmp (*args, "-des")) enc=EVP_des_cbc();
+ else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc();
#ifndef OPENSSL_NO_IDEA
else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc();
#endif
- else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc();
+#ifndef OPENSSL_NO_SEED
+ else if (!strcmp(*args, "-seed")) enc=EVP_seed_cbc();
+#endif
#ifndef OPENSSL_NO_AES
else if (!strcmp(*args,"-aes128")) enc=EVP_aes_128_cbc();
else if (!strcmp(*args,"-aes192")) enc=EVP_aes_192_cbc();
@@ -221,7 +225,9 @@ int MAIN(int argc, char **argv)
args++;
name = *args;
} else badarg = 1;
- } else if (!strcmp (*args, "-CSP")) {
+ } else if (!strcmp (*args, "-LMK"))
+ add_lmk = 1;
+ else if (!strcmp (*args, "-CSP")) {
if (args[1]) {
args++;
csp_name = *args;
@@ -306,6 +312,9 @@ int MAIN(int argc, char **argv)
#ifndef OPENSSL_NO_IDEA
BIO_printf (bio_err, "-idea encrypt private keys with idea\n");
#endif
+#ifndef OPENSSL_NO_SEED
+ BIO_printf (bio_err, "-seed encrypt private keys with seed\n");
+#endif
#ifndef OPENSSL_NO_AES
BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
BIO_printf (bio_err, " encrypt PEM output with cbc aes\n");
@@ -332,6 +341,8 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n");
+ BIO_printf(bio_err, "-CSP name Microsoft CSP name\n");
+ BIO_printf(bio_err, "-LMK Add local machine keyset attribute to private key\n");
goto end;
}
@@ -471,7 +482,7 @@ int MAIN(int argc, char **argv)
X509_keyid_set1(ucert, NULL, 0);
X509_alias_set1(ucert, NULL, 0);
/* Remove from list */
- sk_X509_delete(certs, i);
+ (void)sk_X509_delete(certs, i);
break;
}
}
@@ -556,7 +567,9 @@ int MAIN(int argc, char **argv)
if (csp_name && key)
EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,
MBSTRING_ASC, (unsigned char *)csp_name, -1);
-
+
+ if (add_lmk && key)
+ EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1);
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
diff --git a/apps/progs.h b/apps/progs.h
index 011974b216e0..aafd800bdfb4 100644
--- a/apps/progs.h
+++ b/apps/progs.h
@@ -28,6 +28,7 @@ extern int speed_main(int argc,char *argv[]);
extern int s_time_main(int argc,char *argv[]);
extern int version_main(int argc,char *argv[]);
extern int pkcs7_main(int argc,char *argv[]);
+extern int cms_main(int argc,char *argv[]);
extern int crl2pkcs7_main(int argc,char *argv[]);
extern int sess_id_main(int argc,char *argv[]);
extern int ciphers_main(int argc,char *argv[]);
@@ -109,6 +110,9 @@ FUNCTION functions[] = {
#endif
{FUNC_TYPE_GENERAL,"version",version_main},
{FUNC_TYPE_GENERAL,"pkcs7",pkcs7_main},
+#ifndef OPENSSL_NO_CMS
+ {FUNC_TYPE_GENERAL,"cms",cms_main},
+#endif
{FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main},
{FUNC_TYPE_GENERAL,"sess_id",sess_id_main},
#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
@@ -197,6 +201,9 @@ FUNCTION functions[] = {
#ifndef OPENSSL_NO_IDEA
{FUNC_TYPE_CIPHER,"idea",enc_main},
#endif
+#ifndef OPENSSL_NO_SEED
+ {FUNC_TYPE_CIPHER,"seed",enc_main},
+#endif
#ifndef OPENSSL_NO_RC4
{FUNC_TYPE_CIPHER,"rc4",enc_main},
#endif
@@ -263,6 +270,18 @@ FUNCTION functions[] = {
#ifndef OPENSSL_NO_IDEA
{FUNC_TYPE_CIPHER,"idea-ofb",enc_main},
#endif
+#ifndef OPENSSL_NO_SEED
+ {FUNC_TYPE_CIPHER,"seed-cbc",enc_main},
+#endif
+#ifndef OPENSSL_NO_SEED
+ {FUNC_TYPE_CIPHER,"seed-ecb",enc_main},
+#endif
+#ifndef OPENSSL_NO_SEED
+ {FUNC_TYPE_CIPHER,"seed-cfb",enc_main},
+#endif
+#ifndef OPENSSL_NO_SEED
+ {FUNC_TYPE_CIPHER,"seed-ofb",enc_main},
+#endif
#ifndef OPENSSL_NO_RC2
{FUNC_TYPE_CIPHER,"rc2-cbc",enc_main},
#endif
diff --git a/apps/progs.pl b/apps/progs.pl
index 7b1de74bef8d..645432cfcc23 100644
--- a/apps/progs.pl
+++ b/apps/progs.pl
@@ -43,6 +43,8 @@ foreach (@ARGV)
{ print "#ifndef OPENSSL_NO_DH\n${str}#endif\n"; }
elsif ( ($_ =~ /^pkcs12$/))
{ print "#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)\n${str}#endif\n"; }
+ elsif ( ($_ =~ /^cms$/))
+ { print "#ifndef OPENSSL_NO_CMS\n${str}#endif\n"; }
else
{ print $str; }
}
@@ -61,13 +63,14 @@ foreach (
"camellia-192-cbc", "camellia-192-ecb",
"camellia-256-cbc", "camellia-256-ecb",
"base64",
- "des", "des3", "desx", "idea", "rc4", "rc4-40",
+ "des", "des3", "desx", "idea", "seed", "rc4", "rc4-40",
"rc2", "bf", "cast", "rc5",
"des-ecb", "des-ede", "des-ede3",
"des-cbc", "des-ede-cbc","des-ede3-cbc",
"des-cfb", "des-ede-cfb","des-ede3-cfb",
"des-ofb", "des-ede-ofb","des-ede3-ofb",
- "idea-cbc","idea-ecb", "idea-cfb", "idea-ofb",
+ "idea-cbc","idea-ecb", "idea-cfb", "idea-ofb",
+ "seed-cbc","seed-ecb", "seed-cfb", "seed-ofb",
"rc2-cbc", "rc2-ecb", "rc2-cfb","rc2-ofb", "rc2-64-cbc", "rc2-40-cbc",
"bf-cbc", "bf-ecb", "bf-cfb", "bf-ofb",
"cast5-cbc","cast5-ecb", "cast5-cfb","cast5-ofb",
@@ -80,6 +83,7 @@ foreach (
elsif ($_ =~ /aes/) { $t="#ifndef OPENSSL_NO_AES\n${t}#endif\n"; }
elsif ($_ =~ /camellia/) { $t="#ifndef OPENSSL_NO_CAMELLIA\n${t}#endif\n"; }
elsif ($_ =~ /idea/) { $t="#ifndef OPENSSL_NO_IDEA\n${t}#endif\n"; }
+ elsif ($_ =~ /seed/) { $t="#ifndef OPENSSL_NO_SEED\n${t}#endif\n"; }
elsif ($_ =~ /rc4/) { $t="#ifndef OPENSSL_NO_RC4\n${t}#endif\n"; }
elsif ($_ =~ /rc2/) { $t="#ifndef OPENSSL_NO_RC2\n${t}#endif\n"; }
elsif ($_ =~ /bf/) { $t="#ifndef OPENSSL_NO_BF\n${t}#endif\n"; }
diff --git a/apps/rand.c b/apps/rand.c
index a893896033a8..c3b26c466d9e 100644
--- a/apps/rand.c
+++ b/apps/rand.c
@@ -213,7 +213,7 @@ int MAIN(int argc, char **argv)
BIO_write(out, buf, chunk);
num -= chunk;
}
- BIO_flush(out);
+ (void)BIO_flush(out);
app_RAND_write_file(NULL, bio_err);
ret = 0;
diff --git a/apps/req.c b/apps/req.c
index f58e65ec852f..5ed08960c1dc 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -719,8 +719,7 @@ bad:
message */
goto end;
}
- if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA ||
- EVP_PKEY_type(pkey->type) == EVP_PKEY_EC)
+ else
{
char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
if (randfile == NULL)
diff --git a/apps/rsa.c b/apps/rsa.c
index cf09a190cab3..930f1f038aba 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -81,6 +81,7 @@
* -des - encrypt output if PEM format with DES in cbc mode
* -des3 - encrypt output if PEM format
* -idea - encrypt output if PEM format
+ * -seed - encrypt output if PEM format
* -aes128 - encrypt output if PEM format
* -aes192 - encrypt output if PEM format
* -aes256 - encrypt output if PEM format
@@ -211,6 +212,9 @@ bad:
#ifndef OPENSSL_NO_IDEA
BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n");
#endif
+#ifndef OPENSSL_NO_SEED
+ BIO_printf(bio_err," -seed encrypt PEM output with cbc seed\n");
+#endif
#ifndef OPENSSL_NO_AES
BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
BIO_printf(bio_err," encrypt PEM output with cbc aes\n");
diff --git a/apps/rsautl.c b/apps/rsautl.c
index 463890950e1f..f3c458ed2751 100644
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -119,24 +119,36 @@ int MAIN(int argc, char **argv)
while(argc >= 1)
{
if (!strcmp(*argv,"-in")) {
- if (--argc < 1) badarg = 1;
- infile= *(++argv);
+ if (--argc < 1)
+ badarg = 1;
+ else
+ infile= *(++argv);
} else if (!strcmp(*argv,"-out")) {
- if (--argc < 1) badarg = 1;
- outfile= *(++argv);
+ if (--argc < 1)
+ badarg = 1;
+ else
+ outfile= *(++argv);
} else if(!strcmp(*argv, "-inkey")) {
- if (--argc < 1) badarg = 1;
- keyfile = *(++argv);
+ if (--argc < 1)
+ badarg = 1;
+ else
+ keyfile = *(++argv);
} else if (!strcmp(*argv,"-passin")) {
- if (--argc < 1) badarg = 1;
- passargin= *(++argv);
+ if (--argc < 1)
+ badarg = 1;
+ else
+ passargin= *(++argv);
} else if (strcmp(*argv,"-keyform") == 0) {
- if (--argc < 1) badarg = 1;
- keyform=str2fmt(*(++argv));
+ if (--argc < 1)
+ badarg = 1;
+ else
+ keyform=str2fmt(*(++argv));
#ifndef OPENSSL_NO_ENGINE
} else if(!strcmp(*argv, "-engine")) {
- if (--argc < 1) badarg = 1;
- engine = *(++argv);
+ if (--argc < 1)
+ badarg = 1;
+ else
+ engine = *(++argv);
#endif
} else if(!strcmp(*argv, "-pubin")) {
key_type = KEY_PUBKEY;
diff --git a/apps/s_apps.h b/apps/s_apps.h
index 886a95a2b8ce..08fbbc222964 100644
--- a/apps/s_apps.h
+++ b/apps/s_apps.h
@@ -167,4 +167,7 @@ long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
#ifdef HEADER_SSL_H
void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret);
void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
+void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
+ unsigned char *data, int len,
+ void *arg);
#endif
diff --git a/apps/s_cb.c b/apps/s_cb.c
index 9a35d46adc28..a512589e8c87 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -573,5 +573,64 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *
BIO_printf(bio, " ...");
BIO_printf(bio, "\n");
}
- BIO_flush(bio);
+ (void)BIO_flush(bio);
+ }
+
+void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
+ unsigned char *data, int len,
+ void *arg)
+ {
+ BIO *bio = arg;
+ char *extname;
+
+ switch(type)
+ {
+ case TLSEXT_TYPE_server_name:
+ extname = "server name";
+ break;
+
+ case TLSEXT_TYPE_max_fragment_length:
+ extname = "max fragment length";
+ break;
+
+ case TLSEXT_TYPE_client_certificate_url:
+ extname = "client certificate URL";
+ break;
+
+ case TLSEXT_TYPE_trusted_ca_keys:
+ extname = "trusted CA keys";
+ break;
+
+ case TLSEXT_TYPE_truncated_hmac:
+ extname = "truncated HMAC";
+ break;
+
+ case TLSEXT_TYPE_status_request:
+ extname = "status request";
+ break;
+
+ case TLSEXT_TYPE_elliptic_curves:
+ extname = "elliptic curves";
+ break;
+
+ case TLSEXT_TYPE_ec_point_formats:
+ extname = "EC point formats";
+ break;
+
+ case TLSEXT_TYPE_session_ticket:
+ extname = "server ticket";
+ break;
+
+
+ default:
+ extname = "unknown";
+ break;
+
+ }
+
+ BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n",
+ client_server ? "server": "client",
+ extname, type, len);
+ BIO_dump(bio, (char *)data, len);
+ (void)BIO_flush(bio);
}
diff --git a/apps/s_client.c b/apps/s_client.c
index 3f302c5f140d..60a8d13df198 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -134,6 +134,7 @@ typedef unsigned int u_int;
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/rand.h>
+#include <openssl/ocsp.h>
#include "s_apps.h"
#include "timeouts.h"
@@ -171,11 +172,18 @@ static int c_nbio=0;
#endif
static int c_Pause=0;
static int c_debug=0;
+#ifndef OPENSSL_NO_TLSEXT
+static int c_tlsextdebug=0;
+static int c_status_req=0;
+#endif
static int c_msg=0;
static int c_showcerts=0;
static void sc_usage(void);
static void print_stuff(BIO *berr,SSL *con,int full);
+#ifndef OPENSSL_NO_TLSEXT
+static int ocsp_resp_cb(SSL *s, void *arg);
+#endif
static BIO *bio_c_out=NULL;
static int c_quiet=0;
static int c_ign_eof=0;
@@ -231,9 +239,37 @@ static void sc_usage(void)
BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
#endif
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
-
+ BIO_printf(bio_err," -sess_out arg - file to write SSL session to\n");
+ BIO_printf(bio_err," -sess_in arg - file to read SSL session from\n");
+#ifndef OPENSSL_NO_TLSEXT
+ BIO_printf(bio_err," -servername host - Set TLS extension servername in ClientHello\n");
+ BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n");
+ BIO_printf(bio_err," -status - request certificate status from server\n");
+ BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n");
+#endif
}
+#ifndef OPENSSL_NO_TLSEXT
+
+/* This is a context that we pass to callbacks */
+typedef struct tlsextctx_st {
+ BIO * biodebug;
+ int ack;
+} tlsextctx;
+
+
+static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
+ {
+ tlsextctx * p = (tlsextctx *) arg;
+ const char * hn= SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
+ if (SSL_get_servername_type(s) != -1)
+ p->ack = !SSL_session_reused(s) && hn != NULL;
+ else
+ BIO_printf(bio_err,"Can't use SSL_get_servername\n");
+
+ return SSL_TLSEXT_ERR_OK;
+ }
+#endif
enum
{
PROTO_OFF = 0,
@@ -281,12 +317,20 @@ int MAIN(int argc, char **argv)
int mbuf_len=0;
#ifndef OPENSSL_NO_ENGINE
char *engine_id=NULL;
- ENGINE *e=NULL;
+ char *ssl_client_engine_id=NULL;
+ ENGINE *e=NULL, *ssl_client_engine=NULL;
#endif
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
struct timeval tv;
#endif
+#ifndef OPENSSL_NO_TLSEXT
+ char *servername = NULL;
+ tlsextctx tlsextcbp =
+ {NULL,0};
+#endif
+ char *sess_in = NULL;
+ char *sess_out = NULL;
struct sockaddr peer;
int peerlen = sizeof(peer);
int enable_timeouts = 0 ;
@@ -361,6 +405,16 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
cert_file= *(++argv);
}
+ else if (strcmp(*argv,"-sess_out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ sess_out = *(++argv);
+ }
+ else if (strcmp(*argv,"-sess_in") == 0)
+ {
+ if (--argc < 1) goto bad;
+ sess_in = *(++argv);
+ }
else if (strcmp(*argv,"-certform") == 0)
{
if (--argc < 1) goto bad;
@@ -385,6 +439,12 @@ int MAIN(int argc, char **argv)
c_Pause=1;
else if (strcmp(*argv,"-debug") == 0)
c_debug=1;
+#ifndef OPENSSL_NO_TLSEXT
+ else if (strcmp(*argv,"-tlsextdebug") == 0)
+ c_tlsextdebug=1;
+ else if (strcmp(*argv,"-status") == 0)
+ c_status_req=1;
+#endif
#ifdef WATT32
else if (strcmp(*argv,"-wdebug") == 0)
dbug_init();
@@ -460,6 +520,10 @@ int MAIN(int argc, char **argv)
off|=SSL_OP_NO_SSLv3;
else if (strcmp(*argv,"-no_ssl2") == 0)
off|=SSL_OP_NO_SSLv2;
+#ifndef OPENSSL_NO_TLSEXT
+ else if (strcmp(*argv,"-no_ticket") == 0)
+ { off|=SSL_OP_NO_TICKET; }
+#endif
else if (strcmp(*argv,"-serverpref") == 0)
off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
else if (strcmp(*argv,"-cipher") == 0)
@@ -492,12 +556,25 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
engine_id = *(++argv);
}
+ else if (strcmp(*argv,"-ssl_client_engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ ssl_client_engine_id = *(++argv);
+ }
#endif
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
inrand= *(++argv);
}
+#ifndef OPENSSL_NO_TLSEXT
+ else if (strcmp(*argv,"-servername") == 0)
+ {
+ if (--argc < 1) goto bad;
+ servername= *(++argv);
+ /* meth=TLSv1_client_method(); */
+ }
+#endif
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -519,6 +596,16 @@ bad:
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine_id, 1);
+ if (ssl_client_engine_id)
+ {
+ ssl_client_engine = ENGINE_by_id(ssl_client_engine_id);
+ if (!ssl_client_engine)
+ {
+ BIO_printf(bio_err,
+ "Error getting client auth engine\n");
+ goto end;
+ }
+ }
#endif
if (!app_passwd(bio_err, passarg, NULL, &pass, NULL))
{
@@ -586,6 +673,20 @@ bad:
goto end;
}
+#ifndef OPENSSL_NO_ENGINE
+ if (ssl_client_engine)
+ {
+ if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine))
+ {
+ BIO_puts(bio_err, "Error setting client auth engine\n");
+ ERR_print_errors(bio_err);
+ ENGINE_free(ssl_client_engine);
+ goto end;
+ }
+ ENGINE_free(ssl_client_engine);
+ }
+#endif
+
if (bugs)
SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
else
@@ -621,8 +722,51 @@ bad:
store = SSL_CTX_get_cert_store(ctx);
X509_STORE_set_flags(store, vflags);
+#ifndef OPENSSL_NO_TLSEXT
+ if (servername != NULL)
+ {
+ tlsextcbp.biodebug = bio_err;
+ SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
+ SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
+ }
+#endif
con=SSL_new(ctx);
+ if (sess_in)
+ {
+ SSL_SESSION *sess;
+ BIO *stmp = BIO_new_file(sess_in, "r");
+ if (!stmp)
+ {
+ BIO_printf(bio_err, "Can't open session file %s\n",
+ sess_in);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ sess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL);
+ BIO_free(stmp);
+ if (!sess)
+ {
+ BIO_printf(bio_err, "Can't open session file %s\n",
+ sess_in);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ SSL_set_session(con, sess);
+ SSL_SESSION_free(sess);
+ }
+#ifndef OPENSSL_NO_TLSEXT
+ if (servername != NULL)
+ {
+ if (!SSL_set_tlsext_host_name(con,servername))
+ {
+ BIO_printf(bio_err,"Unable to set TLS servername extension.\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+#endif
+
#ifndef OPENSSL_NO_KRB5
if (con && (con->kssl_ctx = kssl_ctx_new()) != NULL)
{
@@ -668,7 +812,7 @@ re_start:
goto end;
}
- BIO_ctrl_set_connected(sbio, 1, &peer);
+ (void)BIO_ctrl_set_connected(sbio, 1, &peer);
if ( enable_timeouts)
{
@@ -714,6 +858,30 @@ re_start:
SSL_set_msg_callback(con, msg_cb);
SSL_set_msg_callback_arg(con, bio_c_out);
}
+#ifndef OPENSSL_NO_TLSEXT
+ if (c_tlsextdebug)
+ {
+ SSL_set_tlsext_debug_callback(con, tlsext_cb);
+ SSL_set_tlsext_debug_arg(con, bio_c_out);
+ }
+ if (c_status_req)
+ {
+ SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp);
+ SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb);
+ SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out);
+#if 0
+{
+STACK_OF(OCSP_RESPID) *ids = sk_OCSP_RESPID_new_null();
+OCSP_RESPID *id = OCSP_RESPID_new();
+id->value.byKey = ASN1_OCTET_STRING_new();
+id->type = V_OCSP_RESPID_KEY;
+ASN1_STRING_set(id->value.byKey, "Hello World", -1);
+sk_OCSP_RESPID_push(ids, id);
+SSL_set_tlsext_status_ids(con, ids);
+}
+#endif
+ }
+#endif
SSL_set_bio(con,sbio,sbio);
SSL_set_connect_state(con);
@@ -752,7 +920,7 @@ re_start:
while (mbuf_len>3 && mbuf[3]=='-');
/* STARTTLS command requires EHLO... */
BIO_printf(fbio,"EHLO openssl.client.net\r\n");
- BIO_flush(fbio);
+ (void)BIO_flush(fbio);
/* wait for multi-line response to end EHLO SMTP response */
do
{
@@ -761,7 +929,7 @@ re_start:
foundit=1;
}
while (mbuf_len>3 && mbuf[3]=='-');
- BIO_flush(fbio);
+ (void)BIO_flush(fbio);
BIO_pop(fbio);
BIO_free(fbio);
if (!foundit)
@@ -785,7 +953,7 @@ re_start:
BIO_gets(fbio,mbuf,BUFSIZZ);
/* STARTTLS command requires CAPABILITY... */
BIO_printf(fbio,". CAPABILITY\r\n");
- BIO_flush(fbio);
+ (void)BIO_flush(fbio);
/* wait for multi-line CAPABILITY response */
do
{
@@ -794,7 +962,7 @@ re_start:
foundit=1;
}
while (mbuf_len>3 && mbuf[0]!='.');
- BIO_flush(fbio);
+ (void)BIO_flush(fbio);
BIO_pop(fbio);
BIO_free(fbio);
if (!foundit)
@@ -814,7 +982,7 @@ re_start:
mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
}
while (mbuf_len>3 && mbuf[3]=='-');
- BIO_flush(fbio);
+ (void)BIO_flush(fbio);
BIO_pop(fbio);
BIO_free(fbio);
BIO_printf(sbio,"AUTH TLS\r\n");
@@ -837,6 +1005,17 @@ re_start:
if (in_init)
{
in_init=0;
+ if (sess_out)
+ {
+ BIO *stmp = BIO_new_file(sess_out, "w");
+ if (stmp)
+ {
+ PEM_write_bio_SSL_SESSION(stmp, SSL_get_session(con));
+ BIO_free(stmp);
+ }
+ else
+ BIO_printf(bio_err, "Error writing session file %s\n", sess_out);
+ }
print_stuff(bio_c_out,con,full_log);
if (full_log > 0) full_log--;
@@ -1303,6 +1482,34 @@ static void print_stuff(BIO *bio, SSL *s, int full)
if (peer != NULL)
X509_free(peer);
/* flush, or debugging output gets mixed with http response */
- BIO_flush(bio);
+ (void)BIO_flush(bio);
}
+#ifndef OPENSSL_NO_TLSEXT
+
+static int ocsp_resp_cb(SSL *s, void *arg)
+ {
+ const unsigned char *p;
+ int len;
+ OCSP_RESPONSE *rsp;
+ len = SSL_get_tlsext_status_ocsp_resp(s, &p);
+ BIO_puts(arg, "OCSP response: ");
+ if (!p)
+ {
+ BIO_puts(arg, "no response sent\n");
+ return 1;
+ }
+ rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
+ if (!rsp)
+ {
+ BIO_puts(arg, "response parse error\n");
+ BIO_dump_indent(arg, (char *)p, len, 4);
+ return 0;
+ }
+ BIO_puts(arg, "\n======================================\n");
+ OCSP_RESPONSE_print(arg, rsp, 0);
+ BIO_puts(arg, "======================================\n");
+ OCSP_RESPONSE_free(rsp);
+ return 1;
+ }
+#endif /* ndef OPENSSL_NO_TLSEXT */
diff --git a/apps/s_server.c b/apps/s_server.c
index 6c433e63fd64..7919c437c645 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -153,6 +153,7 @@ typedef unsigned int u_int;
#include <openssl/x509.h>
#include <openssl/ssl.h>
#include <openssl/rand.h>
+#include <openssl/ocsp.h>
#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
#endif
@@ -238,6 +239,9 @@ static int bufsize=BUFSIZZ;
static int accept_socket= -1;
#define TEST_CERT "server.pem"
+#ifndef OPENSSL_NO_TLSEXT
+#define TEST_CERT2 "server2.pem"
+#endif
#undef PROG
#define PROG s_server_main
@@ -247,6 +251,9 @@ static char *cipher=NULL;
static int s_server_verify=SSL_VERIFY_NONE;
static int s_server_session_id_context = 1; /* anything will do */
static const char *s_cert_file=TEST_CERT,*s_key_file=NULL;
+#ifndef OPENSSL_NO_TLSEXT
+static const char *s_cert_file2=TEST_CERT2,*s_key_file2=NULL;
+#endif
static char *s_dcert_file=NULL,*s_dkey_file=NULL;
#ifdef FIONBIO
static int s_nbio=0;
@@ -254,10 +261,18 @@ static int s_nbio=0;
static int s_nbio_test=0;
int s_crlf=0;
static SSL_CTX *ctx=NULL;
+#ifndef OPENSSL_NO_TLSEXT
+static SSL_CTX *ctx2=NULL;
+#endif
static int www=0;
static BIO *bio_s_out=NULL;
static int s_debug=0;
+#ifndef OPENSSL_NO_TLSEXT
+static int s_tlsextdebug=0;
+static int s_tlsextstatus=0;
+static int cert_status_cb(SSL *s, void *arg);
+#endif
static int s_msg=0;
static int s_quiet=0;
@@ -285,6 +300,11 @@ static void s_server_init(void)
s_dkey_file=NULL;
s_cert_file=TEST_CERT;
s_key_file=NULL;
+#ifndef OPENSSL_NO_TLSEXT
+ s_cert_file2=TEST_CERT2;
+ s_key_file2=NULL;
+ ctx2=NULL;
+#endif
#ifdef FIONBIO
s_nbio=0;
#endif
@@ -313,6 +333,11 @@ static void sv_usage(void)
BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n");
BIO_printf(bio_err," -cert arg - certificate file to use\n");
BIO_printf(bio_err," (default is %s)\n",TEST_CERT);
+ BIO_printf(bio_err," -crl_check - check the peer certificate has not been revoked by its CA.\n" \
+ " The CRL(s) are appended to the certificate file\n");
+ BIO_printf(bio_err," -crl_check_all - check the peer certificate has not been revoked by its CA\n" \
+ " or any other CRL in the CA chain. CRL(s) are appened to the\n" \
+ " the certificate file.\n");
BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
BIO_printf(bio_err," -key arg - Private Key file to use, in cert file if\n");
BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT);
@@ -371,6 +396,16 @@ static void sv_usage(void)
#endif
BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+#ifndef OPENSSL_NO_TLSEXT
+ BIO_printf(bio_err," -servername host - servername for HostName TLS extension\n");
+ BIO_printf(bio_err," -servername_fatal - on mismatch send fatal alert (default warning alert)\n");
+ BIO_printf(bio_err," -cert2 arg - certificate file to use for servername\n");
+ BIO_printf(bio_err," (default is %s)\n",TEST_CERT2);
+ BIO_printf(bio_err," -key2 arg - Private Key file to use for servername, in cert file if\n");
+ BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT2);
+ BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n");
+ BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n");
+#endif
}
static int local_argc=0;
@@ -526,6 +561,185 @@ static int ebcdic_puts(BIO *bp, const char *str)
}
#endif
+#ifndef OPENSSL_NO_TLSEXT
+
+/* This is a context that we pass to callbacks */
+typedef struct tlsextctx_st {
+ char * servername;
+ BIO * biodebug;
+ int extension_error;
+} tlsextctx;
+
+
+static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
+ {
+ tlsextctx * p = (tlsextctx *) arg;
+ const char * servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
+ if (servername && p->biodebug)
+ BIO_printf(p->biodebug,"Hostname in TLS extension: \"%s\"\n",servername);
+
+ if (!p->servername)
+ return SSL_TLSEXT_ERR_NOACK;
+
+ if (servername)
+ {
+ if (strcmp(servername,p->servername))
+ return p->extension_error;
+ if (ctx2)
+ {
+ BIO_printf(p->biodebug,"Swiching server context.\n");
+ SSL_set_SSL_CTX(s,ctx2);
+ }
+ }
+ return SSL_TLSEXT_ERR_OK;
+}
+
+/* Structure passed to cert status callback */
+
+typedef struct tlsextstatusctx_st {
+ /* Default responder to use */
+ char *host, *path, *port;
+ int use_ssl;
+ int timeout;
+ BIO *err;
+ int verbose;
+} tlsextstatusctx;
+
+static tlsextstatusctx tlscstatp = {NULL, NULL, NULL, 0, -1, NULL, 0};
+
+/* Certificate Status callback. This is called when a client includes a
+ * certificate status request extension.
+ *
+ * This is a simplified version. It examines certificates each time and
+ * makes one OCSP responder query for each request.
+ *
+ * A full version would store details such as the OCSP certificate IDs and
+ * minimise the number of OCSP responses by caching them until they were
+ * considered "expired".
+ */
+
+static int cert_status_cb(SSL *s, void *arg)
+ {
+ tlsextstatusctx *srctx = arg;
+ BIO *err = srctx->err;
+ char *host, *port, *path;
+ int use_ssl;
+ unsigned char *rspder = NULL;
+ int rspderlen;
+ STACK *aia = NULL;
+ X509 *x = NULL;
+ X509_STORE_CTX inctx;
+ X509_OBJECT obj;
+ OCSP_REQUEST *req = NULL;
+ OCSP_RESPONSE *resp = NULL;
+ OCSP_CERTID *id = NULL;
+ STACK_OF(X509_EXTENSION) *exts;
+ int ret = SSL_TLSEXT_ERR_NOACK;
+ int i;
+#if 0
+STACK_OF(OCSP_RESPID) *ids;
+SSL_get_tlsext_status_ids(s, &ids);
+BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids));
+#endif
+ if (srctx->verbose)
+ BIO_puts(err, "cert_status: callback called\n");
+ /* Build up OCSP query from server certificate */
+ x = SSL_get_certificate(s);
+ aia = X509_get1_ocsp(x);
+ if (aia)
+ {
+ if (!OCSP_parse_url(sk_value(aia, 0),
+ &host, &port, &path, &use_ssl))
+ {
+ BIO_puts(err, "cert_status: can't parse AIA URL\n");
+ goto err;
+ }
+ if (srctx->verbose)
+ BIO_printf(err, "cert_status: AIA URL: %s\n",
+ sk_value(aia, 0));
+ }
+ else
+ {
+ if (!srctx->host)
+ {
+ BIO_puts(srctx->err, "cert_status: no AIA and no default responder URL\n");
+ goto done;
+ }
+ host = srctx->host;
+ path = srctx->path;
+ port = srctx->port;
+ use_ssl = srctx->use_ssl;
+ }
+
+ if (!X509_STORE_CTX_init(&inctx,
+ SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)),
+ NULL, NULL))
+ goto err;
+ if (X509_STORE_get_by_subject(&inctx,X509_LU_X509,
+ X509_get_issuer_name(x),&obj) <= 0)
+ {
+ BIO_puts(err, "cert_status: Can't retrieve issuer certificate.\n");
+ X509_STORE_CTX_cleanup(&inctx);
+ goto done;
+ }
+ req = OCSP_REQUEST_new();
+ if (!req)
+ goto err;
+ id = OCSP_cert_to_id(NULL, x, obj.data.x509);
+ X509_free(obj.data.x509);
+ X509_STORE_CTX_cleanup(&inctx);
+ if (!id)
+ goto err;
+ if (!OCSP_request_add0_id(req, id))
+ goto err;
+ id = NULL;
+ /* Add any extensions to the request */
+ SSL_get_tlsext_status_exts(s, &exts);
+ for (i = 0; i < sk_X509_EXTENSION_num(exts); i++)
+ {
+ X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
+ if (!OCSP_REQUEST_add_ext(req, ext, -1))
+ goto err;
+ }
+ resp = process_responder(err, req, host, path, port, use_ssl,
+ srctx->timeout);
+ if (!resp)
+ {
+ BIO_puts(err, "cert_status: error querying responder\n");
+ goto done;
+ }
+ rspderlen = i2d_OCSP_RESPONSE(resp, &rspder);
+ if (rspderlen <= 0)
+ goto err;
+ SSL_set_tlsext_status_ocsp_resp(s, rspder, rspderlen);
+ if (srctx->verbose)
+ {
+ BIO_puts(err, "cert_status: ocsp response sent:\n");
+ OCSP_RESPONSE_print(err, resp, 2);
+ }
+ ret = SSL_TLSEXT_ERR_OK;
+ done:
+ if (ret != SSL_TLSEXT_ERR_OK)
+ ERR_print_errors(err);
+ if (aia)
+ {
+ OPENSSL_free(host);
+ OPENSSL_free(path);
+ OPENSSL_free(port);
+ X509_email_free(aia);
+ }
+ if (id)
+ OCSP_CERTID_free(id);
+ if (req)
+ OCSP_REQUEST_free(req);
+ if (resp)
+ OCSP_RESPONSE_free(resp);
+ return ret;
+ err:
+ ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+ goto done;
+ }
+#endif
int MAIN(int, char **);
int MAIN(int argc, char *argv[])
@@ -545,10 +759,7 @@ int MAIN(int argc, char *argv[])
int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0;
int state=0;
SSL_METHOD *meth=NULL;
-#ifdef sock_type
-#undef sock_type
-#endif
- int sock_type=SOCK_STREAM;
+ int socket_type=SOCK_STREAM;
#ifndef OPENSSL_NO_ENGINE
ENGINE *e=NULL;
#endif
@@ -559,6 +770,14 @@ int MAIN(int argc, char *argv[])
int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;
X509 *s_cert = NULL, *s_dcert = NULL;
EVP_PKEY *s_key = NULL, *s_dkey = NULL;
+#ifndef OPENSSL_NO_TLSEXT
+ EVP_PKEY *s_key2 = NULL;
+ X509 *s_cert2 = NULL;
+#endif
+
+#ifndef OPENSSL_NO_TLSEXT
+ tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING};
+#endif
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
meth=SSLv23_server_method();
@@ -695,7 +914,7 @@ int MAIN(int argc, char *argv[])
{
vflags |= X509_V_FLAG_CRL_CHECK;
}
- else if (strcmp(*argv,"-crl_check") == 0)
+ else if (strcmp(*argv,"-crl_check_all") == 0)
{
vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
}
@@ -724,6 +943,37 @@ int MAIN(int argc, char *argv[])
}
else if (strcmp(*argv,"-debug") == 0)
{ s_debug=1; }
+#ifndef OPENSSL_NO_TLSEXT
+ else if (strcmp(*argv,"-tlsextdebug") == 0)
+ s_tlsextdebug=1;
+ else if (strcmp(*argv,"-status") == 0)
+ s_tlsextstatus=1;
+ else if (strcmp(*argv,"-status_verbose") == 0)
+ {
+ s_tlsextstatus=1;
+ tlscstatp.verbose = 1;
+ }
+ else if (!strcmp(*argv, "-status_timeout"))
+ {
+ s_tlsextstatus=1;
+ if (--argc < 1) goto bad;
+ tlscstatp.timeout = atoi(*(++argv));
+ }
+ else if (!strcmp(*argv, "-status_url"))
+ {
+ s_tlsextstatus=1;
+ if (--argc < 1) goto bad;
+ if (!OCSP_parse_url(*(++argv),
+ &tlscstatp.host,
+ &tlscstatp.port,
+ &tlscstatp.path,
+ &tlscstatp.use_ssl))
+ {
+ BIO_printf(bio_err, "Error parsing URL\n");
+ goto bad;
+ }
+ }
+#endif
else if (strcmp(*argv,"-msg") == 0)
{ s_msg=1; }
else if (strcmp(*argv,"-hack") == 0)
@@ -754,6 +1004,10 @@ int MAIN(int argc, char *argv[])
{ off|=SSL_OP_NO_SSLv3; }
else if (strcmp(*argv,"-no_tls1") == 0)
{ off|=SSL_OP_NO_TLSv1; }
+#ifndef OPENSSL_NO_TLSEXT
+ else if (strcmp(*argv,"-no_ticket") == 0)
+ { off|=SSL_OP_NO_TICKET; }
+#endif
#ifndef OPENSSL_NO_SSL2
else if (strcmp(*argv,"-ssl2") == 0)
{ meth=SSLv2_server_method(); }
@@ -770,7 +1024,7 @@ int MAIN(int argc, char *argv[])
else if (strcmp(*argv,"-dtls1") == 0)
{
meth=DTLSv1_server_method();
- sock_type = SOCK_DGRAM;
+ socket_type = SOCK_DGRAM;
}
else if (strcmp(*argv,"-timeout") == 0)
enable_timeouts = 1;
@@ -799,6 +1053,25 @@ int MAIN(int argc, char *argv[])
if (--argc < 1) goto bad;
inrand= *(++argv);
}
+#ifndef OPENSSL_NO_TLSEXT
+ else if (strcmp(*argv,"-servername") == 0)
+ {
+ if (--argc < 1) goto bad;
+ tlsextcbp.servername= *(++argv);
+ }
+ else if (strcmp(*argv,"-servername_fatal") == 0)
+ { tlsextcbp.extension_error = SSL_TLSEXT_ERR_ALERT_FATAL; }
+ else if (strcmp(*argv,"-cert2") == 0)
+ {
+ if (--argc < 1) goto bad;
+ s_cert_file2= *(++argv);
+ }
+ else if (strcmp(*argv,"-key2") == 0)
+ {
+ if (--argc < 1) goto bad;
+ s_key_file2= *(++argv);
+ }
+#endif
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -831,6 +1104,10 @@ bad:
if (s_key_file == NULL)
s_key_file = s_cert_file;
+#ifndef OPENSSL_NO_TLSEXT
+ if (s_key_file2 == NULL)
+ s_key_file2 = s_cert_file2;
+#endif
if (nocert == 0)
{
@@ -850,8 +1127,29 @@ bad:
ERR_print_errors(bio_err);
goto end;
}
- }
+#ifndef OPENSSL_NO_TLSEXT
+ if (tlsextcbp.servername)
+ {
+ s_key2 = load_key(bio_err, s_key_file2, s_key_format, 0, pass, e,
+ "second server certificate private key file");
+ if (!s_key2)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ s_cert2 = load_cert(bio_err,s_cert_file2,s_cert_format,
+ NULL, e, "second server certificate file");
+
+ if (!s_cert2)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+#endif
+ }
if (s_dcert_file)
{
@@ -908,6 +1206,10 @@ bad:
s_key_file=NULL;
s_dcert_file=NULL;
s_dkey_file=NULL;
+#ifndef OPENSSL_NO_TLSEXT
+ s_cert_file2=NULL;
+ s_key_file2=NULL;
+#endif
}
ctx=SSL_CTX_new(meth);
@@ -939,7 +1241,7 @@ bad:
/* DTLS: partial reads end up discarding unread UDP bytes :-(
* Setting read ahead solves this problem.
*/
- if (sock_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
+ if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
@@ -966,6 +1268,62 @@ bad:
}
store = SSL_CTX_get_cert_store(ctx);
X509_STORE_set_flags(store, vflags);
+#ifndef OPENSSL_NO_TLSEXT
+ if (s_cert2)
+ {
+ ctx2=SSL_CTX_new(meth);
+ if (ctx2 == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if (ctx2)
+ {
+ BIO_printf(bio_s_out,"Setting secondary ctx parameters\n");
+
+ if (session_id_prefix)
+ {
+ if(strlen(session_id_prefix) >= 32)
+ BIO_printf(bio_err,
+ "warning: id_prefix is too long, only one new session will be possible\n");
+ else if(strlen(session_id_prefix) >= 16)
+ BIO_printf(bio_err,
+ "warning: id_prefix is too long if you use SSLv2\n");
+ if(!SSL_CTX_set_generate_session_id(ctx2, generate_session_id))
+ {
+ BIO_printf(bio_err,"error setting 'id_prefix'\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ BIO_printf(bio_err,"id_prefix '%s' set.\n", session_id_prefix);
+ }
+ SSL_CTX_set_quiet_shutdown(ctx2,1);
+ if (bugs) SSL_CTX_set_options(ctx2,SSL_OP_ALL);
+ if (hack) SSL_CTX_set_options(ctx2,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
+ SSL_CTX_set_options(ctx2,off);
+
+ /* DTLS: partial reads end up discarding unread UDP bytes :-(
+ * Setting read ahead solves this problem.
+ */
+ if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx2, 1);
+
+
+ if (state) SSL_CTX_set_info_callback(ctx2,apps_ssl_info_callback);
+
+ SSL_CTX_sess_set_cache_size(ctx2,128);
+
+ if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) ||
+ (!SSL_CTX_set_default_verify_paths(ctx2)))
+ {
+ ERR_print_errors(bio_err);
+ }
+ store = SSL_CTX_get_cert_store(ctx2);
+ X509_STORE_set_flags(store, vflags);
+ }
+#endif
+
#ifndef OPENSSL_NO_DH
if (!no_dhe)
@@ -989,6 +1347,24 @@ bad:
(void)BIO_flush(bio_s_out);
SSL_CTX_set_tmp_dh(ctx,dh);
+#ifndef OPENSSL_NO_TLSEXT
+ if (ctx2)
+ {
+ if (!dhfile)
+ {
+ DH *dh2=load_dh_param(s_cert_file2);
+ if (dh2 != NULL)
+ {
+ BIO_printf(bio_s_out,"Setting temp DH parameters\n");
+ (void)BIO_flush(bio_s_out);
+
+ DH_free(dh);
+ dh = dh2;
+ }
+ }
+ SSL_CTX_set_tmp_dh(ctx2,dh);
+ }
+#endif
DH_free(dh);
}
#endif
@@ -1034,12 +1410,20 @@ bad:
(void)BIO_flush(bio_s_out);
SSL_CTX_set_tmp_ecdh(ctx,ecdh);
+#ifndef OPENSSL_NO_TLSEXT
+ if (ctx2)
+ SSL_CTX_set_tmp_ecdh(ctx2,ecdh);
+#endif
EC_KEY_free(ecdh);
}
#endif
if (!set_cert_key_stuff(ctx,s_cert,s_key))
goto end;
+#ifndef OPENSSL_NO_TLSEXT
+ if (ctx2 && !set_cert_key_stuff(ctx2,s_cert2,s_key2))
+ goto end;
+#endif
if (s_dcert != NULL)
{
if (!set_cert_key_stuff(ctx,s_dcert,s_dkey))
@@ -1049,7 +1433,13 @@ bad:
#ifndef OPENSSL_NO_RSA
#if 1
if (!no_tmp_rsa)
+ {
SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
+#ifndef OPENSSL_NO_TLSEXT
+ if (ctx2)
+ SSL_CTX_set_tmp_rsa_callback(ctx2,tmp_rsa_cb);
+#endif
+ }
#else
if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx))
{
@@ -1065,6 +1455,16 @@ bad:
ERR_print_errors(bio_err);
goto end;
}
+#ifndef OPENSSL_NO_TLSEXT
+ if (ctx2)
+ {
+ if (!SSL_CTX_set_tmp_rsa(ctx2,rsa))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+#endif
RSA_free(rsa);
BIO_printf(bio_s_out,"\n");
}
@@ -1076,19 +1476,46 @@ bad:
BIO_printf(bio_err,"error setting cipher list\n");
ERR_print_errors(bio_err);
goto end;
+#ifndef OPENSSL_NO_TLSEXT
+ if (ctx2 && !SSL_CTX_set_cipher_list(ctx2,cipher))
+ {
+ BIO_printf(bio_err,"error setting cipher list\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+#endif
}
SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);
SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context,
sizeof s_server_session_id_context);
+#ifndef OPENSSL_NO_TLSEXT
+ if (ctx2)
+ {
+ SSL_CTX_set_verify(ctx2,s_server_verify,verify_callback);
+ SSL_CTX_set_session_id_context(ctx2,(void*)&s_server_session_id_context,
+ sizeof s_server_session_id_context);
+
+ tlsextcbp.biodebug = bio_s_out;
+ SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb);
+ SSL_CTX_set_tlsext_servername_arg(ctx2, &tlsextcbp);
+ SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
+ SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
+ }
+#endif
if (CAfile != NULL)
- SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
-
+ {
+ SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
+#ifndef OPENSSL_NO_TLSEXT
+ if (ctx2)
+ SSL_CTX_set_client_CA_list(ctx2,SSL_load_client_CA_file(CAfile));
+#endif
+ }
BIO_printf(bio_s_out,"ACCEPT\n");
if (www)
- do_server(port,sock_type,&accept_socket,www_body, context);
+ do_server(port,socket_type,&accept_socket,www_body, context);
else
- do_server(port,sock_type,&accept_socket,sv_body, context);
+ do_server(port,socket_type,&accept_socket,sv_body, context);
print_stats(bio_s_out,ctx);
ret=0;
end:
@@ -1105,6 +1532,13 @@ end:
OPENSSL_free(pass);
if (dpass)
OPENSSL_free(dpass);
+#ifndef OPENSSL_NO_TLSEXT
+ if (ctx2 != NULL) SSL_CTX_free(ctx2);
+ if (s_cert2)
+ X509_free(s_cert2);
+ if (s_key2)
+ EVP_PKEY_free(s_key2);
+#endif
if (bio_s_out != NULL)
{
BIO_free(bio_s_out);
@@ -1171,6 +1605,19 @@ static int sv_body(char *hostname, int s, unsigned char *context)
if (con == NULL) {
con=SSL_new(ctx);
+#ifndef OPENSSL_NO_TLSEXT
+ if (s_tlsextdebug)
+ {
+ SSL_set_tlsext_debug_callback(con, tlsext_cb);
+ SSL_set_tlsext_debug_arg(con, bio_s_out);
+ }
+ if (s_tlsextstatus)
+ {
+ SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb);
+ tlscstatp.err = bio_err;
+ SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp);
+ }
+#endif
#ifndef OPENSSL_NO_KRB5
if ((con->kssl_ctx = kssl_ctx_new()) != NULL)
{
@@ -1241,6 +1688,13 @@ static int sv_body(char *hostname, int s, unsigned char *context)
SSL_set_msg_callback(con, msg_cb);
SSL_set_msg_callback_arg(con, bio_s_out);
}
+#ifndef OPENSSL_NO_TLSEXT
+ if (s_tlsextdebug)
+ {
+ SSL_set_tlsext_debug_callback(con, tlsext_cb);
+ SSL_set_tlsext_debug_arg(con, bio_s_out);
+ }
+#endif
width=s+1;
for (;;)
@@ -1606,6 +2060,13 @@ static int www_body(char *hostname, int s, unsigned char *context)
if (!BIO_set_write_buffer_size(io,bufsize)) goto err;
if ((con=SSL_new(ctx)) == NULL) goto err;
+#ifndef OPENSSL_NO_TLSEXT
+ if (s_tlsextdebug)
+ {
+ SSL_set_tlsext_debug_callback(con, tlsext_cb);
+ SSL_set_tlsext_debug_arg(con, bio_s_out);
+ }
+#endif
#ifndef OPENSSL_NO_KRB5
if ((con->kssl_ctx = kssl_ctx_new()) != NULL)
{
diff --git a/apps/smime.c b/apps/smime.c
index 830f18cd8479..ce8a1cbecb75 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -145,6 +145,10 @@ int MAIN(int argc, char **argv)
else if (!strcmp (*args, "-des"))
cipher = EVP_des_cbc();
#endif
+#ifndef OPENSSL_NO_SEED
+ else if (!strcmp (*args, "-seed"))
+ cipher = EVP_seed_cbc();
+#endif
#ifndef OPENSSL_NO_RC2
else if (!strcmp (*args, "-rc2-40"))
cipher = EVP_rc2_40_cbc();
@@ -423,6 +427,9 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-des3 encrypt with triple DES\n");
BIO_printf (bio_err, "-des encrypt with DES\n");
#endif
+#ifndef OPENSSL_NO_SEED
+ BIO_printf (bio_err, "-seed encrypt with SEED\n");
+#endif
#ifndef OPENSSL_NO_RC2
BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40 (default)\n");
BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n");
diff --git a/apps/speed.c b/apps/speed.c
index 7858aee76ed3..8a1974f5fe9b 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -201,6 +201,9 @@
#ifndef OPENSSL_NO_IDEA
#include <openssl/idea.h>
#endif
+#ifndef OPENSSL_NO_SEED
+#include <openssl/seed.h>
+#endif
#ifndef OPENSSL_NO_BF
#include <openssl/blowfish.h>
#endif
@@ -272,7 +275,7 @@ static void print_result(int alg,int run_no,int count,double time_used);
static int do_multi(int multi);
#endif
-#define ALGOR_NUM 24
+#define ALGOR_NUM 28
#define SIZE_NUM 5
#define RSA_NUM 4
#define DSA_NUM 3
@@ -282,11 +285,12 @@ static int do_multi(int multi);
static const char *names[ALGOR_NUM]={
"md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4",
- "des cbc","des ede3","idea cbc",
+ "des cbc","des ede3","idea cbc","seed cbc",
"rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc",
"aes-128 cbc","aes-192 cbc","aes-256 cbc",
"camellia-128 cbc","camellia-192 cbc","camellia-256 cbc",
- "evp","sha256","sha512"};
+ "evp","sha256","sha512",
+ "aes-128 ige","aes-192 ige","aes-256 ige"};
static double results[ALGOR_NUM][SIZE_NUM];
static int lengths[SIZE_NUM]={16,64,256,1024,8*1024};
static double rsa_results[RSA_NUM][2];
@@ -533,6 +537,9 @@ int MAIN(int argc, char **argv)
#ifndef OPENSSL_NO_IDEA
IDEA_KEY_SCHEDULE idea_ks;
#endif
+#ifndef OPENSSL_NO_SEED
+ SEED_KEY_SCHEDULE seed_ks;
+#endif
#ifndef OPENSSL_NO_BF
BF_KEY bf_ks;
#endif
@@ -570,7 +577,7 @@ int MAIN(int argc, char **argv)
#define MAX_BLOCK_SIZE 64
#endif
unsigned char DES_iv[8];
- unsigned char iv[MAX_BLOCK_SIZE/8];
+ unsigned char iv[2*MAX_BLOCK_SIZE/8];
#ifndef OPENSSL_NO_DES
DES_cblock *buf_as_des_cblock = NULL;
static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
@@ -597,19 +604,23 @@ int MAIN(int argc, char **argv)
#define D_CBC_DES 8
#define D_EDE3_DES 9
#define D_CBC_IDEA 10
-#define D_CBC_RC2 11
-#define D_CBC_RC5 12
-#define D_CBC_BF 13
-#define D_CBC_CAST 14
-#define D_CBC_128_AES 15
-#define D_CBC_192_AES 16
-#define D_CBC_256_AES 17
-#define D_CBC_128_CML 18
-#define D_CBC_192_CML 19
-#define D_CBC_256_CML 20
-#define D_EVP 21
-#define D_SHA256 22
-#define D_SHA512 23
+#define D_CBC_SEED 11
+#define D_CBC_RC2 12
+#define D_CBC_RC5 13
+#define D_CBC_BF 14
+#define D_CBC_CAST 15
+#define D_CBC_128_AES 16
+#define D_CBC_192_AES 17
+#define D_CBC_256_AES 18
+#define D_CBC_128_CML 19
+#define D_CBC_192_CML 20
+#define D_CBC_256_CML 21
+#define D_EVP 22
+#define D_SHA256 23
+#define D_SHA512 24
+#define D_IGE_128_AES 25
+#define D_IGE_192_AES 26
+#define D_IGE_256_AES 27
double d=0.0;
long c[ALGOR_NUM][SIZE_NUM];
#define R_DSA_512 0
@@ -950,7 +961,10 @@ int MAIN(int argc, char **argv)
if (strcmp(*argv,"aes-128-cbc") == 0) doit[D_CBC_128_AES]=1;
else if (strcmp(*argv,"aes-192-cbc") == 0) doit[D_CBC_192_AES]=1;
else if (strcmp(*argv,"aes-256-cbc") == 0) doit[D_CBC_256_AES]=1;
- else
+ else if (strcmp(*argv,"aes-128-ige") == 0) doit[D_IGE_128_AES]=1;
+ else if (strcmp(*argv,"aes-192-ige") == 0) doit[D_IGE_192_AES]=1;
+ else if (strcmp(*argv,"aes-256-ige") == 0) doit[D_IGE_256_AES]=1;
+ else
#endif
#ifndef OPENSSL_NO_CAMELLIA
if (strcmp(*argv,"camellia-128-cbc") == 0) doit[D_CBC_128_CML]=1;
@@ -999,6 +1013,11 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv,"idea") == 0) doit[D_CBC_IDEA]=1;
else
#endif
+#ifndef OPENSSL_NO_SEED
+ if (strcmp(*argv,"seed-cbc") == 0) doit[D_CBC_SEED]=1;
+ else if (strcmp(*argv,"seed") == 0) doit[D_CBC_SEED]=1;
+ else
+#endif
#ifndef OPENSSL_NO_BF
if (strcmp(*argv,"bf-cbc") == 0) doit[D_CBC_BF]=1;
else if (strcmp(*argv,"blowfish") == 0) doit[D_CBC_BF]=1;
@@ -1144,6 +1163,9 @@ int MAIN(int argc, char **argv)
#ifndef OPENSSL_NO_IDEA
BIO_printf(bio_err,"idea-cbc ");
#endif
+#ifndef OPENSSL_NO_SEED
+ BIO_printf(bio_err,"seed-cbc ");
+#endif
#ifndef OPENSSL_NO_RC2
BIO_printf(bio_err,"rc2-cbc ");
#endif
@@ -1153,7 +1175,7 @@ int MAIN(int argc, char **argv)
#ifndef OPENSSL_NO_BF
BIO_printf(bio_err,"bf-cbc");
#endif
-#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_RC2) || \
+#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_SEED) || !defined(OPENSSL_NO_RC2) || \
!defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_RC5)
BIO_printf(bio_err,"\n");
#endif
@@ -1162,6 +1184,7 @@ int MAIN(int argc, char **argv)
#endif
#ifndef OPENSSL_NO_AES
BIO_printf(bio_err,"aes-128-cbc aes-192-cbc aes-256-cbc ");
+ BIO_printf(bio_err,"aes-128-ige aes-192-ige aes-256-ige ");
#endif
#ifndef OPENSSL_NO_CAMELLIA
BIO_printf(bio_err,"\n");
@@ -1195,6 +1218,9 @@ int MAIN(int argc, char **argv)
#ifndef OPENSSL_NO_IDEA
BIO_printf(bio_err,"idea ");
#endif
+#ifndef OPENSSL_NO_SEED
+ BIO_printf(bio_err,"seed ");
+#endif
#ifndef OPENSSL_NO_RC2
BIO_printf(bio_err,"rc2 ");
#endif
@@ -1213,10 +1239,10 @@ int MAIN(int argc, char **argv)
#ifndef OPENSSL_NO_BF
BIO_printf(bio_err,"blowfish");
#endif
-#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_RC2) || \
- !defined(OPENSSL_NO_DES) || !defined(OPENSSL_NO_RSA) || \
- !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_AES) || \
- !defined(OPENSSL_NO_CAMELLIA)
+#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_SEED) || \
+ !defined(OPENSSL_NO_RC2) || !defined(OPENSSL_NO_DES) || \
+ !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_BF) || \
+ !defined(OPENSSL_NO_AES) || !defined(OPENSSL_NO_CAMELLIA)
BIO_printf(bio_err,"\n");
#endif
@@ -1318,6 +1344,9 @@ int MAIN(int argc, char **argv)
#ifndef OPENSSL_NO_IDEA
idea_set_encrypt_key(key16,&idea_ks);
#endif
+#ifndef OPENSSL_NO_SEED
+ SEED_set_key(key16,&seed_ks);
+#endif
#ifndef OPENSSL_NO_RC4
RC4_set_key(&rc4_ks,16,key16);
#endif
@@ -1361,6 +1390,7 @@ int MAIN(int argc, char **argv)
c[D_CBC_DES][0]=count;
c[D_EDE3_DES][0]=count/3;
c[D_CBC_IDEA][0]=count;
+ c[D_CBC_SEED][0]=count;
c[D_CBC_RC2][0]=count;
c[D_CBC_RC5][0]=count;
c[D_CBC_BF][0]=count;
@@ -1373,6 +1403,9 @@ int MAIN(int argc, char **argv)
c[D_CBC_256_CML][0]=count;
c[D_SHA256][0]=count;
c[D_SHA512][0]=count;
+ c[D_IGE_128_AES][0]=count;
+ c[D_IGE_192_AES][0]=count;
+ c[D_IGE_256_AES][0]=count;
for (i=1; i<SIZE_NUM; i++)
{
@@ -1396,6 +1429,7 @@ int MAIN(int argc, char **argv)
c[D_CBC_DES][i]=c[D_CBC_DES][i-1]*l0/l1;
c[D_EDE3_DES][i]=c[D_EDE3_DES][i-1]*l0/l1;
c[D_CBC_IDEA][i]=c[D_CBC_IDEA][i-1]*l0/l1;
+ c[D_CBC_SEED][i]=c[D_CBC_SEED][i-1]*l0/l1;
c[D_CBC_RC2][i]=c[D_CBC_RC2][i-1]*l0/l1;
c[D_CBC_RC5][i]=c[D_CBC_RC5][i-1]*l0/l1;
c[D_CBC_BF][i]=c[D_CBC_BF][i-1]*l0/l1;
@@ -1406,6 +1440,9 @@ int MAIN(int argc, char **argv)
c[D_CBC_128_CML][i]=c[D_CBC_128_CML][i-1]*l0/l1;
c[D_CBC_192_CML][i]=c[D_CBC_192_CML][i-1]*l0/l1;
c[D_CBC_256_CML][i]=c[D_CBC_256_CML][i-1]*l0/l1;
+ c[D_IGE_128_AES][i]=c[D_IGE_128_AES][i-1]*l0/l1;
+ c[D_IGE_192_AES][i]=c[D_IGE_192_AES][i-1]*l0/l1;
+ c[D_IGE_256_AES][i]=c[D_IGE_256_AES][i-1]*l0/l1;
}
#ifndef OPENSSL_NO_RSA
rsa_c[R_RSA_512][0]=count/2000;
@@ -1799,6 +1836,48 @@ int MAIN(int argc, char **argv)
}
}
+ if (doit[D_IGE_128_AES])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_IGE_128_AES],c[D_IGE_128_AES][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_IGE_128_AES][j]); count++)
+ AES_ige_encrypt(buf,buf2,
+ (unsigned long)lengths[j],&aes_ks1,
+ iv,AES_ENCRYPT);
+ d=Time_F(STOP);
+ print_result(D_IGE_128_AES,j,count,d);
+ }
+ }
+ if (doit[D_IGE_192_AES])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_IGE_192_AES],c[D_IGE_192_AES][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_IGE_192_AES][j]); count++)
+ AES_ige_encrypt(buf,buf2,
+ (unsigned long)lengths[j],&aes_ks2,
+ iv,AES_ENCRYPT);
+ d=Time_F(STOP);
+ print_result(D_IGE_192_AES,j,count,d);
+ }
+ }
+ if (doit[D_IGE_256_AES])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_IGE_256_AES],c[D_IGE_256_AES][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_IGE_256_AES][j]); count++)
+ AES_ige_encrypt(buf,buf2,
+ (unsigned long)lengths[j],&aes_ks3,
+ iv,AES_ENCRYPT);
+ d=Time_F(STOP);
+ print_result(D_IGE_256_AES,j,count,d);
+ }
+ }
#endif
#ifndef OPENSSL_NO_CAMELLIA
if (doit[D_CBC_128_CML])
@@ -1861,6 +1940,21 @@ int MAIN(int argc, char **argv)
}
}
#endif
+#ifndef OPENSSL_NO_SEED
+ if (doit[D_CBC_SEED])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_CBC_SEED],c[D_CBC_SEED][j],lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_CBC_SEED][j]); count++)
+ SEED_cbc_encrypt(buf,buf,
+ (unsigned long)lengths[j],&seed_ks,iv,1);
+ d=Time_F(STOP);
+ print_result(D_CBC_SEED,j,count,d);
+ }
+ }
+#endif
#ifndef OPENSSL_NO_RC2
if (doit[D_CBC_RC2])
{
diff --git a/apps/x509.c b/apps/x509.c
index 5f61eb5c467a..f6938356f8a7 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -114,6 +114,7 @@ static const char *x509_usage[]={
" -alias - output certificate alias\n",
" -noout - no certificate output\n",
" -ocspid - print OCSP hash values for the subject name and public key\n",
+" -ocspurl - print OCSP Responder URL(s)\n",
" -trustout - output a \"trusted\" certificate\n",
" -clrtrust - clear all trusted purposes\n",
" -clrreject - clear all rejected purposes\n",
@@ -179,6 +180,7 @@ int MAIN(int argc, char **argv)
int next_serial=0;
int subject_hash=0,issuer_hash=0,ocspid=0;
int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0;
+ int ocsp_uri=0;
int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0;
int C=0;
int x509req=0,days=DEF_DAYS,modulus=0,pubkey=0;
@@ -378,6 +380,8 @@ int MAIN(int argc, char **argv)
C= ++num;
else if (strcmp(*argv,"-email") == 0)
email= ++num;
+ else if (strcmp(*argv,"-ocsp_uri") == 0)
+ ocsp_uri= ++num;
else if (strcmp(*argv,"-serial") == 0)
serial= ++num;
else if (strcmp(*argv,"-next_serial") == 0)
@@ -731,11 +735,14 @@ bad:
ASN1_INTEGER_free(ser);
BIO_puts(out, "\n");
}
- else if (email == i)
+ else if ((email == i) || (ocsp_uri == i))
{
int j;
STACK *emlst;
- emlst = X509_get1_email(x);
+ if (email == i)
+ emlst = X509_get1_email(x);
+ else
+ emlst = X509_get1_ocsp(x);
for (j = 0; j < sk_num(emlst); j++)
BIO_printf(STDout, "%s\n", sk_value(emlst, j));
X509_email_free(emlst);
diff --git a/certs/README.RootCerts b/certs/README.RootCerts
new file mode 100644
index 000000000000..c760b6103363
--- /dev/null
+++ b/certs/README.RootCerts
@@ -0,0 +1,4 @@
+The OpenSSL project does not (any longer) include root CA certificates.
+
+Please check out the FAQ:
+ * How can I set up a bundle of commercial root CA certificates?
diff --git a/certs/RegTP-5R.pem b/certs/RegTP-5R.pem
deleted file mode 100644
index 9eb79aa17c5d..000000000000
--- a/certs/RegTP-5R.pem
+++ /dev/null
@@ -1,19 +0,0 @@
-issuer= CN=5R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
-notBefore=Mar 22 08:55:51 2000 GMT
-notAfter=Mar 22 08:55:51 2005 GMT
-subject= CN=5R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
------BEGIN CERTIFICATE-----
-MIICaDCCAdSgAwIBAgIDDIOqMAoGBiskAwMBAgUAMG8xCzAJBgNVBAYTAkRFMT0w
-OwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0
-aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjVSLUNBIDE6UE4w
-IhgPMjAwMDAzMjIwODU1NTFaGA8yMDA1MDMyMjA4NTU1MVowbzELMAkGA1UEBhMC
-REUxPTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11
-bmlrYXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNVItQ0Eg
-MTpQTjCBoTANBgkqhkiG9w0BAQEFAAOBjwAwgYsCgYEAih5BUycfBpqKhU8RDsaS
-vV5AtzWeXQRColL9CH3t0DKnhjKAlJ8iccFtJNv+d3bh8bb9sh0maRSo647xP7hs
-HTjKgTE4zM5BYNfXvST79OtcMgAzrnDiGjQIIWv8xbfV1MqxxdtZJygrwzRMb9jG
-CAGoJEymoyzAMNG7tSdBWnUCBQDAAAABoxIwEDAOBgNVHQ8BAf8EBAMCAQYwCgYG
-KyQDAwECBQADgYEAOaK8ihVSBUcL2IdVBxZYYUKwMz5m7H3zqhN8W9w+iafWudH6
-b+aahkbENEwzg3C3v5g8nze7v7ssacQze657LHjP+e7ksUDIgcS4R1pU2eN16bjS
-P/qGPF3rhrIEHoK5nJULkjkZYTtNiOvmQ/+G70TXDi3Os/TwLlWRvu+7YLM=
------END CERTIFICATE-----
diff --git a/certs/RegTP-6R.pem b/certs/RegTP-6R.pem
deleted file mode 100644
index 4d79c74e5ac5..000000000000
--- a/certs/RegTP-6R.pem
+++ /dev/null
@@ -1,19 +0,0 @@
-issuer= CN=6R-Ca 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
-notBefore=Feb 1 09:52:17 2001 GMT
-notAfter=Jun 1 09:52:17 2005 GMT
-subject= CN=6R-Ca 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
------BEGIN CERTIFICATE-----
-MIICaDCCAdSgAwIBAgIDMtGNMAoGBiskAwMBAgUAMG8xCzAJBgNVBAYTAkRFMT0w
-OwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0
-aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjZSLUNhIDE6UE4w
-IhgPMjAwMTAyMDEwOTUyMTdaGA8yMDA1MDYwMTA5NTIxN1owbzELMAkGA1UEBhMC
-REUxPTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11
-bmlrYXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNlItQ2Eg
-MTpQTjCBoTANBgkqhkiG9w0BAQEFAAOBjwAwgYsCgYEAg6KrFSTNXKqe+2GKGeW2
-wTmbVeflNkp5H/YxA9K1zmEn5XjKm0S0jH4Wfms6ipPlURVaFwTfnB1s++AnJAWf
-mayaE9BP/pdIY6WtZGgW6aZc32VDMCMKPWyBNyagsJVDmzlakIA5cXBVa7Xqqd3P
-ew8i2feMnQXcqHfDv02CW88CBQDAAAABoxIwEDAOBgNVHQ8BAf8EBAMCAQYwCgYG
-KyQDAwECBQADgYEAOkqkUwdaTCt8wcJLA2zLuOwL5ADHMWLhv6gr5zEF+VckA6qe
-IVLVf8e7fYlRmzQd+5OJcGglCQJLGT+ZplI3Mjnrd4plkoTNKV4iOzBcvJD7K4tn
-XPvs9wCFcC7QU7PLvc1FDsAlr7e4wyefZRDL+wbqNfI7QZTSF1ubLd9AzeQ=
------END CERTIFICATE-----
diff --git a/certs/aol1.pem b/certs/aol1.pem
deleted file mode 100644
index d6837453dd86..000000000000
--- a/certs/aol1.pem
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEc
-MBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1lcmljYSBP
-bmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAxMB4XDTAyMDUyODA2
-MDAwMFoXDTM3MTExOTIwNDMwMFowYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0Ft
-ZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3Qg
-Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBAKgv6KRpBgNHw+kqmP8ZonCaxlCyfqXfaE0bfA+2l2h9LaaLl+lk
-hsmj76CGv2BlnEtUiMJIxUo5vxTjWVXlGbR0yLQFOVwWpeKVBeASrlmLojNoWBym
-1BW32J/X3HGrfpq/m44zDyL9Hy7nBzbvYjnF3cu6JRQj3gzGPTzOggjmZj7aUTsW
-OqMFf6Dch9Wc/HKpoH145LcxVR5lu9RhsCFg7RAycsWSJR74kEoYeEfffjA3PlAb
-2xzTa5qGUwew76wGePiEmf4hjUyAtgyC9mZweRrTT6PP8c9GsEsPPt2IYriMqQko
-O3rHl+Ee5fSfwMCuJKDIodkP1nsmgmkyPacCAwEAAaNjMGEwDwYDVR0TAQH/BAUw
-AwEB/zAdBgNVHQ4EFgQUAK3Zo/Z59m50qX8zPYEX10zPM94wHwYDVR0jBBgwFoAU
-AK3Zo/Z59m50qX8zPYEX10zPM94wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB
-BQUAA4IBAQB8itEfGDeC4Liwo+1WlchiYZwFos3CYiZhzRAW18y0ZTTQEYqtqKkF
-Zu90821fnZmv9ov761KyBZiibyrFVL0lvV+uyIbqRizBs73B6UlwGBaXCBOMIOAb
-LjpHyx7kADCVW/RFo8AasAFOq73AI25jP4BKxQft3OJvx8Fi8eNy1gTIdGcL+oir
-oQHIb/AUr9KZzVGTfu0uOMe9zkZQPXLjeSWdm4grECDdpbgyn43gKd8hdIaC2y+C
-MMbHNYaz+ZZfRtsMRf3zUMNvxsNIrUam4SdHCh0Om7bCd39j8uB9Gr784N/Xx6ds
-sPmuujz9dLQR6FgNgLzTqIA6me11zEZ7
------END CERTIFICATE-----
diff --git a/certs/aol2.pem b/certs/aol2.pem
deleted file mode 100644
index 492d55a98067..000000000000
--- a/certs/aol2.pem
+++ /dev/null
@@ -1,33 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFpDCCA4ygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEc
-MBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1lcmljYSBP
-bmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAyMB4XDTAyMDUyODA2
-MDAwMFoXDTM3MDkyOTE0MDgwMFowYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0Ft
-ZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3Qg
-Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-ADCCAgoCggIBAMxBRR3pPU0Q9oyxQcngXssNt79Hc9PwVU3dxgz6sWYFas14tNwC
-206B89enfHG8dWOgXeMHDEjsJcQDIPT/DjsS/5uN4cbVG7RtIuOx238hZK+GvFci
-KtZHgVdEglZTvYYUAQv8f3SkWq7xuhG1m1hagLQ3eAkzfDJHA1zEpYNI9FdWboE2
-JxhP7JsowtS013wMPgwr38oE18aO6lhOqKSlGBxsRZijQdEt0sdtjRnxrXm3gT+9
-BoInLRBYBbV4Bbkv2wxrkJB+FFk4u5QkE+XRnRTf04JNRvCAOVIyD+OEsnpD8l7e
-Xz8d3eOyG6ChKiMDbi4BFYdcpnV1x5dhvt6G3NRI270qv0pV2uh9UPu0gBe4lL8B
-PeraunzgWGcXuVjgiIZGZ2ydEEdYMtA1fHkqkKJaEBEjNa0vzORKW6fIJ/KD3l67
-Xnfn6KVuY8INXWHQjNJsWiEOyiijzirplcdIz5ZvHZIlyMbGwcEMBawmxNJ10uEq
-Z8A9W6Wa6897GqidFEXlD6CaZd4vKL3Ob5Rmg0gp2OpljK+T2WSfVVcmv2/LNzGZ
-o2C7HK2JNDJiuEMhBnIMoVxtRsX6Kc8w3onccVvdtjc+31D1uAclJuW8tf48ArO3
-+L5DwYcRlJ4jbBeKuIonDFRH8KmzwICMoCfrHRnjB453cMor9H124HhnAgMBAAGj
-YzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFE1FwWg4u3OpaaEg5+31IqEj
-FNeeMB8GA1UdIwQYMBaAFE1FwWg4u3OpaaEg5+31IqEjFNeeMA4GA1UdDwEB/wQE
-AwIBhjANBgkqhkiG9w0BAQUFAAOCAgEAZ2sGuV9FOypLM7PmG2tZTiLMubekJcmn
-xPBUlgtk87FYT15R/LKXeydlwuXK5w0MJXti4/qftIe3RUavg6WXSIylvfEWK5t2
-LHo1YGwRgJfMqZJS5ivmae2p+DYtLHe/YUjRYwu5W1LtGLBDQiKmsXeu3mnFzccc
-obGlHBD7GL4acN3Bkku+KVqdPzW+5X1R+FXgJXUjhx5c3LqdsKyzadsXg8n33gy8
-CNyRnqjQ1xU3c6U1uPx+xURABsPr+CKAXEfOAuMRn0T//ZoyzH1kUQ7rVyZ2OuMe
-IjzCpjbdGe+n/BLzJsBZMYVMnNjP36TMzCmT/5RtdlwTCJfy7aULTd3oyWgOZtMA
-DjMSW7yV5TKQqLPGbIOtd+6Lfn6xqavT4fG2wLHqiMDn05DpKJKUe2h7lyoKZy2F
-AjgQ5ANh1NolNscIWC2hp1GvMApJ9aZphwctREZ2jirlmjvXGKL8nDgQzMY70rUX
-Om/9riW99XJZZLF0KjhfGEzfz3EEWjbUvy+ZnOjZurGV5gJLIaFb1cFPj65pbVPb
-AZO1XB4Y3WRayhgoPmMEEf0cjQAPuDffZ4qdZqkCapH/E8ovXYO8h5Ns3CRRFgQl
-Zvqz2cK6Kb6aSDiCmfS/O0oxGfm/jiEzFMpPVF/7zvuPcX/9XhmgD0uRuMRUvAaw
-RY8mkaKO/qk=
------END CERTIFICATE-----
diff --git a/certs/aoltw1.pem b/certs/aoltw1.pem
deleted file mode 100644
index eeb0942cfb3a..000000000000
--- a/certs/aoltw1.pem
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID5jCCAs6gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgzELMAkGA1UEBhMCVVMx
-HTAbBgNVBAoTFEFPTCBUaW1lIFdhcm5lciBJbmMuMRwwGgYDVQQLExNBbWVyaWNh
-IE9ubGluZSBJbmMuMTcwNQYDVQQDEy5BT0wgVGltZSBXYXJuZXIgUm9vdCBDZXJ0
-aWZpY2F0aW9uIEF1dGhvcml0eSAxMB4XDTAyMDUyOTA2MDAwMFoXDTM3MTEyMDE1
-MDMwMFowgYMxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRBT0wgVGltZSBXYXJuZXIg
-SW5jLjEcMBoGA1UECxMTQW1lcmljYSBPbmxpbmUgSW5jLjE3MDUGA1UEAxMuQU9M
-IFRpbWUgV2FybmVyIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMTCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJnej8Mlo2k06AX3dLm/WpcZuS+U
-0pPlLYnKhHw/EEMbjIt8hFj4JHxIzyr9wBXZGH6EGhfT257XyuTZ16pYUYfw8ItI
-TuLCxFlpMGK2MKKMCxGZYTVtfu/FsRkGIBKOQuHfD5YQUqjPnF+VFNivO3ULMSAf
-RC+iYkGzuxgh28pxPIzstrkNn+9R7017EvILDOGsQI93f7DKeHEMXRZxcKLXwjqF
-zQ6axOAAsNUl6twr5JQtOJyJQVdkKGUZHLZEtMgxa44Be3ZZJX8VHIQIfHNlIAqh
-BC4aMqiaILGcLCFZ5/vP7nAtCMpjPiybkxlqpMKX/7eGV4iFbJ4VFitNLLMCAwEA
-AaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUoTYwFsuGkABFgFOxj8jY
-PXy+XxIwHwYDVR0jBBgwFoAUoTYwFsuGkABFgFOxj8jYPXy+XxIwDgYDVR0PAQH/
-BAQDAgGGMA0GCSqGSIb3DQEBBQUAA4IBAQCKIBilvrMvtKaEAEAwKfq0FHNMeUWn
-9nDg6H5kHgqVfGphwu9OH77/yZkfB2FK4V1Mza3u0FIy2VkyvNp5ctZ7CegCgTXT
-Ct8RHcl5oIBN/lrXVtbtDyqvpxh1MwzqwWEFT2qaifKNuZ8u77BfWgDrvq2g+EQF
-Z7zLBO+eZMXpyD8Fv8YvBxzDNnGGyjhmSs3WuEvGbKeXO/oTLW4jYYehY0KswsuX
-n2Fozy1MBJ3XJU8KDk2QixhWqJNIV9xvrr2eZ1d3iVCzvhGbRWeDhhmH05i9CBoW
-H1iCC+GWaQVLjuyDUTEH1dSf/1l7qG6Fz9NLqUmwX7A5KGgOc90lmt4S
------END CERTIFICATE-----
diff --git a/certs/aoltw2.pem b/certs/aoltw2.pem
deleted file mode 100644
index ad10ad7826f2..000000000000
--- a/certs/aoltw2.pem
+++ /dev/null
@@ -1,34 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIF5jCCA86gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgzELMAkGA1UEBhMCVVMx
-HTAbBgNVBAoTFEFPTCBUaW1lIFdhcm5lciBJbmMuMRwwGgYDVQQLExNBbWVyaWNh
-IE9ubGluZSBJbmMuMTcwNQYDVQQDEy5BT0wgVGltZSBXYXJuZXIgUm9vdCBDZXJ0
-aWZpY2F0aW9uIEF1dGhvcml0eSAyMB4XDTAyMDUyOTA2MDAwMFoXDTM3MDkyODIz
-NDMwMFowgYMxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRBT0wgVGltZSBXYXJuZXIg
-SW5jLjEcMBoGA1UECxMTQW1lcmljYSBPbmxpbmUgSW5jLjE3MDUGA1UEAxMuQU9M
-IFRpbWUgV2FybmVyIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMjCCAiIw
-DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALQ3WggWmRToVbEbJGv8x4vmh6mJ
-7ouZzU9AhqS2TcnZsdw8TQ2FTBVsRotSeJ/4I/1n9SQ6aF3Q92RhQVSji6UI0ilb
-m2BPJoPRYxJWSXakFsKlnUWsi4SVqBax7J/qJBrvuVdcmiQhLE0OcR+mrF1FdAOY
-xFSMFkpBd4aVdQxHAWZg/BXxD+r1FHjHDtdugRxev17nOirYlxcwfACtCJ0zr7iZ
-YYCLqJV+FNwSbKTQ2O9ASQI2+W6p1h2WVgSysy0WVoaP2SBXgM1nEG2wTPDaRrbq
-JS5Gr42whTg0ixQmgiusrpkLjhTXUr2eacOGAgvqdnUxCc4zGSGFQ+aJLZ8lN2fx
-I2rSAG2X+Z/nKcrdH9cG6rjJuQkhn8g/BsXS6RJGAE57COtCPStIbp1n3UsC5ETz
-kxmlJ85per5n0/xQpCyrw2u544BMzwVhSyvcG7mm0tCq9Stz+86QNZ8MUhy/XCFh
-EVsVS6kkUfykXPcXnbDS+gfpj1bkGoxoigTTfFrjnqKhynFbotSg5ymFXQNoKk/S
-Btc9+cMDLz9l+WceR0DTYw/j1Y75hauXTLPXJuuWCpTehTacyH+BCQJJKg71ZDIM
-gtG6aoIbs0t0EfOMd9afv9w3pKdVBC/UMejTRrkDfNoSTllkt1ExMVCgyhwn2RAu
-rda9EGYrw7AiShJbAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
-FE9pbQN+nZ8HGEO8txBO1b+pxCAoMB8GA1UdIwQYMBaAFE9pbQN+nZ8HGEO8txBO
-1b+pxCAoMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQUFAAOCAgEAO/Ouyugu
-h4X7ZVnnrREUpVe8WJ8kEle7+z802u6teio0cnAxa8cZmIDJgt43d15Ui47y6mdP
-yXSEkVYJ1eV6moG2gcKtNuTxVBFT8zRFASbI5Rq8NEQh3q0l/HYWdyGQgJhXnU7q
-7C+qPBR7V8F+GBRn7iTGvboVsNIYvbdVgaxTwOjdaRITQrcCtQVBynlQboIOcXKT
-RuidDV29rs4prWPVVRaAMCf/drr3uNZK49m1+VLQTkCpx+XCMseqdiThawVQ68W/
-ClTluUI8JPu3B5wwn3la5uBAUhX0/Kr0VvlEl4ftDmVyXr4m+02kLQgH3thcoNyB
-M5kYJRF3p+v9WAksmWsbivNSPxpNSGDxoPYzAlOL7SUJuA0t7Zdz7NeWH45gDtoQ
-my8YJPamTQr5O8t1wswvziRpyQoijlmn94IM19drNZxDAGrElWe6nEXLuA4399xO
-AU++CrYD062KRffaJ00psUjf5BHklka9bAI+1lHIlRcBFanyqqryvy9lG2/QuRqT
-9Y41xICHPpQvZuTpqP9BnHAqTyo5GJUefvthATxRCC4oGKQWDzH9OmwjkyB24f0H
-hdFbP9IcczLd+rn4jM8Ch3qaluTtT4mNU0OrDhPAARW0eTjb/G49nlG2uBOLZ8/5
-fNkiHfZdxRwBL5joeiQYvITX+txyW/fBOmg=
------END CERTIFICATE-----
diff --git a/certs/argena.pem b/certs/argena.pem
deleted file mode 100644
index db730e38dd88..000000000000
--- a/certs/argena.pem
+++ /dev/null
@@ -1,39 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIG0zCCBbugAwIBAgIBADANBgkqhkiG9w0BAQUFADCBzDELMAkGA1UEBhMCQVQx
-EDAOBgNVBAgTB0F1c3RyaWExDzANBgNVBAcTBlZpZW5uYTE6MDgGA1UEChMxQVJH
-RSBEQVRFTiAtIEF1c3RyaWFuIFNvY2lldHkgZm9yIERhdGEgUHJvdGVjdGlvbjEl
-MCMGA1UECxMcQS1DRVJUIENlcnRpZmljYXRpb24gU2VydmljZTEYMBYGA1UEAxMP
-QS1DRVJUIEFEVkFOQ0VEMR0wGwYJKoZIhvcNAQkBFg5pbmZvQGEtY2VydC5hdDAe
-Fw0wNDEwMjMxNDE0MTRaFw0xMTEwMjMxNDE0MTRaMIHMMQswCQYDVQQGEwJBVDEQ
-MA4GA1UECBMHQXVzdHJpYTEPMA0GA1UEBxMGVmllbm5hMTowOAYDVQQKEzFBUkdF
-IERBVEVOIC0gQXVzdHJpYW4gU29jaWV0eSBmb3IgRGF0YSBQcm90ZWN0aW9uMSUw
-IwYDVQQLExxBLUNFUlQgQ2VydGlmaWNhdGlvbiBTZXJ2aWNlMRgwFgYDVQQDEw9B
-LUNFUlQgQURWQU5DRUQxHTAbBgkqhkiG9w0BCQEWDmluZm9AYS1jZXJ0LmF0MIIB
-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3euXIy+mnf6BYKbK+QH5k679
-tUFqeT8jlZxMew8eNiHuw9KoxWBzL6KksK+5uK7Gatw+sbAYntEGE80P+Jg1hADM
-e+Fr5V0bc6QS3gkVtfUCW/RIvfMM39oxvmqJmOgPnJU7H6+nmLtsq61tv9kVJi/2
-4Y5wXW3odet72sF57EoG6s78w0BUVLNcMngS9bZZzmdG3/d6JbkGgoNF/8DcgCBJ
-W/t0JrcIzyppXIOVtUzzOrrU86zuUgT3Rtkl5kjG7DEHpFb9H0fTOY1v8+gRoaO6
-2gA0PCiysgVZjwgVeYe3KAg11nznyleDv198uK3Dc1oXIGYjJx2FpKWUvAuAEwID
-AQABo4ICvDCCArgwHQYDVR0OBBYEFDd/Pj6ZcWDKJNSRE3nQdCm0qCTYMIH5BgNV
-HSMEgfEwge6AFDd/Pj6ZcWDKJNSRE3nQdCm0qCTYoYHSpIHPMIHMMQswCQYDVQQG
-EwJBVDEQMA4GA1UECBMHQXVzdHJpYTEPMA0GA1UEBxMGVmllbm5hMTowOAYDVQQK
-EzFBUkdFIERBVEVOIC0gQXVzdHJpYW4gU29jaWV0eSBmb3IgRGF0YSBQcm90ZWN0
-aW9uMSUwIwYDVQQLExxBLUNFUlQgQ2VydGlmaWNhdGlvbiBTZXJ2aWNlMRgwFgYD
-VQQDEw9BLUNFUlQgQURWQU5DRUQxHTAbBgkqhkiG9w0BCQEWDmluZm9AYS1jZXJ0
-LmF0ggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgHmMEcGA1UdJQRAMD4G
-CCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcD
-CAYKKwYBBAGCNwoDBDARBglghkgBhvhCAQEEBAMCAP8wUQYDVR0gBEowSDBGBggq
-KAAYAQEBAzA6MDgGCCsGAQUFBwIBFixodHRwOi8vd3d3LmEtY2VydC5hdC9jZXJ0
-aWZpY2F0ZS1wb2xpY3kuaHRtbDA7BglghkgBhvhCAQgELhYsaHR0cDovL3d3dy5h
-LWNlcnQuYXQvY2VydGlmaWNhdGUtcG9saWN5Lmh0bWwwGQYDVR0RBBIwEIEOaW5m
-b0BhLWNlcnQuYXQwLwYDVR0SBCgwJoEOaW5mb0BhLWNlcnQuYXSGFGh0dHA6Ly93
-d3cuYS1jZXJ0LmF0MEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHBzOi8vc2VjdXJlLmEt
-Y2VydC5hdC9jZ2ktYmluL2EtY2VydC1hZHZhbmNlZC5jZ2kwDQYJKoZIhvcNAQEF
-BQADggEBACX1IvgfdG2rvfv35O48vSEvcVaEdlN8USFBHWz3JRAozgzvaBtwHkjK
-Zwt5l/BWOtjbvHfRjDt7ijlBEcxOOrNC1ffyMHwHrXpvff6YpQ5wnxmIYEQcURiG
-HMqruEX0WkuDNgSKwefsgXs27eeBauHgNGVcTYH1rmHu/ZyLpLxOyJQ2PCzA1DzW
-3rWkIX92ogJ7lTRdWrbxwUL1XGinxnnaQ74+/y0pI9JNEv7ic2tpkweRMpkedaLW
-msC1+orfKTebsg69aMaCx7o6jNONRmR/7TVaPf8/k6g52cHZ9YWjQvup22b5rWxG
-J5r5LZ4vCPmF4+T4lutjUYAa/lGuQTg=
------END CERTIFICATE-----
diff --git a/certs/argeng.pem b/certs/argeng.pem
deleted file mode 100644
index 621e30e208ca..000000000000
--- a/certs/argeng.pem
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDwzCCAyygAwIBAgIBADANBgkqhkiG9w0BAQQFADCBmDELMAkGA1UEBhMCQVQx
-EDAOBgNVBAgTB0F1c3RyaWExDzANBgNVBAcTBlZpZW5uYTFCMEAGA1UEChM5QXJn
-ZSBEYXRlbiBPZXN0ZXJyZWljaGlzY2hlIEdlc2VsbHNjaGFmdCBmdWVyIERhdGVu
-c2NodXR6MSIwIAYJKoZIhvcNAQkBFhNhLWNlcnRAYXJnZWRhdGVuLmF0MB4XDTAx
-MDIxMjExMzAzMFoXDTA5MDIxMjExMzAzMFowgZgxCzAJBgNVBAYTAkFUMRAwDgYD
-VQQIEwdBdXN0cmlhMQ8wDQYDVQQHEwZWaWVubmExQjBABgNVBAoTOUFyZ2UgRGF0
-ZW4gT2VzdGVycmVpY2hpc2NoZSBHZXNlbGxzY2hhZnQgZnVlciBEYXRlbnNjaHV0
-ejEiMCAGCSqGSIb3DQEJARYTYS1jZXJ0QGFyZ2VkYXRlbi5hdDCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEAwgsHqoNtmmrJ86+e1I4hOVBaL4kokqKN2IPOIL+1
-XwY8vfOOUfPEdhWpaC0ldt7VYrksgDiUccgH0FROANWK2GkfKMDzjjXHysR04uEb
-Om7Kqjqn0nproOGkFG+QvBZgs+Ws+HXNFJA6V76fU4+JXq4452LSK4Lr5YcBquu3
-NJECAwEAAaOCARkwggEVMB0GA1UdDgQWBBQ0j59zH/G31zRjgK1y2P//tSAWZjCB
-xQYDVR0jBIG9MIG6gBQ0j59zH/G31zRjgK1y2P//tSAWZqGBnqSBmzCBmDELMAkG
-A1UEBhMCQVQxEDAOBgNVBAgTB0F1c3RyaWExDzANBgNVBAcTBlZpZW5uYTFCMEAG
-A1UEChM5QXJnZSBEYXRlbiBPZXN0ZXJyZWljaGlzY2hlIEdlc2VsbHNjaGFmdCBm
-dWVyIERhdGVuc2NodXR6MSIwIAYJKoZIhvcNAQkBFhNhLWNlcnRAYXJnZWRhdGVu
-LmF0ggEAMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMBEGCWCGSAGG+EIBAQQE
-AwICBDANBgkqhkiG9w0BAQQFAAOBgQBFuJYncqMYB6gXQS3eDOI90BEHfFTKy/dV
-AV+K7QdAYikWmqgBheRdPKddJdccPy/Zl/p3ZT7GhDyC5f3wZjcuu8AJ27BNwbCA
-x54dgxgCNcyPm79nY8MRtEdEpoRGdSsFKJemz6hpXM++MWFciyrRWIIA44XB0Gv3
-US0spjsDPQ==
------END CERTIFICATE-----
diff --git a/certs/demo/nortelCA.pem b/certs/demo/nortelCA.pem
deleted file mode 100644
index 207f34ab3a7d..000000000000
--- a/certs/demo/nortelCA.pem
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICajCCAdMCBDGA0QUwDQYJKoZIhvcNAQEEBQAwfTELMAkGA1UEBhMCQ2ExDzAN
-BgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmlsaXR5IEFjY2VwdGVkMR8w
-HQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRwwGgYDVQQDExNFbnRydXN0
-IERlbW8gV2ViIENBMB4XDTk2MDQyNjEzMzUwMVoXDTA2MDQyNjEzMzUwMVowfTEL
-MAkGA1UEBhMCQ2ExDzANBgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmls
-aXR5IEFjY2VwdGVkMR8wHQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRww
-GgYDVQQDExNFbnRydXN0IERlbW8gV2ViIENBMIGdMA0GCSqGSIb3DQEBAQUAA4GL
-ADCBhwKBgQCaroS7O1DA0hm4IefNYU1cx/nqOmzEnk291d1XqznDeF4wEgakbkCc
-zTKxK791yNpXG5RmngqH7cygDRTHZJ6mfCRn0wGC+AI00F2vYTGqPGRQL1N3lZT0
-YDKFC0SQeMMjFIZ1aeQigroFQnHo0VB3zWIMpNkka8PY9lxHZAmWwQIBAzANBgkq
-hkiG9w0BAQQFAAOBgQBAx0UMVA1s54lMQyXjMX5kj99FJN5itb8bK1Rk+cegPQPF
-cWO9SEWyEjjBjIkjjzAwBkaEszFsNGxemxtXvwjIm1xEUMTVlPEWTs2qnDvAUA9W
-YqhWbhH0toGT36236QAsqCZ76rbTRVSSX2BHyJwJMG2tCRv7kRJ//NIgxj3H4w==
------END CERTIFICATE-----
-
diff --git a/certs/demo/timCA.pem b/certs/demo/timCA.pem
deleted file mode 100644
index 9c8d5bf9c690..000000000000
--- a/certs/demo/timCA.pem
+++ /dev/null
@@ -1,16 +0,0 @@
-Tims test GCI CA
-
------BEGIN CERTIFICATE-----
-MIIB8DCCAZoCAQAwDQYJKoZIhvcNAQEEBQAwgYIxCzAJBgNVBAYTAkFVMRMwEQYD
-VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
-cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2RldmVsb3BtZW50MRkwFwYDVQQDExBD
-cnlwdFNvZnQgRGV2IENBMB4XDTk3MDMyMjEzMzQwNFoXDTk4MDMyMjEzMzQwNFow
-gYIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhC
-cmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2Rl
-dmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQgRGV2IENBMFwwDQYJKoZIhvcN
-AQEBBQADSwAwSAJBAOAOAqogG5QwAmLhzyO4CoRnx/wVy4NZP4dxJy83O1EnL0rw
-OdsamJKvPOLHgSXo3gDu9uVyvCf/QJmZAmC5ml8CAwEAATANBgkqhkiG9w0BAQQF
-AANBADRRS/GVdd7rAqRW6SdmgLJduOU2yq3avBu99kRqbp9A/dLu6r6jU+eP4oOA
-TfdbFZtAAD2Hx9jUtY3tfdrJOb8=
------END CERTIFICATE-----
-
diff --git a/certs/demo/tjhCA.pem b/certs/demo/tjhCA.pem
deleted file mode 100644
index 67bee1b20018..000000000000
--- a/certs/demo/tjhCA.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICVjCCAgACAQAwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAkFVMRMwEQYD
-VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
-cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsTI1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9O
-IEFVVEhPUklUSUVTMTQwMgYDVQQDEytaRVJPIFZBTFVFIENBIC0gREVNT05TVFJB
-VElPTiBQVVJQT1NFUyBPTkxZMB4XDTk3MDQwMzEzMjI1NFoXDTk4MDQwMzEzMjI1
-NFowgbUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
-EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsT
-I1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9OIEFVVEhPUklUSUVTMTQwMgYDVQQDEyta
-RVJPIFZBTFVFIENBIC0gREVNT05TVFJBVElPTiBQVVJQT1NFUyBPTkxZMFwwDQYJ
-KoZIhvcNAQEBBQADSwAwSAJBAOZ7T7yqP/tyspcko3yPY1y0Cm2EmwNvzW4QgVXR
-Fjs3HmJ4xtSpXdo6mwcGezL3Abt/aQXaxv9PU8xt+Jr0OFUCAwEAATANBgkqhkiG
-9w0BAQQFAANBAOQpYmGgyCqCy1OljgJhCqQOu627oVlHzK1L+t9vBaMfn40AVUR4
-WzQVWO31KTgi5vTK1U+3h46fgUWqQ0h+6rU=
------END CERTIFICATE-----
diff --git a/certs/demo/vsigntca.pem b/certs/demo/vsigntca.pem
deleted file mode 100644
index 05acf76e66c6..000000000000
--- a/certs/demo/vsigntca.pem
+++ /dev/null
@@ -1,18 +0,0 @@
-subject=/O=VeriSign, Inc/OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD./OU=For VeriSign authorized testing only. No assurances (C)VS1997
-notBefore=Mar 4 00:00:00 1997 GMT
-notAfter=Mar 4 23:59:59 2025 GMT
------BEGIN CERTIFICATE-----
-MIICTTCCAfcCEEdoCqpuXxnoK27q7d58Qc4wDQYJKoZIhvcNAQEEBQAwgakxFjAU
-BgNVBAoTDVZlcmlTaWduLCBJbmMxRzBFBgNVBAsTPnd3dy52ZXJpc2lnbi5jb20v
-cmVwb3NpdG9yeS9UZXN0Q1BTIEluY29ycC4gQnkgUmVmLiBMaWFiLiBMVEQuMUYw
-RAYDVQQLEz1Gb3IgVmVyaVNpZ24gYXV0aG9yaXplZCB0ZXN0aW5nIG9ubHkuIE5v
-IGFzc3VyYW5jZXMgKEMpVlMxOTk3MB4XDTk3MDMwNDAwMDAwMFoXDTI1MDMwNDIz
-NTk1OVowgakxFjAUBgNVBAoTDVZlcmlTaWduLCBJbmMxRzBFBgNVBAsTPnd3dy52
-ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9UZXN0Q1BTIEluY29ycC4gQnkgUmVmLiBM
-aWFiLiBMVEQuMUYwRAYDVQQLEz1Gb3IgVmVyaVNpZ24gYXV0aG9yaXplZCB0ZXN0
-aW5nIG9ubHkuIE5vIGFzc3VyYW5jZXMgKEMpVlMxOTk3MFwwDQYJKoZIhvcNAQEB
-BQADSwAwSAJBAMak6xImJx44jMKcbkACy5/CyMA2fqXK4PlzTtCxRq5tFkDzne7s
-cI8oFK/J+gFZNE3bjidDxf07O3JOYG9RGx8CAwEAATANBgkqhkiG9w0BAQQFAANB
-ADT523tENOKrEheZFpsJx1UUjPrG7TwYc/C4NBHrZI4gZJcKVFIfNulftVS6UMYW
-ToLEMaUojc3DuNXHG21PDG8=
------END CERTIFICATE-----
diff --git a/certs/eng1.pem b/certs/eng1.pem
deleted file mode 100644
index 7ed8b1b5e6dc..000000000000
--- a/certs/eng1.pem
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBqDELMAkGA1UEBhMCQ0Ex
-CzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRvMRgwFgYDVQQKEw9CYW5rRW5n
-aW5lIEluYy4xKTAnBgNVBAsTIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IERpdmlz
-aW9uMRMwEQYDVQQDEwpiYW5rZW5naW5lMSAwHgYJKoZIhvcNAQkBFhFjYUBiYW5r
-ZW5naW5lLmNvbTAeFw05ODAxMDEwMDAwMDBaFw0zODAxMTcwMDAwMDBaMIGoMQsw
-CQYDVQQGEwJDQTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rvcm9udG8xGDAWBgNV
-BAoTD0JhbmtFbmdpbmUgSW5jLjEpMCcGA1UECxMgQ2VydGlmaWNhdGlvbiBBdXRo
-b3JpdHkgRGl2aXNpb24xEzARBgNVBAMTCmJhbmtlbmdpbmUxIDAeBgkqhkiG9w0B
-CQEWEWNhQGJhbmtlbmdpbmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEA14LoTUAl1/hEy+Kh1kLHiBdW2zD3V4IhM7xxTVKsYsIH56nr69ATTIxU
-P36eRzeZ137qt1AxHFjDCidk3m1Ul6l59ProPexdslLLM2npM3f2cteg+toyiYiS
-EJKjyzIu1xF1j9qzGkymSY/4DsXLZNk9FaczxMk/Ooc6Os1M3AverL4VG4rYIb6f
-eR32cIKJ9Q1fGuyKk7ipq1XQfPW8a8TgZdbHbe7U9Gk3iasGMHHvpR9Ep3mGbgdT
-uQ98SBEuIwe1BUCGg/MXpVy48MNXfAMotBgGw4pl9yqSjMni2FB+E9Q9DHFs2RgX
-MqzKuo8zcPxKx2kZ6Arj8+27dw2clQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0G
-CSqGSIb3DQEBBQUAA4IBAQBauupHX9EhpC/r57d6b5kkeWvognxIP9//TO4iw3qb
-zIXEkPXmJmwVzlzoKJWqiya+aw19SP0+G6CzsFOBo/9ehmz+hZ8bhYX4MjlWzX5u
-Tnkhz172j9fOBUmrTVPkcRIs6zjCD5PQAGoBPP1/Zdy2N36lZ0U7lg07Opirj/yJ
-PSJeM2j0fwIFAroiVckvdT0BVwB6S/cPaAQGPghbbr1YGSmYrMriSv825ILJUfxz
-rJYunGR9FiY9Ob7+jwJwiZMS4CxSPktutxr/3hOvr1+ALS7IcVakhhA3PuZAJbdH
-FRclR9qMM8aBnBZmf+Uv3K3uhT+UBzzY654U9Yi1JYnA
------END CERTIFICATE-----
diff --git a/certs/eng2.pem b/certs/eng2.pem
deleted file mode 100644
index 73066309b12d..000000000000
--- a/certs/eng2.pem
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBqDELMAkGA1UEBhMCQ0Ex
-CzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRvMRgwFgYDVQQKEw9DZXJ0RW5n
-aW5lIEluYy4xKTAnBgNVBAsTIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IERpdmlz
-aW9uMRMwEQYDVQQDEwpjZXJ0ZW5naW5lMSAwHgYJKoZIhvcNAQkBFhFjYUBjZXJ0
-ZW5naW5lLmNvbTAeFw05ODAxMDEwMDAwMDBaFw0zODAxMTcwMDAwMDBaMIGoMQsw
-CQYDVQQGEwJDQTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rvcm9udG8xGDAWBgNV
-BAoTD0NlcnRFbmdpbmUgSW5jLjEpMCcGA1UECxMgQ2VydGlmaWNhdGlvbiBBdXRo
-b3JpdHkgRGl2aXNpb24xEzARBgNVBAMTCmNlcnRlbmdpbmUxIDAeBgkqhkiG9w0B
-CQEWEWNhQGNlcnRlbmdpbmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEA7aTXURShaeVt9u/dP3Q2dVib3jTCZvEyc6yfpGgaYWewXWuP4HOSfI4h
-GZblbpl+dzJc6RjhR+pguIRtbT5FJB8SJGjRqoujBEOQOxtVtc2fjM9Dqh0iOvMW
-WS6buxHG55GVrHAQaO5HXEScKQBa9ZyNmpSXPTEBrDMej1OAGOkc524/TZrgFPF4
-AiJLLkxCcP8NuzUKlW3WzNMSSoCtjkUKy4wjSLlAWCFM0T9Df6/+Z8ZUQTzHoKCD
-ncH5Qnynd7DlOwKQ2JwwxRhYGiGVTUN0GUq7qA11kW3+vnbFesKQXoF6o2PVx9s2
-YXviI2NXXUjZ0pVnsnFCc45Pm8XojwIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0G
-CSqGSIb3DQEBBQUAA4IBAQBP/aHOKJ00Akzc9HWM1X30hlWZFBaQi4pqD4Uhk8+p
-KzzwFP5DRLBOz8TYBbtdXrS6hxVMr2sqWmhVkuyepWhHZazKGyHY/y0FbOXsewAV
-1QxxSyx7ve89pCKv4/w0rQcP916iHc8Y/TCpmz7eITa3GId+8H/XTaBi8GBp9X9O
-w8m25FmEB1NT+eJwefvfdKowjy4tSorKdW/eJspxNuTSRGmUy8G71W5dYvgpAlx6
-mdnHyzxEGvRYNNI2bS0ifXgbEFNWqSas9q34ea5KOpkJu8T/KyXfSb6rPOsBSb0t
-wMowwGtCVH2C4Lw/8zo0EjhMpTOsPaub408PrZ+NQ2bl
------END CERTIFICATE-----
diff --git a/certs/eng3.pem b/certs/eng3.pem
deleted file mode 100644
index 28bcce2dfde5..000000000000
--- a/certs/eng3.pem
+++ /dev/null
@@ -1,34 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIF3TCCA8WgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBqDELMAkGA1UEBhMCQ0Ex
-CzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRvMRgwFgYDVQQKEw9Gb3J0RW5n
-aW5lIEluYy4xKTAnBgNVBAsTIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IERpdmlz
-aW9uMRMwEQYDVQQDEwpmb3J0ZW5naW5lMSAwHgYJKoZIhvcNAQkBFhFjYUBmb3J0
-ZW5naW5lLmNvbTAeFw05ODAxMDEwMDAwMDBaFw0zODAxMTcwMDAwMDBaMIGoMQsw
-CQYDVQQGEwJDQTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rvcm9udG8xGDAWBgNV
-BAoTD0ZvcnRFbmdpbmUgSW5jLjEpMCcGA1UECxMgQ2VydGlmaWNhdGlvbiBBdXRo
-b3JpdHkgRGl2aXNpb24xEzARBgNVBAMTCmZvcnRlbmdpbmUxIDAeBgkqhkiG9w0B
-CQEWEWNhQGZvcnRlbmdpbmUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
-CgKCAgEAyr7GbpwDxx1v3EYbo0gcO+ligEhlDqG2e7u/AbWGoVAqc8+q6auUJUtz
-4i7oh0yNadu1o9kpXW+znkgO0zlrgjGskqqMO1ooppzTJdFy/P8gR6x1Iuv3kWtX
-OuzwPPEjv09LWlhyJsN+oU4ztTVf07I0Q9zYupcoDQ58XKRheI9KdDB2DYSmxywA
-WSLQwIeG0Qa7gvokeQlpkgkEC7viEecJ3752KXBJHnh7As51mxnlpmG6sDy67Eli
-HDw5tHETRqbtnscGBjskGQBqR5xt7+QnnthZrN8HJHDoa9zgGephwizhkL44lXLF
-YK9W5XhFbblw2c+mAcHkokRiwD7CPeIoyD2a/Jcw3n5hegKTlNhd4BFGVF6JR7gF
-OFk2QfHXit5uthsij9Xhl7WAgQUqLgggD9MphqPf4nY66OZUJV9ZsmB+Qfp8UizB
-0WAOegactKVyRqHtRa+KIEXQXNtZgjcmMk9CYkP0nIbKtgKXaH6+9VMHNOryCnFE
-7pSsuPUkypncFWCHGSeiFO3w4w4J4csltxBADQzxfRu5KZnlToQN7bVpI/Q31tVX
-E5bjrJcq6Oj/OTqZ3ID+OqbkUdAg0ggjRKcTgxnLHd/AbMzJ6PsclDDf7cLs0WSl
-xMxQR/z5bNST1rNtT9rsiv2TOhfvCBxO9AOjBioO8PLO032HTNECAwEAAaMQMA4w
-DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAgEAVyBpPWfT2VOyvVpslGKx
-8h0+CWP8cilygGRtZJ5dAJzc//1REAHdvK+TgZ4Foz3dqHhXI+RNN0FpzuWaYMjW
-ZTS0kAmcOQuGY1Oo4PGlPHI21pNz29oFDTJr0ZmLBJ4JKVsE2soJg55jdk9MZHA7
-K//7HH9RsmrWZOE5DZDlrxp6+naixhMwnlPKKisIy9GNZUPqGdUWABMdB/BUVVNl
-NU5TtWpIXUClMd8a+eoKcItBeYXowkHOBpinPkDX3clFDIUfWiw0Ro08s8SrrFqR
-8Szwbrj52Xv1RM56oGqCjnkvJctxihODV7NcpxoAFjIZokDom0q6zPrrTUsLFQov
-Plovc3w5hmALiDMshaTvE1nm3Psn4yQ+FlRE8epTZrQiIGypZkZC6lcz0mYawueW
-cThYWGFhVG4ktQzOjjNRsNxopW+W7cF1zQTxiWUDnxIKSj7gtdQ2jiubxEEhfVag
-r8DMtAccNVTZVURpGi56TptOOuotrTqqC+2GviW4hlxvdvmuQN0OlXlUwzz2Trxc
-FamNnuA54lZw/8arLtxsFmHrcnPw53+1spumLD0S5UkxHNu40h6LIVpZz3H+0rLz
-uFofTfiyMjcfK2AyHQTgUCbsrvgNuLDQUbyFGVchdFUkhztX3DhEVnxnnrpY4BVj
-QdTqWIvw7lGlSuDCjxEQAOc=
------END CERTIFICATE-----
diff --git a/certs/eng4.pem b/certs/eng4.pem
deleted file mode 100644
index 9a7b156226c2..000000000000
--- a/certs/eng4.pem
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBqDELMAkGA1UEBhMCQ0Ex
-CzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRvMRgwFgYDVQQKEw9NYWlsRW5n
-aW5lIEluYy4xKTAnBgNVBAsTIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IERpdmlz
-aW9uMRMwEQYDVQQDEwptYWlsZW5naW5lMSAwHgYJKoZIhvcNAQkBFhFjYUBtYWls
-ZW5naW5lLmNvbTAeFw05ODAxMDEwMDAwMDBaFw0zODAxMTcwMDAwMDBaMIGoMQsw
-CQYDVQQGEwJDQTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rvcm9udG8xGDAWBgNV
-BAoTD01haWxFbmdpbmUgSW5jLjEpMCcGA1UECxMgQ2VydGlmaWNhdGlvbiBBdXRo
-b3JpdHkgRGl2aXNpb24xEzARBgNVBAMTCm1haWxlbmdpbmUxIDAeBgkqhkiG9w0B
-CQEWEWNhQG1haWxlbmdpbmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEAqXmfsU+lx+NFmn6tN17RTOyaddHqLnr/3rzEDIyT9TN+tF9TG7jmK7lJ
-Jrj5arQ3nTFaLF8JuND2U1z/cLPw6/TX+1tE3v3CNUDSjaisyUDiUyp3TE8hMMMz
-zfZQn0JsGgNhhWxqyzjhRQGtKL4+xtn8VsF/8zGgZYke7nlmVKz/FslDFTnNoodL
-BAEGiu9JQS9qqpbSs20NdZ6LXPL2A4iTjnsNFBW3jIMVIn/JVVyaycU7ue2oFviD
-vLNpkVZcR7A+jjIdIumOc5VSF0y7y74cQC5YwkR2mLK7UBYDK6NCY3ta/C4M8NsM
-0FpmvRl0+A1ivZtVwqI98dxDtp7HeQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0G
-CSqGSIb3DQEBBQUAA4IBAQAjfNn5BCzxylBDakFQGWKE/P43PRibMOEzfd7+DzbY
-WIekoz3i00DwoH3b6j4gwlDJRAOq4dF6/Pt/uBOHDo/op+ef+9ErmKPd+ehXN9h3
-7QbccTgz7DtVwA4iRlDRLru+JuXzT+OsCHuFZMOLJ+KD2JAGh3W68JjdcLkrlcpt
-AU0wc5aOHPPfEBdIah8y8QtNzXRVzoBt8zzvgCARkXxTS2u/9QaXR1hML0JtDgQS
-SdZ6Kd8SN6yzqxD+buYD5sOfJmjBF/n3lqFHNMHnnGXy2TAXZtIAWzffU3A0cGPB
-N6FZ026a86HbF1X4k+xszhbJu/ikczyuWnCJIg3fTYSD
------END CERTIFICATE-----
diff --git a/certs/eng5.pem b/certs/eng5.pem
deleted file mode 100644
index 3416ccad2486..000000000000
--- a/certs/eng5.pem
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID6TCCAtGgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBrjELMAkGA1UEBhMCQ0Ex
-CzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRvMRowGAYDVQQKExFUcmFkZXJF
-bmdpbmUgSW5jLjEpMCcGA1UECxMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgRGl2
-aXNpb24xFTATBgNVBAMTDHRyYWRlcmVuZ2luZTEiMCAGCSqGSIb3DQEJARYTY2FA
-dHJhZGVyZW5naW5lLmNvbTAeFw05ODAxMDEwMDAwMDBaFw0zODAxMTcwMDAwMDBa
-MIGuMQswCQYDVQQGEwJDQTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rvcm9udG8x
-GjAYBgNVBAoTEVRyYWRlckVuZ2luZSBJbmMuMSkwJwYDVQQLEyBDZXJ0aWZpY2F0
-aW9uIEF1dGhvcml0eSBEaXZpc2lvbjEVMBMGA1UEAxMMdHJhZGVyZW5naW5lMSIw
-IAYJKoZIhvcNAQkBFhNjYUB0cmFkZXJlbmdpbmUuY29tMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAzyX5QE+5SN+zgNn1v3zp9HmP4hQOWW8WuEVItZVP
-9bt/xj5NeJd1kyPL/SqnF2qHcL3o/74r0Ga55aKHniwKYgQTlp5ELGfQ568QQeN9
-xNIHtUXeStI9zCNZyZC+4YqObdMR/ivKA/WsLfUVMl2lV5JzJJz1BOE0gKEYiEyz
-gIq5oLzkP/mOXoHRvWSZD2D0eHYIO7ovV2epVFK7g7p+dC4QoeIUEli+GF/Myg88
-dV/qmi+Sybck2RLPXa8Nh27/ETVQ7kE1Eafmx7EyCqIhG+5lwJAy3HwHUBwAYuzj
-iuZz5lD8aQmr8SKuvy3eOH9SVN5wh3YBlrNGwTStkESVLwIDAQABoxAwDjAMBgNV
-HRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAWOPAUhZd3x9EQiFJcuxFTMd9q
-axgcriCzJsM6D96sYGko9xTeLhX/lr1bliVYI5AlupoLXAdMzGHJkOgaTirKjQXr
-F9nymDdUWKe3TmwGob5016nQlH7qRKvGO3hka0rOGRK2U/2JT/4Qp8iH/DFi6cyM
-uP0q8n64SAkxZXLzUuFQXqf7U/SNjzb9XJQEIAdjp7eYd3Qb4jDsDcX0FrKMF1aV
-r0dCDnS7am7WTXPYCDGdSkPgEHEtLYIYH3lZp5sKdVZ9wl4F0WNFkRWRUr7AXPjw
-50uLmUNmKCd8JZLMGA1TRNSTi7U9EcrWt0OkMWm74T2WVnAgNsDv2WrWsGfj
------END CERTIFICATE-----
diff --git a/certs/expired/ICE-CA.pem b/certs/expired/ICE-CA.pem
deleted file mode 100644
index 75652366c2a4..000000000000
--- a/certs/expired/ICE-CA.pem
+++ /dev/null
@@ -1,59 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 1 (0x1)
- Signature Algorithm: md5WithRSAEncryption
- Issuer: O=European ICE-TEL project, OU=V3-Certification Authority
- Validity
- Not Before: Apr 2 17:35:53 1997 GMT
- Not After : Apr 2 17:35:53 1998 GMT
- Subject: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt
- Subject Public Key Info:
- Public Key Algorithm: rsa
- RSA Public Key: (512 bit)
- Modulus (512 bit):
- 00:82:75:ba:f6:d1:60:b5:f9:15:b3:6a:dd:29:8f:
- 8b:a4:6f:1a:88:e0:50:43:40:0b:79:41:d5:d3:16:
- 44:7d:74:65:17:42:06:52:0b:e9:50:c8:10:cd:24:
- e2:ae:8d:22:30:73:e6:b4:b7:93:1f:e5:6e:a2:ae:
- 49:11:a5:c9:45
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Authority Key Identifier:
- 0.........z.."p......e..
- X509v3 Subject Key Identifier:
- ..~r..:..B.44fu......3
- X509v3 Key Usage: critical
- ....
- X509v3 Certificate Policies: critical
- 0.0...*...
- X509v3 Subject Alternative Name:
- 0!..secude-support@darmstadt.gmd.de
- X509v3 Issuer Alternative Name:
- 0I..ice-tel-ca@darmstadt.gmd.de.*http://www.darmstadt.gmd.de/ice-tel/euroca
- X509v3 Basic Constraints: critical
- 0....
- X509v3 CRL Distribution Points:
- 0200...,.*http://www.darmstadt.gmd.de/ice-tel/euroca
- Signature Algorithm: md5WithRSAEncryption
- 17:a2:88:b7:99:5a:05:41:e4:13:34:67:e6:1f:3e:26:ec:4b:
- 69:f9:3e:28:22:be:9d:1c:ab:41:6f:0c:00:85:fe:45:74:f6:
- 98:f0:ce:9b:65:53:4a:50:42:c7:d4:92:bd:d7:a2:a8:3d:98:
- 88:73:cd:60:28:79:a3:fc:48:7a
------BEGIN CERTIFICATE-----
-MIICzDCCAnagAwIBAgIBATANBgkqhkiG9w0BAQQFADBIMSEwHwYDVQQKExhFdXJv
-cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
-QXV0aG9yaXR5MB4XDTk3MDQwMjE3MzU1M1oXDTk4MDQwMjE3MzU1M1owXDEhMB8G
-A1UEChMYRXVyb3BlYW4gSUNFLVRFTCBwcm9qZWN0MSMwIQYDVQQLExpWMy1DZXJ0
-aWZpY2F0aW9uIEF1dGhvcml0eTESMBAGA1UEBxMJRGFybXN0YWR0MFkwCgYEVQgB
-AQICAgADSwAwSAJBAIJ1uvbRYLX5FbNq3SmPi6RvGojgUENAC3lB1dMWRH10ZRdC
-BlIL6VDIEM0k4q6NIjBz5rS3kx/lbqKuSRGlyUUCAwEAAaOCATgwggE0MB8GA1Ud
-IwQYMBaAFIr3yNUOx3ro1yJw4AuJ1bbsZbzPMB0GA1UdDgQWBBR+cvL4OoacQog0
-NGZ1w9T80aIRMzAOBgNVHQ8BAf8EBAMCAfYwFAYDVR0gAQH/BAowCDAGBgQqAwQF
-MCoGA1UdEQQjMCGBH3NlY3VkZS1zdXBwb3J0QGRhcm1zdGFkdC5nbWQuZGUwUgYD
-VR0SBEswSYEbaWNlLXRlbC1jYUBkYXJtc3RhZHQuZ21kLmRlhipodHRwOi8vd3d3
-LmRhcm1zdGFkdC5nbWQuZGUvaWNlLXRlbC9ldXJvY2EwDwYDVR0TAQH/BAUwAwEB
-/zA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vd3d3LmRhcm1zdGFkdC5nbWQuZGUv
-aWNlLXRlbC9ldXJvY2EwDQYJKoZIhvcNAQEEBQADQQAXooi3mVoFQeQTNGfmHz4m
-7Etp+T4oIr6dHKtBbwwAhf5FdPaY8M6bZVNKUELH1JK916KoPZiIc81gKHmj/Eh6
------END CERTIFICATE-----
diff --git a/certs/expired/ICE-root.pem b/certs/expired/ICE-root.pem
deleted file mode 100644
index fa991599c9fe..000000000000
--- a/certs/expired/ICE-root.pem
+++ /dev/null
@@ -1,48 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 0 (0x0)
- Signature Algorithm: md5WithRSAEncryption
- Issuer: O=European ICE-TEL project, OU=V3-Certification Authority
- Validity
- Not Before: Apr 2 17:33:36 1997 GMT
- Not After : Apr 2 17:33:36 1998 GMT
- Subject: O=European ICE-TEL project, OU=V3-Certification Authority
- Subject Public Key Info:
- Public Key Algorithm: rsa
- RSA Public Key: (512 bit)
- Modulus (512 bit):
- 00:80:3e:eb:ae:47:a9:fe:10:54:0b:81:8b:9c:2b:
- 82:ab:3a:61:36:65:8b:f3:73:9f:ac:ac:7a:15:a7:
- 13:8f:b4:c4:ba:a3:0f:bc:a5:58:8d:cc:b1:93:31:
- 9e:81:9e:8c:19:61:86:fa:52:73:54:d1:97:76:22:
- e7:c7:9f:41:cd
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Subject Key Identifier:
- ........z.."p......e..
- X509v3 Key Usage: critical
- ....
- X509v3 Subject Alternative Name:
- 0I.*http://www.darmstadt.gmd.de/ice-tel/euroca..ice-tel-ca@darmstadt.gmd.de
- X509v3 Basic Constraints: critical
- 0....
- Signature Algorithm: md5WithRSAEncryption
- 76:69:61:db:b7:cf:8b:06:9e:d8:8c:96:53:d2:4d:a8:23:a6:
- 03:44:e8:8f:24:a5:c0:84:a8:4b:77:d4:2d:2b:7d:37:91:67:
- f2:2c:ce:02:31:4c:6b:cc:ce:f2:68:a6:11:11:ab:7d:88:b8:
- 7e:22:9f:25:06:60:bd:79:30:3d
------BEGIN CERTIFICATE-----
-MIICFjCCAcCgAwIBAgIBADANBgkqhkiG9w0BAQQFADBIMSEwHwYDVQQKExhFdXJv
-cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
-QXV0aG9yaXR5MB4XDTk3MDQwMjE3MzMzNloXDTk4MDQwMjE3MzMzNlowSDEhMB8G
-A1UEChMYRXVyb3BlYW4gSUNFLVRFTCBwcm9qZWN0MSMwIQYDVQQLExpWMy1DZXJ0
-aWZpY2F0aW9uIEF1dGhvcml0eTBZMAoGBFUIAQECAgIAA0sAMEgCQQCAPuuuR6n+
-EFQLgYucK4KrOmE2ZYvzc5+srHoVpxOPtMS6ow+8pViNzLGTMZ6BnowZYYb6UnNU
-0Zd2IufHn0HNAgMBAAGjgZcwgZQwHQYDVR0OBBYEFIr3yNUOx3ro1yJw4AuJ1bbs
-ZbzPMA4GA1UdDwEB/wQEAwIB9jBSBgNVHREESzBJhipodHRwOi8vd3d3LmRhcm1z
-dGFkdC5nbWQuZGUvaWNlLXRlbC9ldXJvY2GBG2ljZS10ZWwtY2FAZGFybXN0YWR0
-LmdtZC5kZTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBAUAA0EAdmlh27fP
-iwae2IyWU9JNqCOmA0TojySlwISoS3fULSt9N5Fn8izOAjFMa8zO8mimERGrfYi4
-fiKfJQZgvXkwPQ==
------END CERTIFICATE-----
diff --git a/certs/expired/ICE-user.pem b/certs/expired/ICE-user.pem
deleted file mode 100644
index 28065fd37d62..000000000000
--- a/certs/expired/ICE-user.pem
+++ /dev/null
@@ -1,63 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 1 (0x1)
- Signature Algorithm: md5WithRSAEncryption
- Issuer: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt
- Validity
- Not Before: Apr 2 17:35:59 1997 GMT
- Not After : Apr 2 17:35:59 1998 GMT
- Subject: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt, CN=USER
- Subject Public Key Info:
- Public Key Algorithm: rsa
- RSA Public Key: (512 bit)
- Modulus (512 bit):
- 00:a8:a8:53:63:49:1b:93:c3:c3:0b:6c:88:11:55:
- de:7e:6a:e2:f9:52:a0:dc:69:25:c4:c8:bf:55:e1:
- 31:a8:ce:e4:a9:29:85:99:8a:15:9a:de:f6:2f:e1:
- b4:50:5f:5e:04:75:a6:f4:76:dc:3c:0e:39:dc:3a:
- be:3e:a4:61:8b
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Authority Key Identifier:
- 0...~r..:..B.44fu......3
- X509v3 Subject Key Identifier:
- ...... .*...1.*.......
- X509v3 Key Usage: critical
- ....
- X509v3 Certificate Policies: critical
- 0.0...*...0.......
- X509v3 Subject Alternative Name:
- 0:..user@darmstadt.gmd.de.!http://www.darmstadt.gmd.de/~user
- X509v3 Issuer Alternative Name:
- 0....gmdca@gmd.de..http://www.gmd.de..saturn.darmstadt.gmd.de.\1!0...U.
-..European ICE-TEL project1#0!..U....V3-Certification Authority1.0...U....Darmstadt..141.12.62.26
- X509v3 Basic Constraints: critical
- 0.
- X509v3 CRL Distribution Points:
- 0.0.......gmdca@gmd.de
- Signature Algorithm: md5WithRSAEncryption
- 69:0c:e1:b7:a7:f2:d8:fb:e8:69:c0:13:cd:37:ad:21:06:22:
- 4d:e8:c6:db:f1:04:0b:b7:e0:b3:d6:0c:81:03:ce:c3:6a:3e:
- c7:e7:24:24:a4:92:64:c2:83:83:06:42:53:0e:6f:09:1e:84:
- 9a:f7:6f:63:9b:94:99:83:d6:a4
------BEGIN CERTIFICATE-----
-MIIDTzCCAvmgAwIBAgIBATANBgkqhkiG9w0BAQQFADBcMSEwHwYDVQQKExhFdXJv
-cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
-QXV0aG9yaXR5MRIwEAYDVQQHEwlEYXJtc3RhZHQwHhcNOTcwNDAyMTczNTU5WhcN
-OTgwNDAyMTczNTU5WjBrMSEwHwYDVQQKExhFdXJvcGVhbiBJQ0UtVEVMIHByb2pl
-Y3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24gQXV0aG9yaXR5MRIwEAYDVQQH
-EwlEYXJtc3RhZHQxDTALBgNVBAMTBFVTRVIwWTAKBgRVCAEBAgICAANLADBIAkEA
-qKhTY0kbk8PDC2yIEVXefmri+VKg3GklxMi/VeExqM7kqSmFmYoVmt72L+G0UF9e
-BHWm9HbcPA453Dq+PqRhiwIDAQABo4IBmDCCAZQwHwYDVR0jBBgwFoAUfnLy+DqG
-nEKINDRmdcPU/NGiETMwHQYDVR0OBBYEFJfc4B8gjSoRmLUx4Sq/ucIYiMrPMA4G
-A1UdDwEB/wQEAwIB8DAcBgNVHSABAf8EEjAQMAYGBCoDBAUwBgYECQgHBjBDBgNV
-HREEPDA6gRV1c2VyQGRhcm1zdGFkdC5nbWQuZGWGIWh0dHA6Ly93d3cuZGFybXN0
-YWR0LmdtZC5kZS9+dXNlcjCBsQYDVR0SBIGpMIGmgQxnbWRjYUBnbWQuZGWGEWh0
-dHA6Ly93d3cuZ21kLmRlghdzYXR1cm4uZGFybXN0YWR0LmdtZC5kZaRcMSEwHwYD
-VQQKExhFdXJvcGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRp
-ZmljYXRpb24gQXV0aG9yaXR5MRIwEAYDVQQHEwlEYXJtc3RhZHSHDDE0MS4xMi42
-Mi4yNjAMBgNVHRMBAf8EAjAAMB0GA1UdHwQWMBQwEqAQoA6BDGdtZGNhQGdtZC5k
-ZTANBgkqhkiG9w0BAQQFAANBAGkM4ben8tj76GnAE803rSEGIk3oxtvxBAu34LPW
-DIEDzsNqPsfnJCSkkmTCg4MGQlMObwkehJr3b2OblJmD1qQ=
------END CERTIFICATE-----
diff --git a/certs/expired/RegTP-4R.pem b/certs/expired/RegTP-4R.pem
deleted file mode 100644
index 6f2c6abccd6c..000000000000
--- a/certs/expired/RegTP-4R.pem
+++ /dev/null
@@ -1,19 +0,0 @@
-issuer= CN=4R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
-notBefore=Jan 21 16:04:53 1999 GMT
-notAfter=Jan 21 16:04:53 2004 GMT
-subject= CN=4R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
------BEGIN CERTIFICATE-----
-MIICZzCCAdOgAwIBAgIEOwVn1DAKBgYrJAMDAQIFADBvMQswCQYDVQQGEwJERTE9
-MDsGA1UEChQ0UmVndWxpZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWth
-dGlvbiB1bmQgUG9zdDEhMAwGBwKCBgEKBxQTATEwEQYDVQQDFAo0Ui1DQSAxOlBO
-MCIYDzE5OTkwMTIxMTYwNDUzWhgPMjAwNDAxMjExNjA0NTNaMG8xCzAJBgNVBAYT
-AkRFMT0wOwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21t
-dW5pa2F0aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjRSLUNB
-IDE6UE4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGAjzHbq2asUlqeWbXTQHso
-aVF6YIPVH3c/B2cbuy9HJ/lnE6x0asOzM2DGDqi47xkdAxPc0LZ0fxO87rkmz7xs
-jJObnVrMXpyUSDSp5Y0wqKJdsFdr6mGFOQZteIti8AJnr8xMkwnWVyuOlEXsFe1h
-5gxwQXrOcPinE6qu1t/3PmECBMAAAAGjEjAQMA4GA1UdDwEB/wQEAwIBBjAKBgYr
-JAMDAQIFAAOBgQA+RdocBmA2VV9E5aKPBcp01tdZAvvW9Tve3docArVKR/4/yvSX
-Z+wvzzk+uu4qBp49HN3nqPYMrzbTmjBFu4ce5fkZ7dHF0W1sSBL0rox5z36Aq2re
-JjfEOEmSnNe0+opuh4FSVOssXblXTE8lEQU0FhhItgDx2ADnWZibaxLG4w==
------END CERTIFICATE-----
diff --git a/certs/expired/factory.pem b/certs/expired/factory.pem
deleted file mode 100644
index 8e28b391b2f3..000000000000
--- a/certs/expired/factory.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICTTCCAbagAwIBAgIBADANBgkqhkiG9w0BAQQFADBMMQswCQYDVQQGEwJHQjEM
-MAoGA1UEChMDVUNMMRgwFgYDVQQLEw9JQ0UtVEVMIFByb2plY3QxFTATBgNVBAMT
-DFRydXN0RmFjdG9yeTAeFw05NzA0MjIxNDM5MTRaFw05ODA0MjIxNDM5MTRaMEwx
-CzAJBgNVBAYTAkdCMQwwCgYDVQQKEwNVQ0wxGDAWBgNVBAsTD0lDRS1URUwgUHJv
-amVjdDEVMBMGA1UEAxMMVHJ1c3RGYWN0b3J5MIGcMAoGBFUIAQECAgQAA4GNADCB
-iQKBgQCEieR8NcXkUW1f0G6aC6u0i8q/98JqS6RxK5YmHIGKCkuTWAUjzLfUa4dt
-U9igGCjTuxaDqlzEim+t/02pmiBZT9HaX++35MjQPUWmsChcYU5WyzGErXi+rQaw
-zlwS73zM8qiPj/97lXYycWhgL0VaiDSPxRXEUdWoaGruom4mNQIDAQABo0IwQDAd
-BgNVHQ4EFgQUHal1LZr7oVg5z6lYzrhTgZRCmcUwDgYDVR0PAQH/BAQDAgH2MA8G
-A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAfaggfl6FZoioecjv0dq8
-/DXo/u11iMZvXn08gjX/zl2b4wtPbShOSY5FhkSm8GeySasz+/Nwb/uzfnIhokWi
-lfPZHtlCWtXbIy/TN51eJyq04ceDCQDWvLC2enVg9KB+GJ34b5c5VaPRzq8MBxsA
-S7ELuYGtmYgYm9NZOIr7yU0=
------END CERTIFICATE-----
diff --git a/certs/expired/rsa-cca.pem b/certs/expired/rsa-cca.pem
deleted file mode 100644
index 69f5c1c84cd7..000000000000
--- a/certs/expired/rsa-cca.pem
+++ /dev/null
@@ -1,19 +0,0 @@
-subject=/C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
-issuer= /C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
-notBefore=941104185834Z
-notAfter =991103185834Z
------BEGIN X509 CERTIFICATE-----
-
-MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw
-HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy
-Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05
-OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT
-ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u
-IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o
-975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/
-touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE
-7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j
-9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI
-0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb
-MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU=
------END X509 CERTIFICATE-----
diff --git a/certs/expired/rsa-ssca.pem b/certs/expired/rsa-ssca.pem
deleted file mode 100644
index c9403212d183..000000000000
--- a/certs/expired/rsa-ssca.pem
+++ /dev/null
@@ -1,19 +0,0 @@
-subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
-issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
-notBefore=941109235417Z
-notAfter =991231235417Z
------BEGIN X509 CERTIFICATE-----
-
-MIICKTCCAZYCBQJBAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw
-HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl
-IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDkyMzU0MTda
-Fw05OTEyMzEyMzU0MTdaMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0
-YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZp
-Y2F0aW9uIEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCSznrB
-roM+WqqJg1esJQF2DK2ujiw3zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12
-aIGaBaJLyUslZiJWbIgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmc
-HhXVSVQsczppgrGXOZxtcGdI5d0t1sgeewIDAQABMA0GCSqGSIb3DQEBAgUAA34A
-iNHReSHO4ovo+MF9NFM/YYPZtgs4F7boviGNjwC4i1N+RGceIr2XJ+CchcxK9oU7
-suK+ktPlDemvXA4MRpX/oRxePug2WHpzpgr4IhFrwwk4fia7c+8AvQKk8xQNMD9h
-cHsg/jKjn7P0Z1LctO6EjJY2IN6BCINxIYoPnqk=
------END X509 CERTIFICATE-----
diff --git a/certs/expired/vsign2.pem b/certs/expired/vsign2.pem
deleted file mode 100644
index d8bdd8c812f1..000000000000
--- a/certs/expired/vsign2.pem
+++ /dev/null
@@ -1,18 +0,0 @@
-subject=/C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority
-notBefore=Jan 29 00:00:00 1996 GMT
-notAfter=Jan 7 23:59:59 2004 GMT
------BEGIN CERTIFICATE-----
-MIICPTCCAaYCEQC6WslMBTuS1qe2307QU5INMA0GCSqGSIb3DQEBAgUAMF8xCzAJ
-BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh
-c3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05
-NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD
-VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMiBQdWJsaWMgUHJp
-bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAtlqLow1qI4OAa885h/QhEzMGTCWi7VUSl8WngLn6g8EgoPovFQ18
-oWBrfnks+gYPOq72G2+x0v8vKFJfg31LxHq3+GYfgFT8t8KOWUoUV0bRmpO+QZED
-uxWAk1zr58wIbD8+s0r8/0tsI9VQgiZEGY4jw3HqGSRHBJ51v8imAB8CAwEAATAN
-BgkqhkiG9w0BAQIFAAOBgQC2AB+TV6QHp0DOZUA/VV7t7/pUSaUw1iF8YYfug5ML
-v7Qz8pisnwa/TqjOFIFMywROWMPPX+5815pvy0GKt3+BuP+EYcYnQ2UdDOyxAArd
-G6S7x3ggKLKi3TaVLuFUT79guXdoEZkj6OpS6KoATmdOu5C1RZtG644W78QzWzM9
-1Q==
------END CERTIFICATE-----
diff --git a/certs/expired/vsign3.pem b/certs/expired/vsign3.pem
deleted file mode 100644
index aa5bb4c1f32b..000000000000
--- a/certs/expired/vsign3.pem
+++ /dev/null
@@ -1,18 +0,0 @@
-subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
-notBefore=Jan 29 00:00:00 1996 GMT
-notAfter=Jan 7 23:59:59 2004 GMT
------BEGIN CERTIFICATE-----
-MIICPTCCAaYCEQDknv3zOugOz6URPhmkJAIyMA0GCSqGSIb3DQEBAgUAMF8xCzAJ
-BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh
-c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05
-NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD
-VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp
-bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAyVxZnvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqo
-RAWq7AMfeH+ek7maAKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4
-rCNfcCk2pMmG57GaIMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATAN
-BgkqhkiG9w0BAQIFAAOBgQBhcOwvP579K+ZoVCGwZ3kIDCCWMYoNer62Jt95LCJp
-STbjl3diYaIy13pUITa6Ask05yXaRDWw0lyAXbOU+Pms7qRgdSoflUkjsUp89LNH
-ciFbfperVKxi513srpvSybIk+4Kt6WcVS7qqpvCXoPawl1cAyAw8CaCCBLpB2veZ
-pA==
------END CERTIFICATE-----
diff --git a/certs/thawteCb.pem b/certs/thawteCb.pem
deleted file mode 100644
index 27df192f0d08..000000000000
--- a/certs/thawteCb.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDEzCCAnygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBxDELMAkGA1UEBhMCWkEx
-FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
-VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
-biBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEm
-MCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wHhcNOTYwODAx
-MDAwMDAwWhcNMjAxMjMxMjM1OTU5WjCBxDELMAkGA1UEBhMCWkExFTATBgNVBAgT
-DFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQKExRUaGF3
-dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNl
-cyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEmMCQGCSqGSIb3
-DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBANOkUG7I/1Zr5s9dtuoMaHVHoqrC2oQl/Kj0R1HahbUgdJSGHg91
-yekIYfUGbTBuFRkC6VLAYttNmZ7iagxEOM3+vuNkCXDF/rFrKbYvScg71CcEJRCX
-L+eQbcAoQpnXTEPew/UhbVSfXcNY4cDk2VuwuNy0e982OsK1ZiIS1ocNAgMBAAGj
-EzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAB/pMaVz7lcxG
-7oWDTSEwjsrZqG9JGubaUeNgcGyEYRGhGshIPllDfU+VPaGLtwtimHp1it2ITk6e
-QNuozDJ0uW8NxuOzRAvZim+aKZuZGCg70eNAKJpaPNW15yAbi8qkq43pUdniTCxZ
-qdq5snUb9kLy78fyGPmJvKP/iiMucEc=
------END CERTIFICATE-----
diff --git a/certs/thawteCp.pem b/certs/thawteCp.pem
deleted file mode 100644
index 51285e33c2fc..000000000000
--- a/certs/thawteCp.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkEx
-FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
-VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
-biBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFByZW1pdW0gU2Vy
-dmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNlcnZlckB0aGF3dGUuY29t
-MB4XDTk2MDgwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgc4xCzAJBgNVBAYTAlpB
-MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsG
-A1UEChMUVGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRp
-b24gU2VydmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNl
-cnZlciBDQTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNv
-bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0jY2aovXwlue2oFBYo847kkE
-VdbQ7xwblRZH7xhINTpS9CtqBo87L+pW46+GjZ4X9560ZXUCTe/LCaIhUdib0GfQ
-ug2SBhRz1JPLlyoAnFxODLz6FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMR
-uHM/qgeN9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
-9w0BAQQFAAOBgQAmSCwWwlj66BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUI
-hfzJATj/Tb7yFkJD57taRvvBxhEf8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZa4JM
-pAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7tUCemDaYj+bvLpgcUQg==
------END CERTIFICATE-----
diff --git a/certs/vsign1.pem b/certs/vsign1.pem
deleted file mode 100644
index 277894d1ff19..000000000000
--- a/certs/vsign1.pem
+++ /dev/null
@@ -1,17 +0,0 @@
-subject=/C=US/O=VeriSign, Inc./OU=Class 1 Public Primary Certification Authority
-notBefore=Jan 29 00:00:00 1996 GMT
-notAfter=Jan 7 23:59:59 2020 GMT
------BEGIN CERTIFICATE-----
-MIICPDCCAaUCEDJQM89Q0VbzXIGtZVxPyCUwDQYJKoZIhvcNAQECBQAwXzELMAkG
-A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
-cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
-MDEyOTAwMDAwMFoXDTIwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
-BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt
-YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f
-zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi
-TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G
-CSqGSIb3DQEBAgUAA4GBAEtEZmBoZOSYG/OwcuaViXzde7OVwB0u2NgZ0C00PcZQ
-mhCGjKo/O6gE/DdSlcPZydvN8oYGxLEb8IKIMEKOF1AcZHq4PplJdJf8rAJD+5YM
-VgQlDHx8h50kp9jwMim1pN9dokzFFjKoQvZFprY2ueC/ZTaTwtLXa9zeWdaiNfhF
------END CERTIFICATE-----
diff --git a/certs/vsign3.pem b/certs/vsign3.pem
deleted file mode 100644
index 4b8c0251cb7b..000000000000
--- a/certs/vsign3.pem
+++ /dev/null
@@ -1,17 +0,0 @@
-subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
-notBefore=Jan 29 00:00:00 1996 GMT
-notAfter=Aug 1 23:59:59 2028 GMT
------BEGIN CERTIFICATE-----
-MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
-A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
-cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
-MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
-BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
-YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
-BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
-I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
-CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do
-lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc
-AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
------END CERTIFICATE-----
diff --git a/certs/vsignss.pem b/certs/vsignss.pem
deleted file mode 100644
index 5de48bfcf974..000000000000
--- a/certs/vsignss.pem
+++ /dev/null
@@ -1,17 +0,0 @@
-subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
-notBefore=Nov 9 00:00:00 1994 GMT
-notAfter=Jan 7 23:59:59 2010 GMT
------BEGIN CERTIFICATE-----
-MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG
-A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
-VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0
-MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV
-BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy
-dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ
-ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII
-0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI
-uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI
-hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3
-YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc
-1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA==
------END CERTIFICATE-----
diff --git a/certs/wellsfgo.pem b/certs/wellsfgo.pem
deleted file mode 100644
index 2ba88cdda792..000000000000
--- a/certs/wellsfgo.pem
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID5TCCAs2gAwIBAgIEOeSXnjANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMC
-VVMxFDASBgNVBAoTC1dlbGxzIEZhcmdvMSwwKgYDVQQLEyNXZWxscyBGYXJnbyBD
-ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEvMC0GA1UEAxMmV2VsbHMgRmFyZ28gUm9v
-dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDAxMDExMTY0MTI4WhcNMjEwMTE0
-MTY0MTI4WjCBgjELMAkGA1UEBhMCVVMxFDASBgNVBAoTC1dlbGxzIEZhcmdvMSww
-KgYDVQQLEyNXZWxscyBGYXJnbyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEvMC0G
-A1UEAxMmV2VsbHMgRmFyZ28gUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEi
-MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVqDM7Jvk0/82bfuUER84A4n13
-5zHCLielTWi5MbqNQ1mXx3Oqfz1cQJ4F5aHiidlMuD+b+Qy0yGIZLEWukR5zcUHE
-SxP9cMIlrCL1dQu3U+SlK93OvRw6esP3E48mVJwWa2uv+9iWsWCaSOAlIiR5NM4O
-JgALTqv9i86C1y8IcGjBqAr5dE8Hq6T54oN+J3N0Prj5OEL8pahbSCOz6+MlsoCu
-ltQKnMJ4msZoGK43YjdeUXWoWGPAUe5AeH6orxqg4bB4nVCMe+ez/I4jsNtlAHCE
-AQgAFG5Uhpq6zPk3EPbg3oQtnaSFN9OH4xXQwReQfhkhahKpdv0SAulPIV4XAgMB
-AAGjYTBfMA8GA1UdEwEB/wQFMAMBAf8wTAYDVR0gBEUwQzBBBgtghkgBhvt7hwcB
-CzAyMDAGCCsGAQUFBwIBFiRodHRwOi8vd3d3LndlbGxzZmFyZ28uY29tL2NlcnRw
-b2xpY3kwDQYJKoZIhvcNAQEFBQADggEBANIn3ZwKdyu7IvICtUpKkfnRLb7kuxpo
-7w6kAOnu5+/u9vnldKTC2FJYxHT7zmu1Oyl5GFrvm+0fazbuSCUlFLZWohDo7qd/
-0D+j0MNdJu4HzMPBJCGHHt8qElNvQRbn7a6U+oxy+hNH8Dx+rn0ROhPs7fpvcmR7
-nX1/Jv16+yWt6j4pf0zjAFcysLPp7VMX2YuyFA4w6OXVE8Zkr8QA1dhYJPz1j+zx
-x32l2w8n0cbyQIjmH/ZhqPRCyLk306m+LFZ4wnKbWV01QIroTmMatukgalHizqSQ
-33ZwmVxwQ023tqcZZE6St8WRPH9IFmV7Fv3L/PvZ1dZPIWU7Sn9Ho/s=
------END CERTIFICATE-----
diff --git a/config b/config
index d7724a5b3f39..dde9275b76b1 100755
--- a/config
+++ b/config
@@ -527,9 +527,9 @@ case "$GUESSOS" in
esac
if [ "$CC" = "gcc" ]; then
case ${ISA:-generic} in
- EV5|EV45) options="$options -march=ev5";;
- EV56|PCA56) options="$options -march=ev56";;
- *) options="$options -march=ev6";;
+ EV5|EV45) options="$options -mcpu=ev5";;
+ EV56|PCA56) options="$options -mcpu=ev56";;
+ *) options="$options -mcpu=ev6";;
esac
fi
;;
@@ -588,7 +588,8 @@ case "$GUESSOS" in
sh*b-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
sh*-*-linux2) OUT="linux-generic32"; options="$options -DL_ENDIAN" ;;
m68k*-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
- s390*-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN -DNO_ASM" ;;
+ s390-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN -DNO_ASM" ;;
+ s390x-*-linux2) OUT="linux-generic64"; options="$options -DB_ENDIAN" ;;
x86_64-*-linux?) OUT="linux-x86_64" ;;
*86-*-linux2) OUT="linux-elf"
if [ "$GCCVER" -gt 28 ]; then
@@ -604,7 +605,7 @@ case "$GUESSOS" in
fi ;;
*-*-linux1) OUT="linux-aout" ;;
*-*-linux2) OUT="linux-generic32" ;;
- sun4u*-*-solaris2)
+ sun4[uv]*-*-solaris2)
OUT="solaris-sparcv9-$CC"
ISA64=`(isalist) 2>/dev/null | grep sparcv9`
if [ "$ISA64" != "" ]; then
@@ -655,8 +656,8 @@ case "$GUESSOS" in
*-*-sunos4) OUT="sunos-$CC" ;;
*86*-*-bsdi4) OUT="BSD-x86-elf"; options="$options no-sse2 -ldl" ;;
- alpha*-*-*bsd*) OUT="BSD-generic64; options="$options -DL_ENDIAN" ;;
- powerpc64-*-*bsd*) OUT="BSD-generic64; options="$options -DB_ENDIAN" ;;
+ alpha*-*-*bsd*) OUT="BSD-generic64"; options="$options -DL_ENDIAN" ;;
+ powerpc64-*-*bsd*) OUT="BSD-generic64"; options="$options -DB_ENDIAN" ;;
sparc64-*-*bsd*) OUT="BSD-sparc64" ;;
ia64-*-*bsd*) OUT="BSD-ia64" ;;
amd64-*-*bsd*) OUT="BSD-x86_64" ;;
@@ -748,7 +749,7 @@ case "$GUESSOS" in
fi
fi
fi
- if (lsattr -E -O -l proc0 | grep -i powerpc) >/dev/null 2>&1; then
+ if (lsattr -E -O -l `lsdev -c processor|awk '{print$1;exit}'` | grep -i powerpc) >/dev/null 2>&1; then
: # this applies even to Power3 and later, as they return PowerPC_POWER[345]
else
options="$options no-asm"
@@ -797,7 +798,7 @@ case "$GUESSOS" in
i386-*) options="$options 386" ;;
esac
-for i in aes bf camellia cast des dh dsa ec hmac idea md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa sha
+for i in aes bf camellia cast des dh dsa ec hmac idea md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa seed sha
do
if [ ! -d crypto/$i ]
then
diff --git a/crypto/aes/Makefile b/crypto/aes/Makefile
index 0f939eb7f8ee..22c7203dbb2e 100644
--- a/crypto/aes/Makefile
+++ b/crypto/aes/Makefile
@@ -24,8 +24,8 @@ APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC=aes_core.c aes_misc.c aes_ecb.c aes_cbc.c aes_cfb.c aes_ofb.c \
- aes_ctr.c aes_ige.c
-LIBOBJ=aes_misc.o aes_ecb.o aes_cfb.o aes_ofb.o aes_ctr.o aes_ige.o \
+ aes_ctr.c aes_ige.c aes_wrap.c
+LIBOBJ=aes_misc.o aes_ecb.o aes_cfb.o aes_ofb.o aes_ctr.o aes_ige.o aes_wrap.o \
$(AES_ASM_OBJ)
SRC= $(LIBSRC)
@@ -57,6 +57,9 @@ ax86-cof.s: asm/aes-586.pl ../perlasm/x86asm.pl
ax86-out.s: asm/aes-586.pl ../perlasm/x86asm.pl
(cd asm; $(PERL) aes-586.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@)
+aes-x86_64.s: asm/aes-x86_64.pl
+ $(PERL) asm/aes-x86_64.pl $@
+
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -117,3 +120,11 @@ aes_misc.o: ../../include/openssl/opensslconf.h
aes_misc.o: ../../include/openssl/opensslv.h aes_locl.h aes_misc.c
aes_ofb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
aes_ofb.o: ../../include/openssl/opensslconf.h aes_locl.h aes_ofb.c
+aes_wrap.o: ../../e_os.h ../../include/openssl/aes.h
+aes_wrap.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+aes_wrap.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+aes_wrap.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+aes_wrap.o: ../../include/openssl/opensslconf.h
+aes_wrap.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+aes_wrap.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+aes_wrap.o: ../../include/openssl/symhacks.h ../cryptlib.h aes_wrap.c
diff --git a/crypto/aes/aes.h b/crypto/aes/aes.h
index e6fc44a24d48..baf0222d49d3 100644
--- a/crypto/aes/aes.h
+++ b/crypto/aes/aes.h
@@ -130,6 +130,12 @@ void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
const AES_KEY *key2, const unsigned char *ivec,
const int enc);
+int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
+ unsigned char *out,
+ const unsigned char *in, unsigned int inlen);
+int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
+ unsigned char *out,
+ const unsigned char *in, unsigned int inlen);
#ifdef __cplusplus
}
diff --git a/crypto/aes/aes_ige.c b/crypto/aes/aes_ige.c
index 2082d060cf94..45d709618187 100644
--- a/crypto/aes/aes_ige.c
+++ b/crypto/aes/aes_ige.c
@@ -54,21 +54,25 @@
#include <openssl/aes.h>
#include "aes_locl.h"
-/*
-static void hexdump(FILE *f,const char *title,const unsigned char *s,int l)
- {
- int n=0;
+#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long))
+typedef struct {
+ unsigned long data[N_WORDS];
+} aes_block_t;
- fprintf(f,"%s",title);
- for( ; n < l ; ++n)
- {
- if((n%16) == 0)
- fprintf(f,"\n%04x",n);
- fprintf(f," %02x",s[n]);
- }
- fprintf(f,"\n");
- }
-*/
+/* XXX: probably some better way to do this */
+#if defined(__i386__) || defined(__x86_64__)
+#define UNALIGNED_MEMOPS_ARE_FAST 1
+#else
+#define UNALIGNED_MEMOPS_ARE_FAST 0
+#endif
+
+#if UNALIGNED_MEMOPS_ARE_FAST
+#define load_block(d, s) (d) = *(const aes_block_t *)(s)
+#define store_block(d, s) *(aes_block_t *)(d) = (s)
+#else
+#define load_block(d, s) memcpy((d).data, (s), AES_BLOCK_SIZE)
+#define store_block(d, s) memcpy((d), (s).data, AES_BLOCK_SIZE)
+#endif
/* N.B. The IV for this mode is _twice_ the block size */
@@ -77,68 +81,125 @@ void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
unsigned char *ivec, const int enc)
{
unsigned long n;
- unsigned long len = length;
- unsigned char tmp[AES_BLOCK_SIZE];
- unsigned char tmp2[AES_BLOCK_SIZE];
- unsigned char prev[AES_BLOCK_SIZE];
- const unsigned char *iv = ivec;
- const unsigned char *iv2 = ivec + AES_BLOCK_SIZE;
+ unsigned long len;
OPENSSL_assert(in && out && key && ivec);
OPENSSL_assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
OPENSSL_assert((length%AES_BLOCK_SIZE) == 0);
+ len = length / AES_BLOCK_SIZE;
+
if (AES_ENCRYPT == enc)
{
- /* XXX: Do a separate case for when in != out (strictly should
- check for overlap, too) */
- while (len >= AES_BLOCK_SIZE)
+ if (in != out &&
+ (UNALIGNED_MEMOPS_ARE_FAST || ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(long)==0))
{
- /* hexdump(stdout, "in", in, AES_BLOCK_SIZE); */
- /* hexdump(stdout, "iv", iv, AES_BLOCK_SIZE); */
- for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
- out[n] = in[n] ^ iv[n];
- /* hexdump(stdout, "in ^ iv", out, AES_BLOCK_SIZE); */
- AES_encrypt(out, out, key);
- /* hexdump(stdout,"enc", out, AES_BLOCK_SIZE); */
- /* hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); */
- for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
- out[n] ^= iv2[n];
- /* hexdump(stdout,"out", out, AES_BLOCK_SIZE); */
- iv = out;
- memcpy(prev, in, AES_BLOCK_SIZE);
- iv2 = prev;
- len -= AES_BLOCK_SIZE;
- in += AES_BLOCK_SIZE;
- out += AES_BLOCK_SIZE;
+ aes_block_t *ivp = (aes_block_t *)ivec;
+ aes_block_t *iv2p = (aes_block_t *)(ivec + AES_BLOCK_SIZE);
+
+ while (len)
+ {
+ aes_block_t *inp = (aes_block_t *)in;
+ aes_block_t *outp = (aes_block_t *)out;
+
+ for(n=0 ; n < N_WORDS; ++n)
+ outp->data[n] = inp->data[n] ^ ivp->data[n];
+ AES_encrypt((unsigned char *)outp->data, (unsigned char *)outp->data, key);
+ for(n=0 ; n < N_WORDS; ++n)
+ outp->data[n] ^= iv2p->data[n];
+ ivp = outp;
+ iv2p = inp;
+ --len;
+ in += AES_BLOCK_SIZE;
+ out += AES_BLOCK_SIZE;
+ }
+ memcpy(ivec, ivp->data, AES_BLOCK_SIZE);
+ memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE);
+ }
+ else
+ {
+ aes_block_t tmp, tmp2;
+ aes_block_t iv;
+ aes_block_t iv2;
+
+ load_block(iv, ivec);
+ load_block(iv2, ivec + AES_BLOCK_SIZE);
+
+ while (len)
+ {
+ load_block(tmp, in);
+ for(n=0 ; n < N_WORDS; ++n)
+ tmp2.data[n] = tmp.data[n] ^ iv.data[n];
+ AES_encrypt((unsigned char *)tmp2.data, (unsigned char *)tmp2.data, key);
+ for(n=0 ; n < N_WORDS; ++n)
+ tmp2.data[n] ^= iv2.data[n];
+ store_block(out, tmp2);
+ iv = tmp2;
+ iv2 = tmp;
+ --len;
+ in += AES_BLOCK_SIZE;
+ out += AES_BLOCK_SIZE;
+ }
+ memcpy(ivec, iv.data, AES_BLOCK_SIZE);
+ memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE);
}
- memcpy(ivec, iv, AES_BLOCK_SIZE);
- memcpy(ivec + AES_BLOCK_SIZE, iv2, AES_BLOCK_SIZE);
}
else
{
- while (len >= AES_BLOCK_SIZE)
+ if (in != out &&
+ (UNALIGNED_MEMOPS_ARE_FAST || ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(long)==0))
{
- memcpy(tmp, in, AES_BLOCK_SIZE);
- memcpy(tmp2, in, AES_BLOCK_SIZE);
- /* hexdump(stdout, "in", in, AES_BLOCK_SIZE); */
- /* hexdump(stdout, "iv2", iv2, AES_BLOCK_SIZE); */
- for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
- tmp[n] ^= iv2[n];
- /* hexdump(stdout, "in ^ iv2", tmp, AES_BLOCK_SIZE); */
- AES_decrypt(tmp, out, key);
- /* hexdump(stdout, "dec", out, AES_BLOCK_SIZE); */
- /* hexdump(stdout, "iv", ivec, AES_BLOCK_SIZE); */
- for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
- out[n] ^= ivec[n];
- /* hexdump(stdout, "out", out, AES_BLOCK_SIZE); */
- memcpy(ivec, tmp2, AES_BLOCK_SIZE);
- iv2 = out;
- len -= AES_BLOCK_SIZE;
- in += AES_BLOCK_SIZE;
- out += AES_BLOCK_SIZE;
+ aes_block_t *ivp = (aes_block_t *)ivec;
+ aes_block_t *iv2p = (aes_block_t *)(ivec + AES_BLOCK_SIZE);
+
+ while (len)
+ {
+ aes_block_t tmp;
+ aes_block_t *inp = (aes_block_t *)in;
+ aes_block_t *outp = (aes_block_t *)out;
+
+ for(n=0 ; n < N_WORDS; ++n)
+ tmp.data[n] = inp->data[n] ^ iv2p->data[n];
+ AES_decrypt((unsigned char *)tmp.data, (unsigned char *)outp->data, key);
+ for(n=0 ; n < N_WORDS; ++n)
+ outp->data[n] ^= ivp->data[n];
+ ivp = inp;
+ iv2p = outp;
+ --len;
+ in += AES_BLOCK_SIZE;
+ out += AES_BLOCK_SIZE;
+ }
+ memcpy(ivec, ivp->data, AES_BLOCK_SIZE);
+ memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE);
+ }
+ else
+ {
+ aes_block_t tmp, tmp2;
+ aes_block_t iv;
+ aes_block_t iv2;
+
+ load_block(iv, ivec);
+ load_block(iv2, ivec + AES_BLOCK_SIZE);
+
+ while (len)
+ {
+ load_block(tmp, in);
+ tmp2 = tmp;
+ for(n=0 ; n < N_WORDS; ++n)
+ tmp.data[n] ^= iv2.data[n];
+ AES_decrypt((unsigned char *)tmp.data, (unsigned char *)tmp.data, key);
+ for(n=0 ; n < N_WORDS; ++n)
+ tmp.data[n] ^= iv.data[n];
+ store_block(out, tmp);
+ iv = tmp2;
+ iv2 = tmp;
+ --len;
+ in += AES_BLOCK_SIZE;
+ out += AES_BLOCK_SIZE;
+ }
+ memcpy(ivec, iv.data, AES_BLOCK_SIZE);
+ memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE);
}
- memcpy(ivec + AES_BLOCK_SIZE, iv2, AES_BLOCK_SIZE);
}
}
@@ -177,17 +238,11 @@ void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
iv2 = ivec + AES_BLOCK_SIZE;
while (len >= AES_BLOCK_SIZE)
{
- /* hexdump(stdout, "in", in, AES_BLOCK_SIZE); */
- /* hexdump(stdout, "iv", iv, AES_BLOCK_SIZE); */
for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
out[n] = in[n] ^ iv[n];
- /* hexdump(stdout, "in ^ iv", out, AES_BLOCK_SIZE); */
AES_encrypt(out, out, key);
- /* hexdump(stdout,"enc", out, AES_BLOCK_SIZE); */
- /* hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); */
for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
out[n] ^= iv2[n];
- /* hexdump(stdout,"out", out, AES_BLOCK_SIZE); */
iv = out;
memcpy(prev, in, AES_BLOCK_SIZE);
iv2 = prev;
@@ -203,8 +258,6 @@ void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
while(len >= AES_BLOCK_SIZE)
{
out -= AES_BLOCK_SIZE;
- /* hexdump(stdout, "intermediate", out, AES_BLOCK_SIZE); */
- /* hexdump(stdout, "iv", iv, AES_BLOCK_SIZE); */
/* XXX: reduce copies by alternating between buffers */
memcpy(tmp, out, AES_BLOCK_SIZE);
for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
@@ -235,17 +288,11 @@ void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
out -= AES_BLOCK_SIZE;
memcpy(tmp, in, AES_BLOCK_SIZE);
memcpy(tmp2, in, AES_BLOCK_SIZE);
- /* hexdump(stdout, "in", in, AES_BLOCK_SIZE); */
- /* hexdump(stdout, "iv2", iv2, AES_BLOCK_SIZE); */
for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
tmp[n] ^= iv2[n];
- /* hexdump(stdout, "in ^ iv2", tmp, AES_BLOCK_SIZE); */
AES_decrypt(tmp, out, key);
- /* hexdump(stdout, "dec", out, AES_BLOCK_SIZE); */
- /* hexdump(stdout, "iv", iv, AES_BLOCK_SIZE); */
for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
out[n] ^= iv[n];
- /* hexdump(stdout, "out", out, AES_BLOCK_SIZE); */
memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
iv = tmp3;
iv2 = out;
@@ -260,17 +307,11 @@ void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
{
memcpy(tmp, out, AES_BLOCK_SIZE);
memcpy(tmp2, out, AES_BLOCK_SIZE);
- /* hexdump(stdout, "intermediate", out, AES_BLOCK_SIZE); */
- /* hexdump(stdout, "iv2", iv2, AES_BLOCK_SIZE); */
for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
tmp[n] ^= iv2[n];
- /* hexdump(stdout, "out ^ iv2", tmp, AES_BLOCK_SIZE); */
AES_decrypt(tmp, out, key);
- /* hexdump(stdout, "dec", out, AES_BLOCK_SIZE); */
- /* hexdump(stdout, "iv", ivec, AES_BLOCK_SIZE); */
for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
out[n] ^= iv[n];
- /* hexdump(stdout, "out", out, AES_BLOCK_SIZE); */
memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
iv = tmp3;
iv2 = out;
@@ -278,6 +319,5 @@ void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
in += AES_BLOCK_SIZE;
out += AES_BLOCK_SIZE;
}
-
}
}
diff --git a/crypto/aes/aes_wrap.c b/crypto/aes/aes_wrap.c
new file mode 100644
index 000000000000..9feacd65d8cd
--- /dev/null
+++ b/crypto/aes/aes_wrap.c
@@ -0,0 +1,259 @@
+/* crypto/aes/aes_wrap.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include "cryptlib.h"
+#include <openssl/aes.h>
+#include <openssl/bio.h>
+
+static const unsigned char default_iv[] = {
+ 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6,
+};
+
+int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
+ unsigned char *out,
+ const unsigned char *in, unsigned int inlen)
+ {
+ unsigned char *A, B[16], *R;
+ unsigned int i, j, t;
+ if ((inlen & 0x7) || (inlen < 8))
+ return -1;
+ A = B;
+ t = 1;
+ memcpy(out + 8, in, inlen);
+ if (!iv)
+ iv = default_iv;
+
+ memcpy(A, iv, 8);
+
+ for (j = 0; j < 6; j++)
+ {
+ R = out + 8;
+ for (i = 0; i < inlen; i += 8, t++, R += 8)
+ {
+ memcpy(B + 8, R, 8);
+ AES_encrypt(B, B, key);
+ A[7] ^= (unsigned char)(t & 0xff);
+ if (t > 0xff)
+ {
+ A[6] ^= (unsigned char)((t & 0xff) >> 8);
+ A[5] ^= (unsigned char)((t & 0xff) >> 16);
+ A[4] ^= (unsigned char)((t & 0xff) >> 24);
+ }
+ memcpy(R, B + 8, 8);
+ }
+ }
+ memcpy(out, A, 8);
+ return inlen + 8;
+ }
+
+int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
+ unsigned char *out,
+ const unsigned char *in, unsigned int inlen)
+ {
+ unsigned char *A, B[16], *R;
+ unsigned int i, j, t;
+ inlen -= 8;
+ if (inlen & 0x7)
+ return -1;
+ if (inlen < 8)
+ return -1;
+ A = B;
+ t = 6 * (inlen >> 3);
+ memcpy(A, in, 8);
+ memcpy(out, in + 8, inlen);
+ for (j = 0; j < 6; j++)
+ {
+ R = out + inlen - 8;
+ for (i = 0; i < inlen; i += 8, t--, R -= 8)
+ {
+ A[7] ^= (unsigned char)(t & 0xff);
+ if (t > 0xff)
+ {
+ A[6] ^= (unsigned char)((t & 0xff) >> 8);
+ A[5] ^= (unsigned char)((t & 0xff) >> 16);
+ A[4] ^= (unsigned char)((t & 0xff) >> 24);
+ }
+ memcpy(B + 8, R, 8);
+ AES_decrypt(B, B, key);
+ memcpy(R, B + 8, 8);
+ }
+ }
+ if (!iv)
+ iv = default_iv;
+ if (memcmp(A, iv, 8))
+ {
+ OPENSSL_cleanse(out, inlen);
+ return 0;
+ }
+ return inlen;
+ }
+
+#ifdef AES_WRAP_TEST
+
+int AES_wrap_unwrap_test(const unsigned char *kek, int keybits,
+ const unsigned char *iv,
+ const unsigned char *eout,
+ const unsigned char *key, int keylen)
+ {
+ unsigned char *otmp = NULL, *ptmp = NULL;
+ int r, ret = 0;
+ AES_KEY wctx;
+ otmp = OPENSSL_malloc(keylen + 8);
+ ptmp = OPENSSL_malloc(keylen);
+ if (!otmp || !ptmp)
+ return 0;
+ if (AES_set_encrypt_key(kek, keybits, &wctx))
+ goto err;
+ r = AES_wrap_key(&wctx, iv, otmp, key, keylen);
+ if (r <= 0)
+ goto err;
+
+ if (eout && memcmp(eout, otmp, keylen))
+ goto err;
+
+ if (AES_set_decrypt_key(kek, keybits, &wctx))
+ goto err;
+ r = AES_unwrap_key(&wctx, iv, ptmp, otmp, r);
+
+ if (memcmp(key, ptmp, keylen))
+ goto err;
+
+ ret = 1;
+
+ err:
+ if (otmp)
+ OPENSSL_free(otmp);
+ if (ptmp)
+ OPENSSL_free(ptmp);
+
+ return ret;
+
+ }
+
+
+
+int main(int argc, char **argv)
+{
+
+static const unsigned char kek[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
+};
+
+static const unsigned char key[] = {
+ 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+ 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
+};
+
+static const unsigned char e1[] = {
+ 0x1f, 0xa6, 0x8b, 0x0a, 0x81, 0x12, 0xb4, 0x47,
+ 0xae, 0xf3, 0x4b, 0xd8, 0xfb, 0x5a, 0x7b, 0x82,
+ 0x9d, 0x3e, 0x86, 0x23, 0x71, 0xd2, 0xcf, 0xe5
+};
+
+static const unsigned char e2[] = {
+ 0x96, 0x77, 0x8b, 0x25, 0xae, 0x6c, 0xa4, 0x35,
+ 0xf9, 0x2b, 0x5b, 0x97, 0xc0, 0x50, 0xae, 0xd2,
+ 0x46, 0x8a, 0xb8, 0xa1, 0x7a, 0xd8, 0x4e, 0x5d
+};
+
+static const unsigned char e3[] = {
+ 0x64, 0xe8, 0xc3, 0xf9, 0xce, 0x0f, 0x5b, 0xa2,
+ 0x63, 0xe9, 0x77, 0x79, 0x05, 0x81, 0x8a, 0x2a,
+ 0x93, 0xc8, 0x19, 0x1e, 0x7d, 0x6e, 0x8a, 0xe7
+};
+
+static const unsigned char e4[] = {
+ 0x03, 0x1d, 0x33, 0x26, 0x4e, 0x15, 0xd3, 0x32,
+ 0x68, 0xf2, 0x4e, 0xc2, 0x60, 0x74, 0x3e, 0xdc,
+ 0xe1, 0xc6, 0xc7, 0xdd, 0xee, 0x72, 0x5a, 0x93,
+ 0x6b, 0xa8, 0x14, 0x91, 0x5c, 0x67, 0x62, 0xd2
+};
+
+static const unsigned char e5[] = {
+ 0xa8, 0xf9, 0xbc, 0x16, 0x12, 0xc6, 0x8b, 0x3f,
+ 0xf6, 0xe6, 0xf4, 0xfb, 0xe3, 0x0e, 0x71, 0xe4,
+ 0x76, 0x9c, 0x8b, 0x80, 0xa3, 0x2c, 0xb8, 0x95,
+ 0x8c, 0xd5, 0xd1, 0x7d, 0x6b, 0x25, 0x4d, 0xa1
+};
+
+static const unsigned char e6[] = {
+ 0x28, 0xc9, 0xf4, 0x04, 0xc4, 0xb8, 0x10, 0xf4,
+ 0xcb, 0xcc, 0xb3, 0x5c, 0xfb, 0x87, 0xf8, 0x26,
+ 0x3f, 0x57, 0x86, 0xe2, 0xd8, 0x0e, 0xd3, 0x26,
+ 0xcb, 0xc7, 0xf0, 0xe7, 0x1a, 0x99, 0xf4, 0x3b,
+ 0xfb, 0x98, 0x8b, 0x9b, 0x7a, 0x02, 0xdd, 0x21
+};
+
+ AES_KEY wctx, xctx;
+ int ret;
+ ret = AES_wrap_unwrap_test(kek, 128, NULL, e1, key, 16);
+ fprintf(stderr, "Key test result %d\n", ret);
+ ret = AES_wrap_unwrap_test(kek, 192, NULL, e2, key, 16);
+ fprintf(stderr, "Key test result %d\n", ret);
+ ret = AES_wrap_unwrap_test(kek, 256, NULL, e3, key, 16);
+ fprintf(stderr, "Key test result %d\n", ret);
+ ret = AES_wrap_unwrap_test(kek, 192, NULL, e4, key, 24);
+ fprintf(stderr, "Key test result %d\n", ret);
+ ret = AES_wrap_unwrap_test(kek, 256, NULL, e5, key, 24);
+ fprintf(stderr, "Key test result %d\n", ret);
+ ret = AES_wrap_unwrap_test(kek, 256, NULL, e6, key, 32);
+ fprintf(stderr, "Key test result %d\n", ret);
+}
+
+
+#endif
diff --git a/crypto/aes/asm/aes-586.pl b/crypto/aes/asm/aes-586.pl
index 2774d1cb49c7..89fa2617944b 100755
--- a/crypto/aes/asm/aes-586.pl
+++ b/crypto/aes/asm/aes-586.pl
@@ -512,11 +512,11 @@ sub declast()
if($i==3) { &mov ($key,&DWP(12,"esp")); }
else { &mov ($out,$s[0]); }
&and ($out,0xFF);
- &movz ($out,&DWP(2048,$td,$out,1));
+ &movz ($out,&BP(2048,$td,$out,1));
if ($i==3) { $tmp=$s[1]; }
&movz ($tmp,&HB($s[1]));
- &movz ($tmp,&DWP(2048,$td,$tmp,1));
+ &movz ($tmp,&BP(2048,$td,$tmp,1));
&shl ($tmp,8);
&xor ($out,$tmp);
@@ -524,14 +524,14 @@ sub declast()
else { mov ($tmp,$s[2]); }
&shr ($tmp,16);
&and ($tmp,0xFF);
- &movz ($tmp,&DWP(2048,$td,$tmp,1));
+ &movz ($tmp,&BP(2048,$td,$tmp,1));
&shl ($tmp,16);
&xor ($out,$tmp);
if ($i==3) { $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); }
else { &mov ($tmp,$s[3]); }
&shr ($tmp,24);
- &movz ($tmp,&DWP(2048,$td,$tmp,1));
+ &movz ($tmp,&BP(2048,$td,$tmp,1));
&shl ($tmp,24);
&xor ($out,$tmp);
if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); }
@@ -940,7 +940,6 @@ my $mark=&DWP(60+240,"esp"); #copy of aes_key->rounds
&cmp ($mark,0); # was the key schedule copied?
&mov ("edi",$_key);
- &mov ("esp",$_esp);
&je (&label("skip_ezero"));
# zero copy of key schedule
&mov ("ecx",240/4);
@@ -948,6 +947,7 @@ my $mark=&DWP(60+240,"esp"); #copy of aes_key->rounds
&align (4);
&data_word(0xABF3F689); # rep stosd
&set_label("skip_ezero")
+ &mov ("esp",$_esp);
&popf ();
&set_label("enc_out");
&function_end_A();
@@ -1197,7 +1197,6 @@ my $mark=&DWP(60+240,"esp"); #copy of aes_key->rounds
&set_label("dec_out");
&cmp ($mark,0); # was the key schedule copied?
&mov ("edi",$_key);
- &mov ("esp",$_esp);
&je (&label("skip_dzero"));
# zero copy of key schedule
&mov ("ecx",240/4);
@@ -1205,6 +1204,7 @@ my $mark=&DWP(60+240,"esp"); #copy of aes_key->rounds
&align (4);
&data_word(0xABF3F689); # rep stosd
&set_label("skip_dzero")
+ &mov ("esp",$_esp);
&popf ();
&function_end("AES_cbc_encrypt");
}
diff --git a/crypto/aes/asm/aes-ia64.S b/crypto/aes/asm/aes-ia64.S
index 542cf335e995..7f6c4c366291 100644
--- a/crypto/aes/asm/aes-ia64.S
+++ b/crypto/aes/asm/aes-ia64.S
@@ -17,14 +17,24 @@
// big-endian input, ECB timing on Itanium 2 is (18 + 13*rounds)
// ticks per block, or 9.25 CPU cycles per byte for 128 bit key.
-.ident "aes-ia64.S, version 1.1"
+// Version 1.2 mitigates the hazard of cache-timing attacks by
+// a) compressing S-boxes from 8KB to 2KB+256B, b) scheduling
+// references to S-boxes for L2 cache latency, c) prefetching T[ed]4
+// prior last round. As result performance dropped to (26 + 15*rounds)
+// ticks per block or 11 cycles per byte processed with 128-bit key.
+// This is ~16% deterioration. For reference Itanium 2 L1 cache has
+// 64 bytes line size and L2 - 128 bytes...
+
+.ident "aes-ia64.S, version 1.2"
.ident "IA-64 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
.explicit
.text
rk0=r8; rk1=r9;
-prsave=r10;
+pfssave=r2;
+lcsave=r10;
+prsave=r3;
maskff=r11;
twenty4=r14;
sixteen=r15;
@@ -44,12 +54,21 @@ te0=r40; te1=r41; te2=r42; te3=r43;
#if defined(_HPUX_SOURCE) && !defined(_LP64)
# define ADDP addp4
-# define KSZ 4
-# define LDKEY ld4
#else
# define ADDP add
#endif
+// Offsets from Te0
+#define TE0 0
+#define TE2 2
+#if defined(_HPUX_SOURCE) || defined(B_ENDIAN)
+#define TE1 3
+#define TE3 1
+#else
+#define TE1 1
+#define TE3 3
+#endif
+
// This implies that AES_KEY comprises 32-bit key schedule elements
// even on LP64 platforms.
#ifndef KSZ
@@ -67,16 +86,19 @@ te0=r40; te1=r41; te2=r42; te3=r43;
// Clobber: r16-r31,rk0-rk1,r32-r43
.align 32
_ia64_AES_encrypt:
+ .prologue
+ .altrp b6
+ .body
{ .mmi; alloc r16=ar.pfs,12,0,0,8
LDKEY t0=[rk0],2*KSZ
mov pr.rot=1<<16 }
{ .mmi; LDKEY t1=[rk1],2*KSZ
- add te1=1024,te0
+ add te1=TE1,te0
add te3=-3,te3 };;
{ .mib; LDKEY t2=[rk0],2*KSZ
- mov ar.ec=3 }
+ mov ar.ec=2 }
{ .mib; LDKEY t3=[rk1],2*KSZ
- add te2=2048,te0
+ add te2=TE2,te0
brp.loop.imp .Le_top,.Le_end-16 };;
{ .mmi; xor s0=s0,t0
@@ -84,8 +106,8 @@ _ia64_AES_encrypt:
mov ar.lc=te3 }
{ .mmi; xor s2=s2,t2
xor s3=s3,t3
- add te3=3072,te0 };;
-
+ add te3=TE3,te0 };;
+
.align 32
.Le_top:
{ .mmi; (p0) LDKEY t0=[rk0],2*KSZ // 0/0:rk[0]
@@ -95,105 +117,184 @@ _ia64_AES_encrypt:
(p0) and te30=s0,maskff // 0/1:s0&0xff
(p0) shr.u te00=s0,twenty4 };; // 0/0:s0>>24
{ .mmi; (p0) LDKEY t2=[rk0],2*KSZ // 1/2:rk[2]
- (p0) shladd te33=te33,2,te3 // 1/0:te0+s0>>24
+ (p0) shladd te33=te33,3,te3 // 1/0:te0+s0>>24
(p0) extr.u te23=s3,8,8 } // 1/1:s3>>8&0xff
{ .mmi; (p0) LDKEY t3=[rk1],2*KSZ // 1/3:rk[3]
- (p0) shladd te30=te30,2,te3 // 1/1:te3+s0
+ (p0) shladd te30=te30,3,te3 // 1/1:te3+s0
(p0) shr.u te01=s1,twenty4 };; // 1/1:s1>>24
{ .mmi; (p0) ld4 te33=[te33] // 2/0:te3[s3&0xff]
- (p0) shladd te22=te22,2,te2 // 2/0:te2+s2>>8&0xff
+ (p0) shladd te22=te22,3,te2 // 2/0:te2+s2>>8&0xff
(p0) extr.u te20=s0,8,8 } // 2/2:s0>>8&0xff
{ .mmi; (p0) ld4 te30=[te30] // 2/1:te3[s0]
- (p0) shladd te23=te23,2,te2 // 2/1:te2+s3>>8
+ (p0) shladd te23=te23,3,te2 // 2/1:te2+s3>>8
(p0) shr.u te02=s2,twenty4 };; // 2/2:s2>>24
{ .mmi; (p0) ld4 te22=[te22] // 3/0:te2[s2>>8]
- (p0) shladd te20=te20,2,te2 // 3/2:te2+s0>>8
+ (p0) shladd te20=te20,3,te2 // 3/2:te2+s0>>8
(p0) extr.u te21=s1,8,8 } // 3/3:s1>>8&0xff
{ .mmi; (p0) ld4 te23=[te23] // 3/1:te2[s3>>8]
- (p0) shladd te00=te00,2,te0 // 3/0:te0+s0>>24
+ (p0) shladd te00=te00,3,te0 // 3/0:te0+s0>>24
(p0) shr.u te03=s3,twenty4 };; // 3/3:s3>>24
{ .mmi; (p0) ld4 te20=[te20] // 4/2:te2[s0>>8]
- (p0) shladd te21=te21,2,te2 // 4/3:te3+s2
+ (p0) shladd te21=te21,3,te2 // 4/3:te3+s2
(p0) extr.u te11=s1,16,8 } // 4/0:s1>>16&0xff
{ .mmi; (p0) ld4 te00=[te00] // 4/0:te0[s0>>24]
- (p0) shladd te01=te01,2,te0 // 4/1:te0+s1>>24
+ (p0) shladd te01=te01,3,te0 // 4/1:te0+s1>>24
(p0) shr.u te13=s3,sixteen };; // 4/2:s3>>16
{ .mmi; (p0) ld4 te21=[te21] // 5/3:te2[s1>>8]
- (p0) shladd te11=te11,2,te1 // 5/0:te1+s1>>16
+ (p0) shladd te11=te11,3,te1 // 5/0:te1+s1>>16
(p0) extr.u te12=s2,16,8 } // 5/1:s2>>16&0xff
{ .mmi; (p0) ld4 te01=[te01] // 5/1:te0[s1>>24]
- (p0) shladd te02=te02,2,te0 // 5/2:te0+s2>>24
+ (p0) shladd te02=te02,3,te0 // 5/2:te0+s2>>24
(p0) and te31=s1,maskff };; // 5/2:s1&0xff
-
{ .mmi; (p0) ld4 te11=[te11] // 6/0:te1[s1>>16]
- (p0) shladd te12=te12,2,te1 // 6/1:te1+s2>>16
+ (p0) shladd te12=te12,3,te1 // 6/1:te1+s2>>16
(p0) extr.u te10=s0,16,8 } // 6/3:s0>>16&0xff
{ .mmi; (p0) ld4 te02=[te02] // 6/2:te0[s2>>24]
- (p0) shladd te03=te03,2,te0 // 6/3:te1+s0>>16
+ (p0) shladd te03=te03,3,te0 // 6/3:te1+s0>>16
(p0) and te32=s2,maskff };; // 6/3:s2&0xff
+
{ .mmi; (p0) ld4 te12=[te12] // 7/1:te1[s2>>16]
- (p0) shladd te31=te31,2,te3 // 7/2:te3+s1&0xff
+ (p0) shladd te31=te31,3,te3 // 7/2:te3+s1&0xff
(p0) and te13=te13,maskff} // 7/2:s3>>16&0xff
{ .mmi; (p0) ld4 te03=[te03] // 7/3:te0[s3>>24]
- (p0) shladd te32=te32,2,te3 // 7/3:te3+s2
+ (p0) shladd te32=te32,3,te3 // 7/3:te3+s2
(p0) xor t0=t0,te33 };; // 7/0:
{ .mmi; (p0) ld4 te31=[te31] // 8/2:te3[s1]
- (p0) shladd te13=te13,2,te1 // 8/2:te1+s3>>16
+ (p0) shladd te13=te13,3,te1 // 8/2:te1+s3>>16
(p0) xor t0=t0,te22 } // 8/0:
{ .mmi; (p0) ld4 te32=[te32] // 8/3:te3[s2]
- (p0) shladd te10=te10,2,te1 // 8/3:te1+s0>>16
+ (p0) shladd te10=te10,3,te1 // 8/3:te1+s0>>16
(p0) xor t1=t1,te30 };; // 8/1:
{ .mmi; (p0) ld4 te13=[te13] // 9/2:te1[s3>>16]
- (p0) xor t0=t0,te00 // 9/0:
- (p0) xor t1=t1,te23 } // 9/1:
-{ .mmi; (p0) ld4 te10=[te10] // 9/3:te1[s0>>16]
- (p0) xor t2=t2,te20 // 9/2:
- (p0) xor t3=t3,te21 };; // 9/3:
-{ .mmi; (p0) xor t0=t0,te11 // 10/0:done!
- (p0) xor t1=t1,te01 // 10/1:
- (p0) xor t2=t2,te02 } // 10/2:
-{ .mmi; (p0) xor t3=t3,te03 // 10/3:
- (p16) cmp.eq p0,p17=r0,r0 };; // 10/clear (p17)
-{ .mmi; (p0) xor t1=t1,te12 // 11/1:done!
- (p0) xor t2=t2,te31 // 11/2:
- (p0) xor t3=t3,te32 } // 11/3:
-{ .mmi; (p17) add te0=4096,te0 // 11/
- (p17) add te1=4096,te1 };; // 11/
-{ .mib; (p0) xor t2=t2,te13 // 12/2:done!
- (p0) xor t3=t3,te10 } // 12/3:done!
-{ .mib; (p17) add te2=4096,te2 // 12/
- (p17) add te3=4096,te3 // 12/
+ (p0) ld4 te10=[te10] // 9/3:te1[s0>>16]
+ (p0) xor t0=t0,te00 };; // 9/0: !L2 scheduling
+{ .mmi; (p0) xor t1=t1,te23 // 10[9]/1:
+ (p0) xor t2=t2,te20 // 10[9]/2:
+ (p0) xor t3=t3,te21 };; // 10[9]/3:
+{ .mmi; (p0) xor t0=t0,te11 // 11[10]/0:done!
+ (p0) xor t1=t1,te01 // 11[10]/1:
+ (p0) xor t2=t2,te02 };; // 11[10]/2: !L2 scheduling
+{ .mmi; (p0) xor t3=t3,te03 // 12[10]/3:
+ (p16) cmp.eq p0,p17=r0,r0 };; // 12[10]/clear (p17)
+{ .mmi; (p0) xor t1=t1,te12 // 13[11]/1:done!
+ (p0) xor t2=t2,te31 // 13[11]/2:
+ (p0) xor t3=t3,te32 } // 13[11]/3:
+{ .mmi; (p17) add te0=2048,te0 // 13[11]/
+ (p17) add te1=2048+64-TE1,te1};; // 13[11]/
+{ .mib; (p0) xor t2=t2,te13 // 14[12]/2:done!
+ (p17) add te2=2048+128-TE2,te2} // 14[12]/
+{ .mib; (p0) xor t3=t3,te10 // 14[12]/3:done!
+ (p17) add te3=2048+192-TE3,te3 // 14[12]/
br.ctop.sptk .Le_top };;
.Le_end:
-{ .mib; mov r16=s0
- mov r20=s1 }
-{ .mib; mov r24=s2
- mov r28=s3
- br.ret.sptk b6 };;
+
+
+{ .mmi; ld8 te12=[te0] // prefetch Te4
+ ld8 te31=[te1] }
+{ .mmi; ld8 te10=[te2]
+ ld8 te32=[te3] }
+
+{ .mmi; LDKEY t0=[rk0],2*KSZ // 0/0:rk[0]
+ and te33=s3,maskff // 0/0:s3&0xff
+ extr.u te22=s2,8,8 } // 0/0:s2>>8&0xff
+{ .mmi; LDKEY t1=[rk1],2*KSZ // 0/1:rk[1]
+ and te30=s0,maskff // 0/1:s0&0xff
+ shr.u te00=s0,twenty4 };; // 0/0:s0>>24
+{ .mmi; LDKEY t2=[rk0],2*KSZ // 1/2:rk[2]
+ add te33=te33,te0 // 1/0:te0+s0>>24
+ extr.u te23=s3,8,8 } // 1/1:s3>>8&0xff
+{ .mmi; LDKEY t3=[rk1],2*KSZ // 1/3:rk[3]
+ add te30=te30,te0 // 1/1:te0+s0
+ shr.u te01=s1,twenty4 };; // 1/1:s1>>24
+{ .mmi; ld1 te33=[te33] // 2/0:te0[s3&0xff]
+ add te22=te22,te0 // 2/0:te0+s2>>8&0xff
+ extr.u te20=s0,8,8 } // 2/2:s0>>8&0xff
+{ .mmi; ld1 te30=[te30] // 2/1:te0[s0]
+ add te23=te23,te0 // 2/1:te0+s3>>8
+ shr.u te02=s2,twenty4 };; // 2/2:s2>>24
+{ .mmi; ld1 te22=[te22] // 3/0:te0[s2>>8]
+ add te20=te20,te0 // 3/2:te0+s0>>8
+ extr.u te21=s1,8,8 } // 3/3:s1>>8&0xff
+{ .mmi; ld1 te23=[te23] // 3/1:te0[s3>>8]
+ add te00=te00,te0 // 3/0:te0+s0>>24
+ shr.u te03=s3,twenty4 };; // 3/3:s3>>24
+{ .mmi; ld1 te20=[te20] // 4/2:te0[s0>>8]
+ add te21=te21,te0 // 4/3:te0+s2
+ extr.u te11=s1,16,8 } // 4/0:s1>>16&0xff
+{ .mmi; ld1 te00=[te00] // 4/0:te0[s0>>24]
+ add te01=te01,te0 // 4/1:te0+s1>>24
+ shr.u te13=s3,sixteen };; // 4/2:s3>>16
+{ .mmi; ld1 te21=[te21] // 5/3:te0[s1>>8]
+ add te11=te11,te0 // 5/0:te0+s1>>16
+ extr.u te12=s2,16,8 } // 5/1:s2>>16&0xff
+{ .mmi; ld1 te01=[te01] // 5/1:te0[s1>>24]
+ add te02=te02,te0 // 5/2:te0+s2>>24
+ and te31=s1,maskff };; // 5/2:s1&0xff
+{ .mmi; ld1 te11=[te11] // 6/0:te0[s1>>16]
+ add te12=te12,te0 // 6/1:te0+s2>>16
+ extr.u te10=s0,16,8 } // 6/3:s0>>16&0xff
+{ .mmi; ld1 te02=[te02] // 6/2:te0[s2>>24]
+ add te03=te03,te0 // 6/3:te0+s0>>16
+ and te32=s2,maskff };; // 6/3:s2&0xff
+
+{ .mmi; ld1 te12=[te12] // 7/1:te0[s2>>16]
+ add te31=te31,te0 // 7/2:te0+s1&0xff
+ dep te33=te22,te33,8,8} // 7/0:
+{ .mmi; ld1 te03=[te03] // 7/3:te0[s3>>24]
+ add te32=te32,te0 // 7/3:te0+s2
+ and te13=te13,maskff};; // 7/2:s3>>16&0xff
+{ .mmi; ld1 te31=[te31] // 8/2:te0[s1]
+ add te13=te13,te0 // 8/2:te0+s3>>16
+ dep te30=te23,te30,8,8} // 8/1:
+{ .mmi; ld1 te32=[te32] // 8/3:te0[s2]
+ add te10=te10,te0 // 8/3:te0+s0>>16
+ shl te00=te00,twenty4};; // 8/0:
+{ .mii; ld1 te13=[te13] // 9/2:te0[s3>>16]
+ dep te33=te11,te33,16,8 // 9/0:
+ shl te01=te01,twenty4};; // 9/1:
+{ .mii; ld1 te10=[te10] // 10/3:te0[s0>>16]
+ dep te31=te20,te31,8,8 // 10/2:
+ shl te02=te02,twenty4};; // 10/2:
+{ .mii; xor t0=t0,te33 // 11/0:
+ dep te32=te21,te32,8,8 // 11/3:
+ shl te12=te12,sixteen};; // 11/1:
+{ .mii; xor r16=t0,te00 // 12/0:done!
+ dep te31=te13,te31,16,8 // 12/2:
+ shl te03=te03,twenty4};; // 12/3:
+{ .mmi; xor t1=t1,te01 // 13/1:
+ xor t2=t2,te02 // 13/2:
+ dep te32=te10,te32,16,8};; // 13/3:
+{ .mmi; xor t1=t1,te30 // 14/1:
+ xor r24=t2,te31 // 14/2:done!
+ xor t3=t3,te32 };; // 14/3:
+{ .mib; xor r20=t1,te12 // 15/1:done!
+ xor r28=t3,te03 // 15/3:done!
+ br.ret.sptk b6 };;
.endp _ia64_AES_encrypt#
// void AES_encrypt (const void *in,void *out,const AES_KEY *key);
.global AES_encrypt#
.proc AES_encrypt#
.align 32
-.skip 16
AES_encrypt:
.prologue
- .fframe 0
- .save ar.pfs,r2
- .save ar.lc,r3
-{ .mmi; alloc r2=ar.pfs,3,0,12,0
- addl out8=@ltoff(AES_Te#),gp
- mov r3=ar.lc }
-{ .mmi; and out0=3,in0
- ADDP in0=0,in0
+ .save ar.pfs,pfssave
+{ .mmi; alloc pfssave=ar.pfs,3,1,12,0
+ and out0=3,in0
+ mov r3=ip }
+{ .mmi; ADDP in0=0,in0
+ mov loc0=psr.um
ADDP out11=KSZ*60,in2 };; // &AES_KEY->rounds
- .body
-{ .mmi; ld8 out8=[out8] // Te0
- ld4 out11=[out11] // AES_KEY->rounds
+{ .mmi; ld4 out11=[out11] // AES_KEY->rounds
+ add out8=(AES_Te#-AES_encrypt#),r3 // Te0
+ .save pr,prsave
mov prsave=pr }
+{ .mmi; rum 1<<3 // clear um.ac
+ .save ar.lc,lcsave
+ mov lcsave=ar.lc };;
+ .body
#if defined(_HPUX_SOURCE) // HPUX is big-endian, cut 15+15 cycles...
{ .mib; cmp.ne p6,p0=out0,r0
add out0=4,in0
@@ -216,8 +317,9 @@ AES_encrypt:
ADDP in1=0,in1
(p6) br.spnt .Le_o_unaligned };;
-{ .mii; mov ar.pfs=r2
- mov ar.lc=r3 }
+{ .mii; mov psr.um=loc0
+ mov ar.pfs=pfssave
+ mov ar.lc=lcsave };;
{ .mmi; st4 [in1]=r16,8 // s0
st4 [in0]=r20,8 // s1
mov pr=prsave,0x1ffff };;
@@ -278,13 +380,13 @@ AES_encrypt:
shr.u r23=r20,twenty4 }//;; // s1
{ .mii; ADDP out2=2,in1
extr.u r21=r20,8,8
- shr.u r22=r20,sixteen }//;;
+ shr.u r22=r20,sixteen }//;;
{ .mii; ADDP out3=3,in1
extr.u r25=r24,8,8 // s2
shr.u r27=r24,twenty4 };;
{ .mii; st1 [out3]=r16,4
extr.u r26=r24,16,8
- shr.u r31=r28,twenty4 }//;; // s3
+ shr.u r31=r28,twenty4 }//;; // s3
{ .mii; st1 [out2]=r17,4
extr.u r29=r28,8,8
shr.u r30=r28,sixteen }//;;
@@ -300,12 +402,13 @@ AES_encrypt:
mov pr=prsave,0x1ffff }//;;
{ .mmi; st1 [out1]=r26,4
st1 [out0]=r27,4
- mov ar.pfs=r2 };;
+ mov ar.pfs=pfssave };;
{ .mmi; st1 [out3]=r28
st1 [out2]=r29
- mov ar.lc=r3 }//;;
-{ .mmb; st1 [out1]=r30
- st1 [out0]=r31
+ mov ar.lc=lcsave }//;;
+{ .mmi; st1 [out1]=r30
+ st1 [out0]=r31 }
+{ .mfb; mov psr.um=loc0 // restore user mask
br.ret.sptk.many b0 };;
.endp AES_encrypt#
@@ -360,16 +463,19 @@ while(<>) {
// Clobber: r16-r31,rk0-rk1,r32-r43
.align 32
_ia64_AES_decrypt:
+ .prologue
+ .altrp b6
+ .body
{ .mmi; alloc r16=ar.pfs,12,0,0,8
LDKEY t0=[rk0],2*KSZ
mov pr.rot=1<<16 }
{ .mmi; LDKEY t1=[rk1],2*KSZ
- add te1=1024,te0
+ add te1=TE1,te0
add te3=-3,te3 };;
{ .mib; LDKEY t2=[rk0],2*KSZ
- mov ar.ec=3 }
+ mov ar.ec=2 }
{ .mib; LDKEY t3=[rk1],2*KSZ
- add te2=2048,te0
+ add te2=TE2,te0
brp.loop.imp .Ld_top,.Ld_end-16 };;
{ .mmi; xor s0=s0,t0
@@ -377,8 +483,8 @@ _ia64_AES_decrypt:
mov ar.lc=te3 }
{ .mmi; xor s2=s2,t2
xor s3=s3,t3
- add te3=3072,te0 };;
-
+ add te3=TE3,te0 };;
+
.align 32
.Ld_top:
{ .mmi; (p0) LDKEY t0=[rk0],2*KSZ // 0/0:rk[0]
@@ -388,105 +494,184 @@ _ia64_AES_decrypt:
(p0) and te32=s2,maskff // 0/1:s0&0xff
(p0) shr.u te00=s0,twenty4 };; // 0/0:s0>>24
{ .mmi; (p0) LDKEY t2=[rk0],2*KSZ // 1/2:rk[2]
- (p0) shladd te31=te31,2,te3 // 1/0:te0+s0>>24
+ (p0) shladd te31=te31,3,te3 // 1/0:te0+s0>>24
(p0) extr.u te23=s3,8,8 } // 1/1:s3>>8&0xff
{ .mmi; (p0) LDKEY t3=[rk1],2*KSZ // 1/3:rk[3]
- (p0) shladd te32=te32,2,te3 // 1/1:te3+s0
+ (p0) shladd te32=te32,3,te3 // 1/1:te3+s0
(p0) shr.u te01=s1,twenty4 };; // 1/1:s1>>24
{ .mmi; (p0) ld4 te31=[te31] // 2/0:te3[s3&0xff]
- (p0) shladd te22=te22,2,te2 // 2/0:te2+s2>>8&0xff
+ (p0) shladd te22=te22,3,te2 // 2/0:te2+s2>>8&0xff
(p0) extr.u te20=s0,8,8 } // 2/2:s0>>8&0xff
{ .mmi; (p0) ld4 te32=[te32] // 2/1:te3[s0]
- (p0) shladd te23=te23,2,te2 // 2/1:te2+s3>>8
+ (p0) shladd te23=te23,3,te2 // 2/1:te2+s3>>8
(p0) shr.u te02=s2,twenty4 };; // 2/2:s2>>24
{ .mmi; (p0) ld4 te22=[te22] // 3/0:te2[s2>>8]
- (p0) shladd te20=te20,2,te2 // 3/2:te2+s0>>8
+ (p0) shladd te20=te20,3,te2 // 3/2:te2+s0>>8
(p0) extr.u te21=s1,8,8 } // 3/3:s1>>8&0xff
{ .mmi; (p0) ld4 te23=[te23] // 3/1:te2[s3>>8]
- (p0) shladd te00=te00,2,te0 // 3/0:te0+s0>>24
+ (p0) shladd te00=te00,3,te0 // 3/0:te0+s0>>24
(p0) shr.u te03=s3,twenty4 };; // 3/3:s3>>24
{ .mmi; (p0) ld4 te20=[te20] // 4/2:te2[s0>>8]
- (p0) shladd te21=te21,2,te2 // 4/3:te3+s2
+ (p0) shladd te21=te21,3,te2 // 4/3:te3+s2
(p0) extr.u te13=s3,16,8 } // 4/0:s1>>16&0xff
{ .mmi; (p0) ld4 te00=[te00] // 4/0:te0[s0>>24]
- (p0) shladd te01=te01,2,te0 // 4/1:te0+s1>>24
+ (p0) shladd te01=te01,3,te0 // 4/1:te0+s1>>24
(p0) shr.u te11=s1,sixteen };; // 4/2:s3>>16
{ .mmi; (p0) ld4 te21=[te21] // 5/3:te2[s1>>8]
- (p0) shladd te13=te13,2,te1 // 5/0:te1+s1>>16
+ (p0) shladd te13=te13,3,te1 // 5/0:te1+s1>>16
(p0) extr.u te10=s0,16,8 } // 5/1:s2>>16&0xff
{ .mmi; (p0) ld4 te01=[te01] // 5/1:te0[s1>>24]
- (p0) shladd te02=te02,2,te0 // 5/2:te0+s2>>24
+ (p0) shladd te02=te02,3,te0 // 5/2:te0+s2>>24
(p0) and te33=s3,maskff };; // 5/2:s1&0xff
-
{ .mmi; (p0) ld4 te13=[te13] // 6/0:te1[s1>>16]
- (p0) shladd te10=te10,2,te1 // 6/1:te1+s2>>16
+ (p0) shladd te10=te10,3,te1 // 6/1:te1+s2>>16
(p0) extr.u te12=s2,16,8 } // 6/3:s0>>16&0xff
{ .mmi; (p0) ld4 te02=[te02] // 6/2:te0[s2>>24]
- (p0) shladd te03=te03,2,te0 // 6/3:te1+s0>>16
+ (p0) shladd te03=te03,3,te0 // 6/3:te1+s0>>16
(p0) and te30=s0,maskff };; // 6/3:s2&0xff
+
{ .mmi; (p0) ld4 te10=[te10] // 7/1:te1[s2>>16]
- (p0) shladd te33=te33,2,te3 // 7/2:te3+s1&0xff
+ (p0) shladd te33=te33,3,te3 // 7/2:te3+s1&0xff
(p0) and te11=te11,maskff} // 7/2:s3>>16&0xff
{ .mmi; (p0) ld4 te03=[te03] // 7/3:te0[s3>>24]
- (p0) shladd te30=te30,2,te3 // 7/3:te3+s2
+ (p0) shladd te30=te30,3,te3 // 7/3:te3+s2
(p0) xor t0=t0,te31 };; // 7/0:
{ .mmi; (p0) ld4 te33=[te33] // 8/2:te3[s1]
- (p0) shladd te11=te11,2,te1 // 8/2:te1+s3>>16
+ (p0) shladd te11=te11,3,te1 // 8/2:te1+s3>>16
(p0) xor t0=t0,te22 } // 8/0:
{ .mmi; (p0) ld4 te30=[te30] // 8/3:te3[s2]
- (p0) shladd te12=te12,2,te1 // 8/3:te1+s0>>16
+ (p0) shladd te12=te12,3,te1 // 8/3:te1+s0>>16
(p0) xor t1=t1,te32 };; // 8/1:
{ .mmi; (p0) ld4 te11=[te11] // 9/2:te1[s3>>16]
- (p0) xor t0=t0,te00 // 9/0:
- (p0) xor t1=t1,te23 } // 9/1:
-{ .mmi; (p0) ld4 te12=[te12] // 9/3:te1[s0>>16]
- (p0) xor t2=t2,te20 // 9/2:
- (p0) xor t3=t3,te21 };; // 9/3:
-{ .mmi; (p0) xor t0=t0,te13 // 10/0:done!
- (p0) xor t1=t1,te01 // 10/1:
- (p0) xor t2=t2,te02 } // 10/2:
-{ .mmi; (p0) xor t3=t3,te03 // 10/3:
- (p16) cmp.eq p0,p17=r0,r0 };; // 10/clear (p17)
-{ .mmi; (p0) xor t1=t1,te10 // 11/1:done!
- (p0) xor t2=t2,te33 // 11/2:
- (p0) xor t3=t3,te30 } // 11/3:
-{ .mmi; (p17) add te0=4096,te0 // 11/
- (p17) add te1=4096,te1 };; // 11/
-{ .mib; (p0) xor t2=t2,te11 // 12/2:done!
- (p0) xor t3=t3,te12 } // 12/3:done!
-{ .mib; (p17) add te2=4096,te2 // 12/
- (p17) add te3=4096,te3 // 12/
+ (p0) ld4 te12=[te12] // 9/3:te1[s0>>16]
+ (p0) xor t0=t0,te00 };; // 9/0: !L2 scheduling
+{ .mmi; (p0) xor t1=t1,te23 // 10[9]/1:
+ (p0) xor t2=t2,te20 // 10[9]/2:
+ (p0) xor t3=t3,te21 };; // 10[9]/3:
+{ .mmi; (p0) xor t0=t0,te13 // 11[10]/0:done!
+ (p0) xor t1=t1,te01 // 11[10]/1:
+ (p0) xor t2=t2,te02 };; // 11[10]/2: !L2 scheduling
+{ .mmi; (p0) xor t3=t3,te03 // 12[10]/3:
+ (p16) cmp.eq p0,p17=r0,r0 };; // 12[10]/clear (p17)
+{ .mmi; (p0) xor t1=t1,te10 // 13[11]/1:done!
+ (p0) xor t2=t2,te33 // 13[11]/2:
+ (p0) xor t3=t3,te30 } // 13[11]/3:
+{ .mmi; (p17) add te0=2048,te0 // 13[11]/
+ (p17) add te1=2048+64-TE1,te1};; // 13[11]/
+{ .mib; (p0) xor t2=t2,te11 // 14[12]/2:done!
+ (p17) add te2=2048+128-TE2,te2} // 14[12]/
+{ .mib; (p0) xor t3=t3,te12 // 14[12]/3:done!
+ (p17) add te3=2048+192-TE3,te3 // 14[12]/
br.ctop.sptk .Ld_top };;
.Ld_end:
-{ .mib; mov r16=s0
- mov r20=s1 }
-{ .mib; mov r24=s2
- mov r28=s3
- br.ret.sptk b6 };;
+
+
+{ .mmi; ld8 te10=[te0] // prefetch Td4
+ ld8 te33=[te1] }
+{ .mmi; ld8 te12=[te2]
+ ld8 te30=[te3] }
+
+{ .mmi; LDKEY t0=[rk0],2*KSZ // 0/0:rk[0]
+ and te31=s1,maskff // 0/0:s3&0xff
+ extr.u te22=s2,8,8 } // 0/0:s2>>8&0xff
+{ .mmi; LDKEY t1=[rk1],2*KSZ // 0/1:rk[1]
+ and te32=s2,maskff // 0/1:s0&0xff
+ shr.u te00=s0,twenty4 };; // 0/0:s0>>24
+{ .mmi; LDKEY t2=[rk0],2*KSZ // 1/2:rk[2]
+ add te31=te31,te0 // 1/0:te0+s0>>24
+ extr.u te23=s3,8,8 } // 1/1:s3>>8&0xff
+{ .mmi; LDKEY t3=[rk1],2*KSZ // 1/3:rk[3]
+ add te32=te32,te0 // 1/1:te0+s0
+ shr.u te01=s1,twenty4 };; // 1/1:s1>>24
+{ .mmi; ld1 te31=[te31] // 2/0:te0[s3&0xff]
+ add te22=te22,te0 // 2/0:te0+s2>>8&0xff
+ extr.u te20=s0,8,8 } // 2/2:s0>>8&0xff
+{ .mmi; ld1 te32=[te32] // 2/1:te0[s0]
+ add te23=te23,te0 // 2/1:te0+s3>>8
+ shr.u te02=s2,twenty4 };; // 2/2:s2>>24
+{ .mmi; ld1 te22=[te22] // 3/0:te0[s2>>8]
+ add te20=te20,te0 // 3/2:te0+s0>>8
+ extr.u te21=s1,8,8 } // 3/3:s1>>8&0xff
+{ .mmi; ld1 te23=[te23] // 3/1:te0[s3>>8]
+ add te00=te00,te0 // 3/0:te0+s0>>24
+ shr.u te03=s3,twenty4 };; // 3/3:s3>>24
+{ .mmi; ld1 te20=[te20] // 4/2:te0[s0>>8]
+ add te21=te21,te0 // 4/3:te0+s2
+ extr.u te13=s3,16,8 } // 4/0:s1>>16&0xff
+{ .mmi; ld1 te00=[te00] // 4/0:te0[s0>>24]
+ add te01=te01,te0 // 4/1:te0+s1>>24
+ shr.u te11=s1,sixteen };; // 4/2:s3>>16
+{ .mmi; ld1 te21=[te21] // 5/3:te0[s1>>8]
+ add te13=te13,te0 // 5/0:te0+s1>>16
+ extr.u te10=s0,16,8 } // 5/1:s2>>16&0xff
+{ .mmi; ld1 te01=[te01] // 5/1:te0[s1>>24]
+ add te02=te02,te0 // 5/2:te0+s2>>24
+ and te33=s3,maskff };; // 5/2:s1&0xff
+{ .mmi; ld1 te13=[te13] // 6/0:te0[s1>>16]
+ add te10=te10,te0 // 6/1:te0+s2>>16
+ extr.u te12=s2,16,8 } // 6/3:s0>>16&0xff
+{ .mmi; ld1 te02=[te02] // 6/2:te0[s2>>24]
+ add te03=te03,te0 // 6/3:te0+s0>>16
+ and te30=s0,maskff };; // 6/3:s2&0xff
+
+{ .mmi; ld1 te10=[te10] // 7/1:te0[s2>>16]
+ add te33=te33,te0 // 7/2:te0+s1&0xff
+ dep te31=te22,te31,8,8} // 7/0:
+{ .mmi; ld1 te03=[te03] // 7/3:te0[s3>>24]
+ add te30=te30,te0 // 7/3:te0+s2
+ and te11=te11,maskff};; // 7/2:s3>>16&0xff
+{ .mmi; ld1 te33=[te33] // 8/2:te0[s1]
+ add te11=te11,te0 // 8/2:te0+s3>>16
+ dep te32=te23,te32,8,8} // 8/1:
+{ .mmi; ld1 te30=[te30] // 8/3:te0[s2]
+ add te12=te12,te0 // 8/3:te0+s0>>16
+ shl te00=te00,twenty4};; // 8/0:
+{ .mii; ld1 te11=[te11] // 9/2:te0[s3>>16]
+ dep te31=te13,te31,16,8 // 9/0:
+ shl te01=te01,twenty4};; // 9/1:
+{ .mii; ld1 te12=[te12] // 10/3:te0[s0>>16]
+ dep te33=te20,te33,8,8 // 10/2:
+ shl te02=te02,twenty4};; // 10/2:
+{ .mii; xor t0=t0,te31 // 11/0:
+ dep te30=te21,te30,8,8 // 11/3:
+ shl te10=te10,sixteen};; // 11/1:
+{ .mii; xor r16=t0,te00 // 12/0:done!
+ dep te33=te11,te33,16,8 // 12/2:
+ shl te03=te03,twenty4};; // 12/3:
+{ .mmi; xor t1=t1,te01 // 13/1:
+ xor t2=t2,te02 // 13/2:
+ dep te30=te12,te30,16,8};; // 13/3:
+{ .mmi; xor t1=t1,te32 // 14/1:
+ xor r24=t2,te33 // 14/2:done!
+ xor t3=t3,te30 };; // 14/3:
+{ .mib; xor r20=t1,te10 // 15/1:done!
+ xor r28=t3,te03 // 15/3:done!
+ br.ret.sptk b6 };;
.endp _ia64_AES_decrypt#
// void AES_decrypt (const void *in,void *out,const AES_KEY *key);
.global AES_decrypt#
.proc AES_decrypt#
.align 32
-.skip 16
AES_decrypt:
.prologue
- .fframe 0
- .save ar.pfs,r2
- .save ar.lc,r3
-{ .mmi; alloc r2=ar.pfs,3,0,12,0
- addl out8=@ltoff(AES_Td#),gp
- mov r3=ar.lc }
-{ .mmi; and out0=3,in0
- ADDP in0=0,in0
+ .save ar.pfs,pfssave
+{ .mmi; alloc pfssave=ar.pfs,3,1,12,0
+ and out0=3,in0
+ mov r3=ip }
+{ .mmi; ADDP in0=0,in0
+ mov loc0=psr.um
ADDP out11=KSZ*60,in2 };; // &AES_KEY->rounds
- .body
-{ .mmi; ld8 out8=[out8] // Te0
- ld4 out11=[out11] // AES_KEY->rounds
+{ .mmi; ld4 out11=[out11] // AES_KEY->rounds
+ add out8=(AES_Td#-AES_decrypt#),r3 // Te0
+ .save pr,prsave
mov prsave=pr }
+{ .mmi; rum 1<<3 // clear um.ac
+ .save ar.lc,lcsave
+ mov lcsave=ar.lc };;
+ .body
#if defined(_HPUX_SOURCE) // HPUX is big-endian, cut 15+15 cycles...
{ .mib; cmp.ne p6,p0=out0,r0
add out0=4,in0
@@ -509,8 +694,9 @@ AES_decrypt:
ADDP in1=0,in1
(p6) br.spnt .Ld_o_unaligned };;
-{ .mii; mov ar.pfs=r2
- mov ar.lc=r3 }
+{ .mii; mov psr.um=loc0
+ mov ar.pfs=pfssave
+ mov ar.lc=lcsave };;
{ .mmi; st4 [in1]=r16,8 // s0
st4 [in0]=r20,8 // s1
mov pr=prsave,0x1ffff };;
@@ -571,13 +757,13 @@ AES_decrypt:
shr.u r23=r20,twenty4 }//;; // s1
{ .mii; ADDP out2=2,in1
extr.u r21=r20,8,8
- shr.u r22=r20,sixteen }//;;
+ shr.u r22=r20,sixteen }//;;
{ .mii; ADDP out3=3,in1
extr.u r25=r24,8,8 // s2
shr.u r27=r24,twenty4 };;
{ .mii; st1 [out3]=r16,4
extr.u r26=r24,16,8
- shr.u r31=r28,twenty4 }//;; // s3
+ shr.u r31=r28,twenty4 }//;; // s3
{ .mii; st1 [out2]=r17,4
extr.u r29=r28,8,8
shr.u r30=r28,sixteen }//;;
@@ -593,12 +779,13 @@ AES_decrypt:
mov pr=prsave,0x1ffff }//;;
{ .mmi; st1 [out1]=r26,4
st1 [out0]=r27,4
- mov ar.pfs=r2 };;
+ mov ar.pfs=pfssave };;
{ .mmi; st1 [out3]=r28
st1 [out2]=r29
- mov ar.lc=r3 }//;;
-{ .mmb; st1 [out1]=r30
- st1 [out0]=r31
+ mov ar.lc=lcsave }//;;
+{ .mmi; st1 [out1]=r30
+ st1 [out0]=r31 }
+{ .mfb; mov psr.um=loc0 // restore user mask
br.ret.sptk.many b0 };;
.endp AES_decrypt#
@@ -606,1047 +793,331 @@ AES_decrypt:
.align 64
.global AES_Te#
.type AES_Te#,@object
-AES_Te: data4 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d
- data4 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554
- data4 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d
- data4 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a
- data4 0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87
- data4 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b
- data4 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea
- data4 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b
- data4 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a
- data4 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f
- data4 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108
- data4 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f
- data4 0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e
- data4 0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5
- data4 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d
- data4 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f
- data4 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e
- data4 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb
- data4 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce
- data4 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497
- data4 0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c
- data4 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed
- data4 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b
- data4 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a
- data4 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16
- data4 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594
- data4 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81
- data4 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3
- data4 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a
- data4 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504
- data4 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163
- data4 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d
- data4 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f
- data4 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739
- data4 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47
- data4 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395
- data4 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f
- data4 0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883
- data4 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c
- data4 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76
- data4 0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e
- data4 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4
- data4 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6
- data4 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b
- data4 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7
- data4 0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0
- data4 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25
- data4 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818
- data4 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72
- data4 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651
- data4 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21
- data4 0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85
- data4 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa
- data4 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12
- data4 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0
- data4 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9
- data4 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133
- data4 0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7
- data4 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920
- data4 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a
- data4 0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17
- data4 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8
- data4 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11
- data4 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a
-// Te1:
- data4 0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b
- data4 0x0dfff2f2, 0xbdd66b6b, 0xb1de6f6f, 0x5491c5c5
- data4 0x50603030, 0x03020101, 0xa9ce6767, 0x7d562b2b
- data4 0x19e7fefe, 0x62b5d7d7, 0xe64dabab, 0x9aec7676
- data4 0x458fcaca, 0x9d1f8282, 0x4089c9c9, 0x87fa7d7d
- data4 0x15effafa, 0xebb25959, 0xc98e4747, 0x0bfbf0f0
- data4 0xec41adad, 0x67b3d4d4, 0xfd5fa2a2, 0xea45afaf
- data4 0xbf239c9c, 0xf753a4a4, 0x96e47272, 0x5b9bc0c0
- data4 0xc275b7b7, 0x1ce1fdfd, 0xae3d9393, 0x6a4c2626
- data4 0x5a6c3636, 0x417e3f3f, 0x02f5f7f7, 0x4f83cccc
- data4 0x5c683434, 0xf451a5a5, 0x34d1e5e5, 0x08f9f1f1
- data4 0x93e27171, 0x73abd8d8, 0x53623131, 0x3f2a1515
- data4 0x0c080404, 0x5295c7c7, 0x65462323, 0x5e9dc3c3
- data4 0x28301818, 0xa1379696, 0x0f0a0505, 0xb52f9a9a
- data4 0x090e0707, 0x36241212, 0x9b1b8080, 0x3ddfe2e2
- data4 0x26cdebeb, 0x694e2727, 0xcd7fb2b2, 0x9fea7575
- data4 0x1b120909, 0x9e1d8383, 0x74582c2c, 0x2e341a1a
- data4 0x2d361b1b, 0xb2dc6e6e, 0xeeb45a5a, 0xfb5ba0a0
- data4 0xf6a45252, 0x4d763b3b, 0x61b7d6d6, 0xce7db3b3
- data4 0x7b522929, 0x3edde3e3, 0x715e2f2f, 0x97138484
- data4 0xf5a65353, 0x68b9d1d1, 0x00000000, 0x2cc1eded
- data4 0x60402020, 0x1fe3fcfc, 0xc879b1b1, 0xedb65b5b
- data4 0xbed46a6a, 0x468dcbcb, 0xd967bebe, 0x4b723939
- data4 0xde944a4a, 0xd4984c4c, 0xe8b05858, 0x4a85cfcf
- data4 0x6bbbd0d0, 0x2ac5efef, 0xe54faaaa, 0x16edfbfb
- data4 0xc5864343, 0xd79a4d4d, 0x55663333, 0x94118585
- data4 0xcf8a4545, 0x10e9f9f9, 0x06040202, 0x81fe7f7f
- data4 0xf0a05050, 0x44783c3c, 0xba259f9f, 0xe34ba8a8
- data4 0xf3a25151, 0xfe5da3a3, 0xc0804040, 0x8a058f8f
- data4 0xad3f9292, 0xbc219d9d, 0x48703838, 0x04f1f5f5
- data4 0xdf63bcbc, 0xc177b6b6, 0x75afdada, 0x63422121
- data4 0x30201010, 0x1ae5ffff, 0x0efdf3f3, 0x6dbfd2d2
- data4 0x4c81cdcd, 0x14180c0c, 0x35261313, 0x2fc3ecec
- data4 0xe1be5f5f, 0xa2359797, 0xcc884444, 0x392e1717
- data4 0x5793c4c4, 0xf255a7a7, 0x82fc7e7e, 0x477a3d3d
- data4 0xacc86464, 0xe7ba5d5d, 0x2b321919, 0x95e67373
- data4 0xa0c06060, 0x98198181, 0xd19e4f4f, 0x7fa3dcdc
- data4 0x66442222, 0x7e542a2a, 0xab3b9090, 0x830b8888
- data4 0xca8c4646, 0x29c7eeee, 0xd36bb8b8, 0x3c281414
- data4 0x79a7dede, 0xe2bc5e5e, 0x1d160b0b, 0x76addbdb
- data4 0x3bdbe0e0, 0x56643232, 0x4e743a3a, 0x1e140a0a
- data4 0xdb924949, 0x0a0c0606, 0x6c482424, 0xe4b85c5c
- data4 0x5d9fc2c2, 0x6ebdd3d3, 0xef43acac, 0xa6c46262
- data4 0xa8399191, 0xa4319595, 0x37d3e4e4, 0x8bf27979
- data4 0x32d5e7e7, 0x438bc8c8, 0x596e3737, 0xb7da6d6d
- data4 0x8c018d8d, 0x64b1d5d5, 0xd29c4e4e, 0xe049a9a9
- data4 0xb4d86c6c, 0xfaac5656, 0x07f3f4f4, 0x25cfeaea
- data4 0xafca6565, 0x8ef47a7a, 0xe947aeae, 0x18100808
- data4 0xd56fbaba, 0x88f07878, 0x6f4a2525, 0x725c2e2e
- data4 0x24381c1c, 0xf157a6a6, 0xc773b4b4, 0x5197c6c6
- data4 0x23cbe8e8, 0x7ca1dddd, 0x9ce87474, 0x213e1f1f
- data4 0xdd964b4b, 0xdc61bdbd, 0x860d8b8b, 0x850f8a8a
- data4 0x90e07070, 0x427c3e3e, 0xc471b5b5, 0xaacc6666
- data4 0xd8904848, 0x05060303, 0x01f7f6f6, 0x121c0e0e
- data4 0xa3c26161, 0x5f6a3535, 0xf9ae5757, 0xd069b9b9
- data4 0x91178686, 0x5899c1c1, 0x273a1d1d, 0xb9279e9e
- data4 0x38d9e1e1, 0x13ebf8f8, 0xb32b9898, 0x33221111
- data4 0xbbd26969, 0x70a9d9d9, 0x89078e8e, 0xa7339494
- data4 0xb62d9b9b, 0x223c1e1e, 0x92158787, 0x20c9e9e9
- data4 0x4987cece, 0xffaa5555, 0x78502828, 0x7aa5dfdf
- data4 0x8f038c8c, 0xf859a1a1, 0x80098989, 0x171a0d0d
- data4 0xda65bfbf, 0x31d7e6e6, 0xc6844242, 0xb8d06868
- data4 0xc3824141, 0xb0299999, 0x775a2d2d, 0x111e0f0f
- data4 0xcb7bb0b0, 0xfca85454, 0xd66dbbbb, 0x3a2c1616
-// Te2:
- data4 0x63a5c663, 0x7c84f87c, 0x7799ee77, 0x7b8df67b
- data4 0xf20dfff2, 0x6bbdd66b, 0x6fb1de6f, 0xc55491c5
- data4 0x30506030, 0x01030201, 0x67a9ce67, 0x2b7d562b
- data4 0xfe19e7fe, 0xd762b5d7, 0xabe64dab, 0x769aec76
- data4 0xca458fca, 0x829d1f82, 0xc94089c9, 0x7d87fa7d
- data4 0xfa15effa, 0x59ebb259, 0x47c98e47, 0xf00bfbf0
- data4 0xadec41ad, 0xd467b3d4, 0xa2fd5fa2, 0xafea45af
- data4 0x9cbf239c, 0xa4f753a4, 0x7296e472, 0xc05b9bc0
- data4 0xb7c275b7, 0xfd1ce1fd, 0x93ae3d93, 0x266a4c26
- data4 0x365a6c36, 0x3f417e3f, 0xf702f5f7, 0xcc4f83cc
- data4 0x345c6834, 0xa5f451a5, 0xe534d1e5, 0xf108f9f1
- data4 0x7193e271, 0xd873abd8, 0x31536231, 0x153f2a15
- data4 0x040c0804, 0xc75295c7, 0x23654623, 0xc35e9dc3
- data4 0x18283018, 0x96a13796, 0x050f0a05, 0x9ab52f9a
- data4 0x07090e07, 0x12362412, 0x809b1b80, 0xe23ddfe2
- data4 0xeb26cdeb, 0x27694e27, 0xb2cd7fb2, 0x759fea75
- data4 0x091b1209, 0x839e1d83, 0x2c74582c, 0x1a2e341a
- data4 0x1b2d361b, 0x6eb2dc6e, 0x5aeeb45a, 0xa0fb5ba0
- data4 0x52f6a452, 0x3b4d763b, 0xd661b7d6, 0xb3ce7db3
- data4 0x297b5229, 0xe33edde3, 0x2f715e2f, 0x84971384
- data4 0x53f5a653, 0xd168b9d1, 0x00000000, 0xed2cc1ed
- data4 0x20604020, 0xfc1fe3fc, 0xb1c879b1, 0x5bedb65b
- data4 0x6abed46a, 0xcb468dcb, 0xbed967be, 0x394b7239
- data4 0x4ade944a, 0x4cd4984c, 0x58e8b058, 0xcf4a85cf
- data4 0xd06bbbd0, 0xef2ac5ef, 0xaae54faa, 0xfb16edfb
- data4 0x43c58643, 0x4dd79a4d, 0x33556633, 0x85941185
- data4 0x45cf8a45, 0xf910e9f9, 0x02060402, 0x7f81fe7f
- data4 0x50f0a050, 0x3c44783c, 0x9fba259f, 0xa8e34ba8
- data4 0x51f3a251, 0xa3fe5da3, 0x40c08040, 0x8f8a058f
- data4 0x92ad3f92, 0x9dbc219d, 0x38487038, 0xf504f1f5
- data4 0xbcdf63bc, 0xb6c177b6, 0xda75afda, 0x21634221
- data4 0x10302010, 0xff1ae5ff, 0xf30efdf3, 0xd26dbfd2
- data4 0xcd4c81cd, 0x0c14180c, 0x13352613, 0xec2fc3ec
- data4 0x5fe1be5f, 0x97a23597, 0x44cc8844, 0x17392e17
- data4 0xc45793c4, 0xa7f255a7, 0x7e82fc7e, 0x3d477a3d
- data4 0x64acc864, 0x5de7ba5d, 0x192b3219, 0x7395e673
- data4 0x60a0c060, 0x81981981, 0x4fd19e4f, 0xdc7fa3dc
- data4 0x22664422, 0x2a7e542a, 0x90ab3b90, 0x88830b88
- data4 0x46ca8c46, 0xee29c7ee, 0xb8d36bb8, 0x143c2814
- data4 0xde79a7de, 0x5ee2bc5e, 0x0b1d160b, 0xdb76addb
- data4 0xe03bdbe0, 0x32566432, 0x3a4e743a, 0x0a1e140a
- data4 0x49db9249, 0x060a0c06, 0x246c4824, 0x5ce4b85c
- data4 0xc25d9fc2, 0xd36ebdd3, 0xacef43ac, 0x62a6c462
- data4 0x91a83991, 0x95a43195, 0xe437d3e4, 0x798bf279
- data4 0xe732d5e7, 0xc8438bc8, 0x37596e37, 0x6db7da6d
- data4 0x8d8c018d, 0xd564b1d5, 0x4ed29c4e, 0xa9e049a9
- data4 0x6cb4d86c, 0x56faac56, 0xf407f3f4, 0xea25cfea
- data4 0x65afca65, 0x7a8ef47a, 0xaee947ae, 0x08181008
- data4 0xbad56fba, 0x7888f078, 0x256f4a25, 0x2e725c2e
- data4 0x1c24381c, 0xa6f157a6, 0xb4c773b4, 0xc65197c6
- data4 0xe823cbe8, 0xdd7ca1dd, 0x749ce874, 0x1f213e1f
- data4 0x4bdd964b, 0xbddc61bd, 0x8b860d8b, 0x8a850f8a
- data4 0x7090e070, 0x3e427c3e, 0xb5c471b5, 0x66aacc66
- data4 0x48d89048, 0x03050603, 0xf601f7f6, 0x0e121c0e
- data4 0x61a3c261, 0x355f6a35, 0x57f9ae57, 0xb9d069b9
- data4 0x86911786, 0xc15899c1, 0x1d273a1d, 0x9eb9279e
- data4 0xe138d9e1, 0xf813ebf8, 0x98b32b98, 0x11332211
- data4 0x69bbd269, 0xd970a9d9, 0x8e89078e, 0x94a73394
- data4 0x9bb62d9b, 0x1e223c1e, 0x87921587, 0xe920c9e9
- data4 0xce4987ce, 0x55ffaa55, 0x28785028, 0xdf7aa5df
- data4 0x8c8f038c, 0xa1f859a1, 0x89800989, 0x0d171a0d
- data4 0xbfda65bf, 0xe631d7e6, 0x42c68442, 0x68b8d068
- data4 0x41c38241, 0x99b02999, 0x2d775a2d, 0x0f111e0f
- data4 0xb0cb7bb0, 0x54fca854, 0xbbd66dbb, 0x163a2c16
-// Te3:
- data4 0x6363a5c6, 0x7c7c84f8, 0x777799ee, 0x7b7b8df6
- data4 0xf2f20dff, 0x6b6bbdd6, 0x6f6fb1de, 0xc5c55491
- data4 0x30305060, 0x01010302, 0x6767a9ce, 0x2b2b7d56
- data4 0xfefe19e7, 0xd7d762b5, 0xababe64d, 0x76769aec
- data4 0xcaca458f, 0x82829d1f, 0xc9c94089, 0x7d7d87fa
- data4 0xfafa15ef, 0x5959ebb2, 0x4747c98e, 0xf0f00bfb
- data4 0xadadec41, 0xd4d467b3, 0xa2a2fd5f, 0xafafea45
- data4 0x9c9cbf23, 0xa4a4f753, 0x727296e4, 0xc0c05b9b
- data4 0xb7b7c275, 0xfdfd1ce1, 0x9393ae3d, 0x26266a4c
- data4 0x36365a6c, 0x3f3f417e, 0xf7f702f5, 0xcccc4f83
- data4 0x34345c68, 0xa5a5f451, 0xe5e534d1, 0xf1f108f9
- data4 0x717193e2, 0xd8d873ab, 0x31315362, 0x15153f2a
- data4 0x04040c08, 0xc7c75295, 0x23236546, 0xc3c35e9d
- data4 0x18182830, 0x9696a137, 0x05050f0a, 0x9a9ab52f
- data4 0x0707090e, 0x12123624, 0x80809b1b, 0xe2e23ddf
- data4 0xebeb26cd, 0x2727694e, 0xb2b2cd7f, 0x75759fea
- data4 0x09091b12, 0x83839e1d, 0x2c2c7458, 0x1a1a2e34
- data4 0x1b1b2d36, 0x6e6eb2dc, 0x5a5aeeb4, 0xa0a0fb5b
- data4 0x5252f6a4, 0x3b3b4d76, 0xd6d661b7, 0xb3b3ce7d
- data4 0x29297b52, 0xe3e33edd, 0x2f2f715e, 0x84849713
- data4 0x5353f5a6, 0xd1d168b9, 0x00000000, 0xeded2cc1
- data4 0x20206040, 0xfcfc1fe3, 0xb1b1c879, 0x5b5bedb6
- data4 0x6a6abed4, 0xcbcb468d, 0xbebed967, 0x39394b72
- data4 0x4a4ade94, 0x4c4cd498, 0x5858e8b0, 0xcfcf4a85
- data4 0xd0d06bbb, 0xefef2ac5, 0xaaaae54f, 0xfbfb16ed
- data4 0x4343c586, 0x4d4dd79a, 0x33335566, 0x85859411
- data4 0x4545cf8a, 0xf9f910e9, 0x02020604, 0x7f7f81fe
- data4 0x5050f0a0, 0x3c3c4478, 0x9f9fba25, 0xa8a8e34b
- data4 0x5151f3a2, 0xa3a3fe5d, 0x4040c080, 0x8f8f8a05
- data4 0x9292ad3f, 0x9d9dbc21, 0x38384870, 0xf5f504f1
- data4 0xbcbcdf63, 0xb6b6c177, 0xdada75af, 0x21216342
- data4 0x10103020, 0xffff1ae5, 0xf3f30efd, 0xd2d26dbf
- data4 0xcdcd4c81, 0x0c0c1418, 0x13133526, 0xecec2fc3
- data4 0x5f5fe1be, 0x9797a235, 0x4444cc88, 0x1717392e
- data4 0xc4c45793, 0xa7a7f255, 0x7e7e82fc, 0x3d3d477a
- data4 0x6464acc8, 0x5d5de7ba, 0x19192b32, 0x737395e6
- data4 0x6060a0c0, 0x81819819, 0x4f4fd19e, 0xdcdc7fa3
- data4 0x22226644, 0x2a2a7e54, 0x9090ab3b, 0x8888830b
- data4 0x4646ca8c, 0xeeee29c7, 0xb8b8d36b, 0x14143c28
- data4 0xdede79a7, 0x5e5ee2bc, 0x0b0b1d16, 0xdbdb76ad
- data4 0xe0e03bdb, 0x32325664, 0x3a3a4e74, 0x0a0a1e14
- data4 0x4949db92, 0x06060a0c, 0x24246c48, 0x5c5ce4b8
- data4 0xc2c25d9f, 0xd3d36ebd, 0xacacef43, 0x6262a6c4
- data4 0x9191a839, 0x9595a431, 0xe4e437d3, 0x79798bf2
- data4 0xe7e732d5, 0xc8c8438b, 0x3737596e, 0x6d6db7da
- data4 0x8d8d8c01, 0xd5d564b1, 0x4e4ed29c, 0xa9a9e049
- data4 0x6c6cb4d8, 0x5656faac, 0xf4f407f3, 0xeaea25cf
- data4 0x6565afca, 0x7a7a8ef4, 0xaeaee947, 0x08081810
- data4 0xbabad56f, 0x787888f0, 0x25256f4a, 0x2e2e725c
- data4 0x1c1c2438, 0xa6a6f157, 0xb4b4c773, 0xc6c65197
- data4 0xe8e823cb, 0xdddd7ca1, 0x74749ce8, 0x1f1f213e
- data4 0x4b4bdd96, 0xbdbddc61, 0x8b8b860d, 0x8a8a850f
- data4 0x707090e0, 0x3e3e427c, 0xb5b5c471, 0x6666aacc
- data4 0x4848d890, 0x03030506, 0xf6f601f7, 0x0e0e121c
- data4 0x6161a3c2, 0x35355f6a, 0x5757f9ae, 0xb9b9d069
- data4 0x86869117, 0xc1c15899, 0x1d1d273a, 0x9e9eb927
- data4 0xe1e138d9, 0xf8f813eb, 0x9898b32b, 0x11113322
- data4 0x6969bbd2, 0xd9d970a9, 0x8e8e8907, 0x9494a733
- data4 0x9b9bb62d, 0x1e1e223c, 0x87879215, 0xe9e920c9
- data4 0xcece4987, 0x5555ffaa, 0x28287850, 0xdfdf7aa5
- data4 0x8c8c8f03, 0xa1a1f859, 0x89898009, 0x0d0d171a
- data4 0xbfbfda65, 0xe6e631d7, 0x4242c684, 0x6868b8d0
- data4 0x4141c382, 0x9999b029, 0x2d2d775a, 0x0f0f111e
- data4 0xb0b0cb7b, 0x5454fca8, 0xbbbbd66d, 0x16163a2c
+AES_Te: data4 0xc66363a5,0xc66363a5, 0xf87c7c84,0xf87c7c84
+ data4 0xee777799,0xee777799, 0xf67b7b8d,0xf67b7b8d
+ data4 0xfff2f20d,0xfff2f20d, 0xd66b6bbd,0xd66b6bbd
+ data4 0xde6f6fb1,0xde6f6fb1, 0x91c5c554,0x91c5c554
+ data4 0x60303050,0x60303050, 0x02010103,0x02010103
+ data4 0xce6767a9,0xce6767a9, 0x562b2b7d,0x562b2b7d
+ data4 0xe7fefe19,0xe7fefe19, 0xb5d7d762,0xb5d7d762
+ data4 0x4dababe6,0x4dababe6, 0xec76769a,0xec76769a
+ data4 0x8fcaca45,0x8fcaca45, 0x1f82829d,0x1f82829d
+ data4 0x89c9c940,0x89c9c940, 0xfa7d7d87,0xfa7d7d87
+ data4 0xeffafa15,0xeffafa15, 0xb25959eb,0xb25959eb
+ data4 0x8e4747c9,0x8e4747c9, 0xfbf0f00b,0xfbf0f00b
+ data4 0x41adadec,0x41adadec, 0xb3d4d467,0xb3d4d467
+ data4 0x5fa2a2fd,0x5fa2a2fd, 0x45afafea,0x45afafea
+ data4 0x239c9cbf,0x239c9cbf, 0x53a4a4f7,0x53a4a4f7
+ data4 0xe4727296,0xe4727296, 0x9bc0c05b,0x9bc0c05b
+ data4 0x75b7b7c2,0x75b7b7c2, 0xe1fdfd1c,0xe1fdfd1c
+ data4 0x3d9393ae,0x3d9393ae, 0x4c26266a,0x4c26266a
+ data4 0x6c36365a,0x6c36365a, 0x7e3f3f41,0x7e3f3f41
+ data4 0xf5f7f702,0xf5f7f702, 0x83cccc4f,0x83cccc4f
+ data4 0x6834345c,0x6834345c, 0x51a5a5f4,0x51a5a5f4
+ data4 0xd1e5e534,0xd1e5e534, 0xf9f1f108,0xf9f1f108
+ data4 0xe2717193,0xe2717193, 0xabd8d873,0xabd8d873
+ data4 0x62313153,0x62313153, 0x2a15153f,0x2a15153f
+ data4 0x0804040c,0x0804040c, 0x95c7c752,0x95c7c752
+ data4 0x46232365,0x46232365, 0x9dc3c35e,0x9dc3c35e
+ data4 0x30181828,0x30181828, 0x379696a1,0x379696a1
+ data4 0x0a05050f,0x0a05050f, 0x2f9a9ab5,0x2f9a9ab5
+ data4 0x0e070709,0x0e070709, 0x24121236,0x24121236
+ data4 0x1b80809b,0x1b80809b, 0xdfe2e23d,0xdfe2e23d
+ data4 0xcdebeb26,0xcdebeb26, 0x4e272769,0x4e272769
+ data4 0x7fb2b2cd,0x7fb2b2cd, 0xea75759f,0xea75759f
+ data4 0x1209091b,0x1209091b, 0x1d83839e,0x1d83839e
+ data4 0x582c2c74,0x582c2c74, 0x341a1a2e,0x341a1a2e
+ data4 0x361b1b2d,0x361b1b2d, 0xdc6e6eb2,0xdc6e6eb2
+ data4 0xb45a5aee,0xb45a5aee, 0x5ba0a0fb,0x5ba0a0fb
+ data4 0xa45252f6,0xa45252f6, 0x763b3b4d,0x763b3b4d
+ data4 0xb7d6d661,0xb7d6d661, 0x7db3b3ce,0x7db3b3ce
+ data4 0x5229297b,0x5229297b, 0xdde3e33e,0xdde3e33e
+ data4 0x5e2f2f71,0x5e2f2f71, 0x13848497,0x13848497
+ data4 0xa65353f5,0xa65353f5, 0xb9d1d168,0xb9d1d168
+ data4 0x00000000,0x00000000, 0xc1eded2c,0xc1eded2c
+ data4 0x40202060,0x40202060, 0xe3fcfc1f,0xe3fcfc1f
+ data4 0x79b1b1c8,0x79b1b1c8, 0xb65b5bed,0xb65b5bed
+ data4 0xd46a6abe,0xd46a6abe, 0x8dcbcb46,0x8dcbcb46
+ data4 0x67bebed9,0x67bebed9, 0x7239394b,0x7239394b
+ data4 0x944a4ade,0x944a4ade, 0x984c4cd4,0x984c4cd4
+ data4 0xb05858e8,0xb05858e8, 0x85cfcf4a,0x85cfcf4a
+ data4 0xbbd0d06b,0xbbd0d06b, 0xc5efef2a,0xc5efef2a
+ data4 0x4faaaae5,0x4faaaae5, 0xedfbfb16,0xedfbfb16
+ data4 0x864343c5,0x864343c5, 0x9a4d4dd7,0x9a4d4dd7
+ data4 0x66333355,0x66333355, 0x11858594,0x11858594
+ data4 0x8a4545cf,0x8a4545cf, 0xe9f9f910,0xe9f9f910
+ data4 0x04020206,0x04020206, 0xfe7f7f81,0xfe7f7f81
+ data4 0xa05050f0,0xa05050f0, 0x783c3c44,0x783c3c44
+ data4 0x259f9fba,0x259f9fba, 0x4ba8a8e3,0x4ba8a8e3
+ data4 0xa25151f3,0xa25151f3, 0x5da3a3fe,0x5da3a3fe
+ data4 0x804040c0,0x804040c0, 0x058f8f8a,0x058f8f8a
+ data4 0x3f9292ad,0x3f9292ad, 0x219d9dbc,0x219d9dbc
+ data4 0x70383848,0x70383848, 0xf1f5f504,0xf1f5f504
+ data4 0x63bcbcdf,0x63bcbcdf, 0x77b6b6c1,0x77b6b6c1
+ data4 0xafdada75,0xafdada75, 0x42212163,0x42212163
+ data4 0x20101030,0x20101030, 0xe5ffff1a,0xe5ffff1a
+ data4 0xfdf3f30e,0xfdf3f30e, 0xbfd2d26d,0xbfd2d26d
+ data4 0x81cdcd4c,0x81cdcd4c, 0x180c0c14,0x180c0c14
+ data4 0x26131335,0x26131335, 0xc3ecec2f,0xc3ecec2f
+ data4 0xbe5f5fe1,0xbe5f5fe1, 0x359797a2,0x359797a2
+ data4 0x884444cc,0x884444cc, 0x2e171739,0x2e171739
+ data4 0x93c4c457,0x93c4c457, 0x55a7a7f2,0x55a7a7f2
+ data4 0xfc7e7e82,0xfc7e7e82, 0x7a3d3d47,0x7a3d3d47
+ data4 0xc86464ac,0xc86464ac, 0xba5d5de7,0xba5d5de7
+ data4 0x3219192b,0x3219192b, 0xe6737395,0xe6737395
+ data4 0xc06060a0,0xc06060a0, 0x19818198,0x19818198
+ data4 0x9e4f4fd1,0x9e4f4fd1, 0xa3dcdc7f,0xa3dcdc7f
+ data4 0x44222266,0x44222266, 0x542a2a7e,0x542a2a7e
+ data4 0x3b9090ab,0x3b9090ab, 0x0b888883,0x0b888883
+ data4 0x8c4646ca,0x8c4646ca, 0xc7eeee29,0xc7eeee29
+ data4 0x6bb8b8d3,0x6bb8b8d3, 0x2814143c,0x2814143c
+ data4 0xa7dede79,0xa7dede79, 0xbc5e5ee2,0xbc5e5ee2
+ data4 0x160b0b1d,0x160b0b1d, 0xaddbdb76,0xaddbdb76
+ data4 0xdbe0e03b,0xdbe0e03b, 0x64323256,0x64323256
+ data4 0x743a3a4e,0x743a3a4e, 0x140a0a1e,0x140a0a1e
+ data4 0x924949db,0x924949db, 0x0c06060a,0x0c06060a
+ data4 0x4824246c,0x4824246c, 0xb85c5ce4,0xb85c5ce4
+ data4 0x9fc2c25d,0x9fc2c25d, 0xbdd3d36e,0xbdd3d36e
+ data4 0x43acacef,0x43acacef, 0xc46262a6,0xc46262a6
+ data4 0x399191a8,0x399191a8, 0x319595a4,0x319595a4
+ data4 0xd3e4e437,0xd3e4e437, 0xf279798b,0xf279798b
+ data4 0xd5e7e732,0xd5e7e732, 0x8bc8c843,0x8bc8c843
+ data4 0x6e373759,0x6e373759, 0xda6d6db7,0xda6d6db7
+ data4 0x018d8d8c,0x018d8d8c, 0xb1d5d564,0xb1d5d564
+ data4 0x9c4e4ed2,0x9c4e4ed2, 0x49a9a9e0,0x49a9a9e0
+ data4 0xd86c6cb4,0xd86c6cb4, 0xac5656fa,0xac5656fa
+ data4 0xf3f4f407,0xf3f4f407, 0xcfeaea25,0xcfeaea25
+ data4 0xca6565af,0xca6565af, 0xf47a7a8e,0xf47a7a8e
+ data4 0x47aeaee9,0x47aeaee9, 0x10080818,0x10080818
+ data4 0x6fbabad5,0x6fbabad5, 0xf0787888,0xf0787888
+ data4 0x4a25256f,0x4a25256f, 0x5c2e2e72,0x5c2e2e72
+ data4 0x381c1c24,0x381c1c24, 0x57a6a6f1,0x57a6a6f1
+ data4 0x73b4b4c7,0x73b4b4c7, 0x97c6c651,0x97c6c651
+ data4 0xcbe8e823,0xcbe8e823, 0xa1dddd7c,0xa1dddd7c
+ data4 0xe874749c,0xe874749c, 0x3e1f1f21,0x3e1f1f21
+ data4 0x964b4bdd,0x964b4bdd, 0x61bdbddc,0x61bdbddc
+ data4 0x0d8b8b86,0x0d8b8b86, 0x0f8a8a85,0x0f8a8a85
+ data4 0xe0707090,0xe0707090, 0x7c3e3e42,0x7c3e3e42
+ data4 0x71b5b5c4,0x71b5b5c4, 0xcc6666aa,0xcc6666aa
+ data4 0x904848d8,0x904848d8, 0x06030305,0x06030305
+ data4 0xf7f6f601,0xf7f6f601, 0x1c0e0e12,0x1c0e0e12
+ data4 0xc26161a3,0xc26161a3, 0x6a35355f,0x6a35355f
+ data4 0xae5757f9,0xae5757f9, 0x69b9b9d0,0x69b9b9d0
+ data4 0x17868691,0x17868691, 0x99c1c158,0x99c1c158
+ data4 0x3a1d1d27,0x3a1d1d27, 0x279e9eb9,0x279e9eb9
+ data4 0xd9e1e138,0xd9e1e138, 0xebf8f813,0xebf8f813
+ data4 0x2b9898b3,0x2b9898b3, 0x22111133,0x22111133
+ data4 0xd26969bb,0xd26969bb, 0xa9d9d970,0xa9d9d970
+ data4 0x078e8e89,0x078e8e89, 0x339494a7,0x339494a7
+ data4 0x2d9b9bb6,0x2d9b9bb6, 0x3c1e1e22,0x3c1e1e22
+ data4 0x15878792,0x15878792, 0xc9e9e920,0xc9e9e920
+ data4 0x87cece49,0x87cece49, 0xaa5555ff,0xaa5555ff
+ data4 0x50282878,0x50282878, 0xa5dfdf7a,0xa5dfdf7a
+ data4 0x038c8c8f,0x038c8c8f, 0x59a1a1f8,0x59a1a1f8
+ data4 0x09898980,0x09898980, 0x1a0d0d17,0x1a0d0d17
+ data4 0x65bfbfda,0x65bfbfda, 0xd7e6e631,0xd7e6e631
+ data4 0x844242c6,0x844242c6, 0xd06868b8,0xd06868b8
+ data4 0x824141c3,0x824141c3, 0x299999b0,0x299999b0
+ data4 0x5a2d2d77,0x5a2d2d77, 0x1e0f0f11,0x1e0f0f11
+ data4 0x7bb0b0cb,0x7bb0b0cb, 0xa85454fc,0xa85454fc
+ data4 0x6dbbbbd6,0x6dbbbbd6, 0x2c16163a,0x2c16163a
// Te4:
- data4 0x63000000, 0x7c000000, 0x77000000, 0x7b000000
- data4 0xf2000000, 0x6b000000, 0x6f000000, 0xc5000000
- data4 0x30000000, 0x01000000, 0x67000000, 0x2b000000
- data4 0xfe000000, 0xd7000000, 0xab000000, 0x76000000
- data4 0xca000000, 0x82000000, 0xc9000000, 0x7d000000
- data4 0xfa000000, 0x59000000, 0x47000000, 0xf0000000
- data4 0xad000000, 0xd4000000, 0xa2000000, 0xaf000000
- data4 0x9c000000, 0xa4000000, 0x72000000, 0xc0000000
- data4 0xb7000000, 0xfd000000, 0x93000000, 0x26000000
- data4 0x36000000, 0x3f000000, 0xf7000000, 0xcc000000
- data4 0x34000000, 0xa5000000, 0xe5000000, 0xf1000000
- data4 0x71000000, 0xd8000000, 0x31000000, 0x15000000
- data4 0x04000000, 0xc7000000, 0x23000000, 0xc3000000
- data4 0x18000000, 0x96000000, 0x05000000, 0x9a000000
- data4 0x07000000, 0x12000000, 0x80000000, 0xe2000000
- data4 0xeb000000, 0x27000000, 0xb2000000, 0x75000000
- data4 0x09000000, 0x83000000, 0x2c000000, 0x1a000000
- data4 0x1b000000, 0x6e000000, 0x5a000000, 0xa0000000
- data4 0x52000000, 0x3b000000, 0xd6000000, 0xb3000000
- data4 0x29000000, 0xe3000000, 0x2f000000, 0x84000000
- data4 0x53000000, 0xd1000000, 0x00000000, 0xed000000
- data4 0x20000000, 0xfc000000, 0xb1000000, 0x5b000000
- data4 0x6a000000, 0xcb000000, 0xbe000000, 0x39000000
- data4 0x4a000000, 0x4c000000, 0x58000000, 0xcf000000
- data4 0xd0000000, 0xef000000, 0xaa000000, 0xfb000000
- data4 0x43000000, 0x4d000000, 0x33000000, 0x85000000
- data4 0x45000000, 0xf9000000, 0x02000000, 0x7f000000
- data4 0x50000000, 0x3c000000, 0x9f000000, 0xa8000000
- data4 0x51000000, 0xa3000000, 0x40000000, 0x8f000000
- data4 0x92000000, 0x9d000000, 0x38000000, 0xf5000000
- data4 0xbc000000, 0xb6000000, 0xda000000, 0x21000000
- data4 0x10000000, 0xff000000, 0xf3000000, 0xd2000000
- data4 0xcd000000, 0x0c000000, 0x13000000, 0xec000000
- data4 0x5f000000, 0x97000000, 0x44000000, 0x17000000
- data4 0xc4000000, 0xa7000000, 0x7e000000, 0x3d000000
- data4 0x64000000, 0x5d000000, 0x19000000, 0x73000000
- data4 0x60000000, 0x81000000, 0x4f000000, 0xdc000000
- data4 0x22000000, 0x2a000000, 0x90000000, 0x88000000
- data4 0x46000000, 0xee000000, 0xb8000000, 0x14000000
- data4 0xde000000, 0x5e000000, 0x0b000000, 0xdb000000
- data4 0xe0000000, 0x32000000, 0x3a000000, 0x0a000000
- data4 0x49000000, 0x06000000, 0x24000000, 0x5c000000
- data4 0xc2000000, 0xd3000000, 0xac000000, 0x62000000
- data4 0x91000000, 0x95000000, 0xe4000000, 0x79000000
- data4 0xe7000000, 0xc8000000, 0x37000000, 0x6d000000
- data4 0x8d000000, 0xd5000000, 0x4e000000, 0xa9000000
- data4 0x6c000000, 0x56000000, 0xf4000000, 0xea000000
- data4 0x65000000, 0x7a000000, 0xae000000, 0x08000000
- data4 0xba000000, 0x78000000, 0x25000000, 0x2e000000
- data4 0x1c000000, 0xa6000000, 0xb4000000, 0xc6000000
- data4 0xe8000000, 0xdd000000, 0x74000000, 0x1f000000
- data4 0x4b000000, 0xbd000000, 0x8b000000, 0x8a000000
- data4 0x70000000, 0x3e000000, 0xb5000000, 0x66000000
- data4 0x48000000, 0x03000000, 0xf6000000, 0x0e000000
- data4 0x61000000, 0x35000000, 0x57000000, 0xb9000000
- data4 0x86000000, 0xc1000000, 0x1d000000, 0x9e000000
- data4 0xe1000000, 0xf8000000, 0x98000000, 0x11000000
- data4 0x69000000, 0xd9000000, 0x8e000000, 0x94000000
- data4 0x9b000000, 0x1e000000, 0x87000000, 0xe9000000
- data4 0xce000000, 0x55000000, 0x28000000, 0xdf000000
- data4 0x8c000000, 0xa1000000, 0x89000000, 0x0d000000
- data4 0xbf000000, 0xe6000000, 0x42000000, 0x68000000
- data4 0x41000000, 0x99000000, 0x2d000000, 0x0f000000
- data4 0xb0000000, 0x54000000, 0xbb000000, 0x16000000
-// Te5:
- data4 0x00630000, 0x007c0000, 0x00770000, 0x007b0000
- data4 0x00f20000, 0x006b0000, 0x006f0000, 0x00c50000
- data4 0x00300000, 0x00010000, 0x00670000, 0x002b0000
- data4 0x00fe0000, 0x00d70000, 0x00ab0000, 0x00760000
- data4 0x00ca0000, 0x00820000, 0x00c90000, 0x007d0000
- data4 0x00fa0000, 0x00590000, 0x00470000, 0x00f00000
- data4 0x00ad0000, 0x00d40000, 0x00a20000, 0x00af0000
- data4 0x009c0000, 0x00a40000, 0x00720000, 0x00c00000
- data4 0x00b70000, 0x00fd0000, 0x00930000, 0x00260000
- data4 0x00360000, 0x003f0000, 0x00f70000, 0x00cc0000
- data4 0x00340000, 0x00a50000, 0x00e50000, 0x00f10000
- data4 0x00710000, 0x00d80000, 0x00310000, 0x00150000
- data4 0x00040000, 0x00c70000, 0x00230000, 0x00c30000
- data4 0x00180000, 0x00960000, 0x00050000, 0x009a0000
- data4 0x00070000, 0x00120000, 0x00800000, 0x00e20000
- data4 0x00eb0000, 0x00270000, 0x00b20000, 0x00750000
- data4 0x00090000, 0x00830000, 0x002c0000, 0x001a0000
- data4 0x001b0000, 0x006e0000, 0x005a0000, 0x00a00000
- data4 0x00520000, 0x003b0000, 0x00d60000, 0x00b30000
- data4 0x00290000, 0x00e30000, 0x002f0000, 0x00840000
- data4 0x00530000, 0x00d10000, 0x00000000, 0x00ed0000
- data4 0x00200000, 0x00fc0000, 0x00b10000, 0x005b0000
- data4 0x006a0000, 0x00cb0000, 0x00be0000, 0x00390000
- data4 0x004a0000, 0x004c0000, 0x00580000, 0x00cf0000
- data4 0x00d00000, 0x00ef0000, 0x00aa0000, 0x00fb0000
- data4 0x00430000, 0x004d0000, 0x00330000, 0x00850000
- data4 0x00450000, 0x00f90000, 0x00020000, 0x007f0000
- data4 0x00500000, 0x003c0000, 0x009f0000, 0x00a80000
- data4 0x00510000, 0x00a30000, 0x00400000, 0x008f0000
- data4 0x00920000, 0x009d0000, 0x00380000, 0x00f50000
- data4 0x00bc0000, 0x00b60000, 0x00da0000, 0x00210000
- data4 0x00100000, 0x00ff0000, 0x00f30000, 0x00d20000
- data4 0x00cd0000, 0x000c0000, 0x00130000, 0x00ec0000
- data4 0x005f0000, 0x00970000, 0x00440000, 0x00170000
- data4 0x00c40000, 0x00a70000, 0x007e0000, 0x003d0000
- data4 0x00640000, 0x005d0000, 0x00190000, 0x00730000
- data4 0x00600000, 0x00810000, 0x004f0000, 0x00dc0000
- data4 0x00220000, 0x002a0000, 0x00900000, 0x00880000
- data4 0x00460000, 0x00ee0000, 0x00b80000, 0x00140000
- data4 0x00de0000, 0x005e0000, 0x000b0000, 0x00db0000
- data4 0x00e00000, 0x00320000, 0x003a0000, 0x000a0000
- data4 0x00490000, 0x00060000, 0x00240000, 0x005c0000
- data4 0x00c20000, 0x00d30000, 0x00ac0000, 0x00620000
- data4 0x00910000, 0x00950000, 0x00e40000, 0x00790000
- data4 0x00e70000, 0x00c80000, 0x00370000, 0x006d0000
- data4 0x008d0000, 0x00d50000, 0x004e0000, 0x00a90000
- data4 0x006c0000, 0x00560000, 0x00f40000, 0x00ea0000
- data4 0x00650000, 0x007a0000, 0x00ae0000, 0x00080000
- data4 0x00ba0000, 0x00780000, 0x00250000, 0x002e0000
- data4 0x001c0000, 0x00a60000, 0x00b40000, 0x00c60000
- data4 0x00e80000, 0x00dd0000, 0x00740000, 0x001f0000
- data4 0x004b0000, 0x00bd0000, 0x008b0000, 0x008a0000
- data4 0x00700000, 0x003e0000, 0x00b50000, 0x00660000
- data4 0x00480000, 0x00030000, 0x00f60000, 0x000e0000
- data4 0x00610000, 0x00350000, 0x00570000, 0x00b90000
- data4 0x00860000, 0x00c10000, 0x001d0000, 0x009e0000
- data4 0x00e10000, 0x00f80000, 0x00980000, 0x00110000
- data4 0x00690000, 0x00d90000, 0x008e0000, 0x00940000
- data4 0x009b0000, 0x001e0000, 0x00870000, 0x00e90000
- data4 0x00ce0000, 0x00550000, 0x00280000, 0x00df0000
- data4 0x008c0000, 0x00a10000, 0x00890000, 0x000d0000
- data4 0x00bf0000, 0x00e60000, 0x00420000, 0x00680000
- data4 0x00410000, 0x00990000, 0x002d0000, 0x000f0000
- data4 0x00b00000, 0x00540000, 0x00bb0000, 0x00160000
-// Te6:
- data4 0x00006300, 0x00007c00, 0x00007700, 0x00007b00
- data4 0x0000f200, 0x00006b00, 0x00006f00, 0x0000c500
- data4 0x00003000, 0x00000100, 0x00006700, 0x00002b00
- data4 0x0000fe00, 0x0000d700, 0x0000ab00, 0x00007600
- data4 0x0000ca00, 0x00008200, 0x0000c900, 0x00007d00
- data4 0x0000fa00, 0x00005900, 0x00004700, 0x0000f000
- data4 0x0000ad00, 0x0000d400, 0x0000a200, 0x0000af00
- data4 0x00009c00, 0x0000a400, 0x00007200, 0x0000c000
- data4 0x0000b700, 0x0000fd00, 0x00009300, 0x00002600
- data4 0x00003600, 0x00003f00, 0x0000f700, 0x0000cc00
- data4 0x00003400, 0x0000a500, 0x0000e500, 0x0000f100
- data4 0x00007100, 0x0000d800, 0x00003100, 0x00001500
- data4 0x00000400, 0x0000c700, 0x00002300, 0x0000c300
- data4 0x00001800, 0x00009600, 0x00000500, 0x00009a00
- data4 0x00000700, 0x00001200, 0x00008000, 0x0000e200
- data4 0x0000eb00, 0x00002700, 0x0000b200, 0x00007500
- data4 0x00000900, 0x00008300, 0x00002c00, 0x00001a00
- data4 0x00001b00, 0x00006e00, 0x00005a00, 0x0000a000
- data4 0x00005200, 0x00003b00, 0x0000d600, 0x0000b300
- data4 0x00002900, 0x0000e300, 0x00002f00, 0x00008400
- data4 0x00005300, 0x0000d100, 0x00000000, 0x0000ed00
- data4 0x00002000, 0x0000fc00, 0x0000b100, 0x00005b00
- data4 0x00006a00, 0x0000cb00, 0x0000be00, 0x00003900
- data4 0x00004a00, 0x00004c00, 0x00005800, 0x0000cf00
- data4 0x0000d000, 0x0000ef00, 0x0000aa00, 0x0000fb00
- data4 0x00004300, 0x00004d00, 0x00003300, 0x00008500
- data4 0x00004500, 0x0000f900, 0x00000200, 0x00007f00
- data4 0x00005000, 0x00003c00, 0x00009f00, 0x0000a800
- data4 0x00005100, 0x0000a300, 0x00004000, 0x00008f00
- data4 0x00009200, 0x00009d00, 0x00003800, 0x0000f500
- data4 0x0000bc00, 0x0000b600, 0x0000da00, 0x00002100
- data4 0x00001000, 0x0000ff00, 0x0000f300, 0x0000d200
- data4 0x0000cd00, 0x00000c00, 0x00001300, 0x0000ec00
- data4 0x00005f00, 0x00009700, 0x00004400, 0x00001700
- data4 0x0000c400, 0x0000a700, 0x00007e00, 0x00003d00
- data4 0x00006400, 0x00005d00, 0x00001900, 0x00007300
- data4 0x00006000, 0x00008100, 0x00004f00, 0x0000dc00
- data4 0x00002200, 0x00002a00, 0x00009000, 0x00008800
- data4 0x00004600, 0x0000ee00, 0x0000b800, 0x00001400
- data4 0x0000de00, 0x00005e00, 0x00000b00, 0x0000db00
- data4 0x0000e000, 0x00003200, 0x00003a00, 0x00000a00
- data4 0x00004900, 0x00000600, 0x00002400, 0x00005c00
- data4 0x0000c200, 0x0000d300, 0x0000ac00, 0x00006200
- data4 0x00009100, 0x00009500, 0x0000e400, 0x00007900
- data4 0x0000e700, 0x0000c800, 0x00003700, 0x00006d00
- data4 0x00008d00, 0x0000d500, 0x00004e00, 0x0000a900
- data4 0x00006c00, 0x00005600, 0x0000f400, 0x0000ea00
- data4 0x00006500, 0x00007a00, 0x0000ae00, 0x00000800
- data4 0x0000ba00, 0x00007800, 0x00002500, 0x00002e00
- data4 0x00001c00, 0x0000a600, 0x0000b400, 0x0000c600
- data4 0x0000e800, 0x0000dd00, 0x00007400, 0x00001f00
- data4 0x00004b00, 0x0000bd00, 0x00008b00, 0x00008a00
- data4 0x00007000, 0x00003e00, 0x0000b500, 0x00006600
- data4 0x00004800, 0x00000300, 0x0000f600, 0x00000e00
- data4 0x00006100, 0x00003500, 0x00005700, 0x0000b900
- data4 0x00008600, 0x0000c100, 0x00001d00, 0x00009e00
- data4 0x0000e100, 0x0000f800, 0x00009800, 0x00001100
- data4 0x00006900, 0x0000d900, 0x00008e00, 0x00009400
- data4 0x00009b00, 0x00001e00, 0x00008700, 0x0000e900
- data4 0x0000ce00, 0x00005500, 0x00002800, 0x0000df00
- data4 0x00008c00, 0x0000a100, 0x00008900, 0x00000d00
- data4 0x0000bf00, 0x0000e600, 0x00004200, 0x00006800
- data4 0x00004100, 0x00009900, 0x00002d00, 0x00000f00
- data4 0x0000b000, 0x00005400, 0x0000bb00, 0x00001600
-// Te7:
- data4 0x00000063, 0x0000007c, 0x00000077, 0x0000007b
- data4 0x000000f2, 0x0000006b, 0x0000006f, 0x000000c5
- data4 0x00000030, 0x00000001, 0x00000067, 0x0000002b
- data4 0x000000fe, 0x000000d7, 0x000000ab, 0x00000076
- data4 0x000000ca, 0x00000082, 0x000000c9, 0x0000007d
- data4 0x000000fa, 0x00000059, 0x00000047, 0x000000f0
- data4 0x000000ad, 0x000000d4, 0x000000a2, 0x000000af
- data4 0x0000009c, 0x000000a4, 0x00000072, 0x000000c0
- data4 0x000000b7, 0x000000fd, 0x00000093, 0x00000026
- data4 0x00000036, 0x0000003f, 0x000000f7, 0x000000cc
- data4 0x00000034, 0x000000a5, 0x000000e5, 0x000000f1
- data4 0x00000071, 0x000000d8, 0x00000031, 0x00000015
- data4 0x00000004, 0x000000c7, 0x00000023, 0x000000c3
- data4 0x00000018, 0x00000096, 0x00000005, 0x0000009a
- data4 0x00000007, 0x00000012, 0x00000080, 0x000000e2
- data4 0x000000eb, 0x00000027, 0x000000b2, 0x00000075
- data4 0x00000009, 0x00000083, 0x0000002c, 0x0000001a
- data4 0x0000001b, 0x0000006e, 0x0000005a, 0x000000a0
- data4 0x00000052, 0x0000003b, 0x000000d6, 0x000000b3
- data4 0x00000029, 0x000000e3, 0x0000002f, 0x00000084
- data4 0x00000053, 0x000000d1, 0x00000000, 0x000000ed
- data4 0x00000020, 0x000000fc, 0x000000b1, 0x0000005b
- data4 0x0000006a, 0x000000cb, 0x000000be, 0x00000039
- data4 0x0000004a, 0x0000004c, 0x00000058, 0x000000cf
- data4 0x000000d0, 0x000000ef, 0x000000aa, 0x000000fb
- data4 0x00000043, 0x0000004d, 0x00000033, 0x00000085
- data4 0x00000045, 0x000000f9, 0x00000002, 0x0000007f
- data4 0x00000050, 0x0000003c, 0x0000009f, 0x000000a8
- data4 0x00000051, 0x000000a3, 0x00000040, 0x0000008f
- data4 0x00000092, 0x0000009d, 0x00000038, 0x000000f5
- data4 0x000000bc, 0x000000b6, 0x000000da, 0x00000021
- data4 0x00000010, 0x000000ff, 0x000000f3, 0x000000d2
- data4 0x000000cd, 0x0000000c, 0x00000013, 0x000000ec
- data4 0x0000005f, 0x00000097, 0x00000044, 0x00000017
- data4 0x000000c4, 0x000000a7, 0x0000007e, 0x0000003d
- data4 0x00000064, 0x0000005d, 0x00000019, 0x00000073
- data4 0x00000060, 0x00000081, 0x0000004f, 0x000000dc
- data4 0x00000022, 0x0000002a, 0x00000090, 0x00000088
- data4 0x00000046, 0x000000ee, 0x000000b8, 0x00000014
- data4 0x000000de, 0x0000005e, 0x0000000b, 0x000000db
- data4 0x000000e0, 0x00000032, 0x0000003a, 0x0000000a
- data4 0x00000049, 0x00000006, 0x00000024, 0x0000005c
- data4 0x000000c2, 0x000000d3, 0x000000ac, 0x00000062
- data4 0x00000091, 0x00000095, 0x000000e4, 0x00000079
- data4 0x000000e7, 0x000000c8, 0x00000037, 0x0000006d
- data4 0x0000008d, 0x000000d5, 0x0000004e, 0x000000a9
- data4 0x0000006c, 0x00000056, 0x000000f4, 0x000000ea
- data4 0x00000065, 0x0000007a, 0x000000ae, 0x00000008
- data4 0x000000ba, 0x00000078, 0x00000025, 0x0000002e
- data4 0x0000001c, 0x000000a6, 0x000000b4, 0x000000c6
- data4 0x000000e8, 0x000000dd, 0x00000074, 0x0000001f
- data4 0x0000004b, 0x000000bd, 0x0000008b, 0x0000008a
- data4 0x00000070, 0x0000003e, 0x000000b5, 0x00000066
- data4 0x00000048, 0x00000003, 0x000000f6, 0x0000000e
- data4 0x00000061, 0x00000035, 0x00000057, 0x000000b9
- data4 0x00000086, 0x000000c1, 0x0000001d, 0x0000009e
- data4 0x000000e1, 0x000000f8, 0x00000098, 0x00000011
- data4 0x00000069, 0x000000d9, 0x0000008e, 0x00000094
- data4 0x0000009b, 0x0000001e, 0x00000087, 0x000000e9
- data4 0x000000ce, 0x00000055, 0x00000028, 0x000000df
- data4 0x0000008c, 0x000000a1, 0x00000089, 0x0000000d
- data4 0x000000bf, 0x000000e6, 0x00000042, 0x00000068
- data4 0x00000041, 0x00000099, 0x0000002d, 0x0000000f
- data4 0x000000b0, 0x00000054, 0x000000bb, 0x00000016
-.size AES_Te#,8*256*4 // HP-UX assembler fails to ".-AES_Te#"
+ data1 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
+ data1 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
+ data1 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
+ data1 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
+ data1 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
+ data1 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
+ data1 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
+ data1 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
+ data1 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
+ data1 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
+ data1 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
+ data1 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
+ data1 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
+ data1 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
+ data1 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
+ data1 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
+ data1 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
+ data1 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
+ data1 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
+ data1 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
+ data1 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
+ data1 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
+ data1 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
+ data1 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
+ data1 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
+ data1 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
+ data1 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
+ data1 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
+ data1 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
+ data1 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
+ data1 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
+ data1 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
+.size AES_Te#,2048+256 // HP-UX assembler fails to ".-AES_Te#"
.align 64
.global AES_Td#
.type AES_Td#,@object
-AES_Td: data4 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96
- data4 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393
- data4 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25
- data4 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f
- data4 0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1
- data4 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6
- data4 0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da
- data4 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844
- data4 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd
- data4 0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4
- data4 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45
- data4 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94
- data4 0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7
- data4 0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a
- data4 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5
- data4 0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c
- data4 0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1
- data4 0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a
- data4 0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75
- data4 0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051
- data4 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46
- data4 0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff
- data4 0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77
- data4 0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb
- data4 0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000
- data4 0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e
- data4 0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927
- data4 0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a
- data4 0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e
- data4 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16
- data4 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d
- data4 0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8
- data4 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd
- data4 0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34
- data4 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163
- data4 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120
- data4 0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d
- data4 0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0
- data4 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422
- data4 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef
- data4 0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36
- data4 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4
- data4 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662
- data4 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5
- data4 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3
- data4 0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b
- data4 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8
- data4 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6
- data4 0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6
- data4 0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0
- data4 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815
- data4 0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f
- data4 0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df
- data4 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f
- data4 0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e
- data4 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713
- data4 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89
- data4 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c
- data4 0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf
- data4 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86
- data4 0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f
- data4 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541
- data4 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190
- data4 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742
-// Td1:
- data4 0x5051f4a7, 0x537e4165, 0xc31a17a4, 0x963a275e
- data4 0xcb3bab6b, 0xf11f9d45, 0xabacfa58, 0x934be303
- data4 0x552030fa, 0xf6ad766d, 0x9188cc76, 0x25f5024c
- data4 0xfc4fe5d7, 0xd7c52acb, 0x80263544, 0x8fb562a3
- data4 0x49deb15a, 0x6725ba1b, 0x9845ea0e, 0xe15dfec0
- data4 0x02c32f75, 0x12814cf0, 0xa38d4697, 0xc66bd3f9
- data4 0xe7038f5f, 0x9515929c, 0xebbf6d7a, 0xda955259
- data4 0x2dd4be83, 0xd3587421, 0x2949e069, 0x448ec9c8
- data4 0x6a75c289, 0x78f48e79, 0x6b99583e, 0xdd27b971
- data4 0xb6bee14f, 0x17f088ad, 0x66c920ac, 0xb47dce3a
- data4 0x1863df4a, 0x82e51a31, 0x60975133, 0x4562537f
- data4 0xe0b16477, 0x84bb6bae, 0x1cfe81a0, 0x94f9082b
- data4 0x58704868, 0x198f45fd, 0x8794de6c, 0xb7527bf8
- data4 0x23ab73d3, 0xe2724b02, 0x57e31f8f, 0x2a6655ab
- data4 0x07b2eb28, 0x032fb5c2, 0x9a86c57b, 0xa5d33708
- data4 0xf2302887, 0xb223bfa5, 0xba02036a, 0x5ced1682
- data4 0x2b8acf1c, 0x92a779b4, 0xf0f307f2, 0xa14e69e2
- data4 0xcd65daf4, 0xd50605be, 0x1fd13462, 0x8ac4a6fe
- data4 0x9d342e53, 0xa0a2f355, 0x32058ae1, 0x75a4f6eb
- data4 0x390b83ec, 0xaa4060ef, 0x065e719f, 0x51bd6e10
- data4 0xf93e218a, 0x3d96dd06, 0xaedd3e05, 0x464de6bd
- data4 0xb591548d, 0x0571c45d, 0x6f0406d4, 0xff605015
- data4 0x241998fb, 0x97d6bde9, 0xcc894043, 0x7767d99e
- data4 0xbdb0e842, 0x8807898b, 0x38e7195b, 0xdb79c8ee
- data4 0x47a17c0a, 0xe97c420f, 0xc9f8841e, 0x00000000
- data4 0x83098086, 0x48322bed, 0xac1e1170, 0x4e6c5a72
- data4 0xfbfd0eff, 0x560f8538, 0x1e3daed5, 0x27362d39
- data4 0x640a0fd9, 0x21685ca6, 0xd19b5b54, 0x3a24362e
- data4 0xb10c0a67, 0x0f9357e7, 0xd2b4ee96, 0x9e1b9b91
- data4 0x4f80c0c5, 0xa261dc20, 0x695a774b, 0x161c121a
- data4 0x0ae293ba, 0xe5c0a02a, 0x433c22e0, 0x1d121b17
- data4 0x0b0e090d, 0xadf28bc7, 0xb92db6a8, 0xc8141ea9
- data4 0x8557f119, 0x4caf7507, 0xbbee99dd, 0xfda37f60
- data4 0x9ff70126, 0xbc5c72f5, 0xc544663b, 0x345bfb7e
- data4 0x768b4329, 0xdccb23c6, 0x68b6edfc, 0x63b8e4f1
- data4 0xcad731dc, 0x10426385, 0x40139722, 0x2084c611
- data4 0x7d854a24, 0xf8d2bb3d, 0x11aef932, 0x6dc729a1
- data4 0x4b1d9e2f, 0xf3dcb230, 0xec0d8652, 0xd077c1e3
- data4 0x6c2bb316, 0x99a970b9, 0xfa119448, 0x2247e964
- data4 0xc4a8fc8c, 0x1aa0f03f, 0xd8567d2c, 0xef223390
- data4 0xc787494e, 0xc1d938d1, 0xfe8ccaa2, 0x3698d40b
- data4 0xcfa6f581, 0x28a57ade, 0x26dab78e, 0xa43fadbf
- data4 0xe42c3a9d, 0x0d507892, 0x9b6a5fcc, 0x62547e46
- data4 0xc2f68d13, 0xe890d8b8, 0x5e2e39f7, 0xf582c3af
- data4 0xbe9f5d80, 0x7c69d093, 0xa96fd52d, 0xb3cf2512
- data4 0x3bc8ac99, 0xa710187d, 0x6ee89c63, 0x7bdb3bbb
- data4 0x09cd2678, 0xf46e5918, 0x01ec9ab7, 0xa8834f9a
- data4 0x65e6956e, 0x7eaaffe6, 0x0821bccf, 0xe6ef15e8
- data4 0xd9bae79b, 0xce4a6f36, 0xd4ea9f09, 0xd629b07c
- data4 0xaf31a4b2, 0x312a3f23, 0x30c6a594, 0xc035a266
- data4 0x37744ebc, 0xa6fc82ca, 0xb0e090d0, 0x1533a7d8
- data4 0x4af10498, 0xf741ecda, 0x0e7fcd50, 0x2f1791f6
- data4 0x8d764dd6, 0x4d43efb0, 0x54ccaa4d, 0xdfe49604
- data4 0xe39ed1b5, 0x1b4c6a88, 0xb8c12c1f, 0x7f466551
- data4 0x049d5eea, 0x5d018c35, 0x73fa8774, 0x2efb0b41
- data4 0x5ab3671d, 0x5292dbd2, 0x33e91056, 0x136dd647
- data4 0x8c9ad761, 0x7a37a10c, 0x8e59f814, 0x89eb133c
- data4 0xeecea927, 0x35b761c9, 0xede11ce5, 0x3c7a47b1
- data4 0x599cd2df, 0x3f55f273, 0x791814ce, 0xbf73c737
- data4 0xea53f7cd, 0x5b5ffdaa, 0x14df3d6f, 0x867844db
- data4 0x81caaff3, 0x3eb968c4, 0x2c382434, 0x5fc2a340
- data4 0x72161dc3, 0x0cbce225, 0x8b283c49, 0x41ff0d95
- data4 0x7139a801, 0xde080cb3, 0x9cd8b4e4, 0x906456c1
- data4 0x617bcb84, 0x70d532b6, 0x74486c5c, 0x42d0b857
-// Td2:
- data4 0xa75051f4, 0x65537e41, 0xa4c31a17, 0x5e963a27
- data4 0x6bcb3bab, 0x45f11f9d, 0x58abacfa, 0x03934be3
- data4 0xfa552030, 0x6df6ad76, 0x769188cc, 0x4c25f502
- data4 0xd7fc4fe5, 0xcbd7c52a, 0x44802635, 0xa38fb562
- data4 0x5a49deb1, 0x1b6725ba, 0x0e9845ea, 0xc0e15dfe
- data4 0x7502c32f, 0xf012814c, 0x97a38d46, 0xf9c66bd3
- data4 0x5fe7038f, 0x9c951592, 0x7aebbf6d, 0x59da9552
- data4 0x832dd4be, 0x21d35874, 0x692949e0, 0xc8448ec9
- data4 0x896a75c2, 0x7978f48e, 0x3e6b9958, 0x71dd27b9
- data4 0x4fb6bee1, 0xad17f088, 0xac66c920, 0x3ab47dce
- data4 0x4a1863df, 0x3182e51a, 0x33609751, 0x7f456253
- data4 0x77e0b164, 0xae84bb6b, 0xa01cfe81, 0x2b94f908
- data4 0x68587048, 0xfd198f45, 0x6c8794de, 0xf8b7527b
- data4 0xd323ab73, 0x02e2724b, 0x8f57e31f, 0xab2a6655
- data4 0x2807b2eb, 0xc2032fb5, 0x7b9a86c5, 0x08a5d337
- data4 0x87f23028, 0xa5b223bf, 0x6aba0203, 0x825ced16
- data4 0x1c2b8acf, 0xb492a779, 0xf2f0f307, 0xe2a14e69
- data4 0xf4cd65da, 0xbed50605, 0x621fd134, 0xfe8ac4a6
- data4 0x539d342e, 0x55a0a2f3, 0xe132058a, 0xeb75a4f6
- data4 0xec390b83, 0xefaa4060, 0x9f065e71, 0x1051bd6e
- data4 0x8af93e21, 0x063d96dd, 0x05aedd3e, 0xbd464de6
- data4 0x8db59154, 0x5d0571c4, 0xd46f0406, 0x15ff6050
- data4 0xfb241998, 0xe997d6bd, 0x43cc8940, 0x9e7767d9
- data4 0x42bdb0e8, 0x8b880789, 0x5b38e719, 0xeedb79c8
- data4 0x0a47a17c, 0x0fe97c42, 0x1ec9f884, 0x00000000
- data4 0x86830980, 0xed48322b, 0x70ac1e11, 0x724e6c5a
- data4 0xfffbfd0e, 0x38560f85, 0xd51e3dae, 0x3927362d
- data4 0xd9640a0f, 0xa621685c, 0x54d19b5b, 0x2e3a2436
- data4 0x67b10c0a, 0xe70f9357, 0x96d2b4ee, 0x919e1b9b
- data4 0xc54f80c0, 0x20a261dc, 0x4b695a77, 0x1a161c12
- data4 0xba0ae293, 0x2ae5c0a0, 0xe0433c22, 0x171d121b
- data4 0x0d0b0e09, 0xc7adf28b, 0xa8b92db6, 0xa9c8141e
- data4 0x198557f1, 0x074caf75, 0xddbbee99, 0x60fda37f
- data4 0x269ff701, 0xf5bc5c72, 0x3bc54466, 0x7e345bfb
- data4 0x29768b43, 0xc6dccb23, 0xfc68b6ed, 0xf163b8e4
- data4 0xdccad731, 0x85104263, 0x22401397, 0x112084c6
- data4 0x247d854a, 0x3df8d2bb, 0x3211aef9, 0xa16dc729
- data4 0x2f4b1d9e, 0x30f3dcb2, 0x52ec0d86, 0xe3d077c1
- data4 0x166c2bb3, 0xb999a970, 0x48fa1194, 0x642247e9
- data4 0x8cc4a8fc, 0x3f1aa0f0, 0x2cd8567d, 0x90ef2233
- data4 0x4ec78749, 0xd1c1d938, 0xa2fe8cca, 0x0b3698d4
- data4 0x81cfa6f5, 0xde28a57a, 0x8e26dab7, 0xbfa43fad
- data4 0x9de42c3a, 0x920d5078, 0xcc9b6a5f, 0x4662547e
- data4 0x13c2f68d, 0xb8e890d8, 0xf75e2e39, 0xaff582c3
- data4 0x80be9f5d, 0x937c69d0, 0x2da96fd5, 0x12b3cf25
- data4 0x993bc8ac, 0x7da71018, 0x636ee89c, 0xbb7bdb3b
- data4 0x7809cd26, 0x18f46e59, 0xb701ec9a, 0x9aa8834f
- data4 0x6e65e695, 0xe67eaaff, 0xcf0821bc, 0xe8e6ef15
- data4 0x9bd9bae7, 0x36ce4a6f, 0x09d4ea9f, 0x7cd629b0
- data4 0xb2af31a4, 0x23312a3f, 0x9430c6a5, 0x66c035a2
- data4 0xbc37744e, 0xcaa6fc82, 0xd0b0e090, 0xd81533a7
- data4 0x984af104, 0xdaf741ec, 0x500e7fcd, 0xf62f1791
- data4 0xd68d764d, 0xb04d43ef, 0x4d54ccaa, 0x04dfe496
- data4 0xb5e39ed1, 0x881b4c6a, 0x1fb8c12c, 0x517f4665
- data4 0xea049d5e, 0x355d018c, 0x7473fa87, 0x412efb0b
- data4 0x1d5ab367, 0xd25292db, 0x5633e910, 0x47136dd6
- data4 0x618c9ad7, 0x0c7a37a1, 0x148e59f8, 0x3c89eb13
- data4 0x27eecea9, 0xc935b761, 0xe5ede11c, 0xb13c7a47
- data4 0xdf599cd2, 0x733f55f2, 0xce791814, 0x37bf73c7
- data4 0xcdea53f7, 0xaa5b5ffd, 0x6f14df3d, 0xdb867844
- data4 0xf381caaf, 0xc43eb968, 0x342c3824, 0x405fc2a3
- data4 0xc372161d, 0x250cbce2, 0x498b283c, 0x9541ff0d
- data4 0x017139a8, 0xb3de080c, 0xe49cd8b4, 0xc1906456
- data4 0x84617bcb, 0xb670d532, 0x5c74486c, 0x5742d0b8
-// Td3:
- data4 0xf4a75051, 0x4165537e, 0x17a4c31a, 0x275e963a
- data4 0xab6bcb3b, 0x9d45f11f, 0xfa58abac, 0xe303934b
- data4 0x30fa5520, 0x766df6ad, 0xcc769188, 0x024c25f5
- data4 0xe5d7fc4f, 0x2acbd7c5, 0x35448026, 0x62a38fb5
- data4 0xb15a49de, 0xba1b6725, 0xea0e9845, 0xfec0e15d
- data4 0x2f7502c3, 0x4cf01281, 0x4697a38d, 0xd3f9c66b
- data4 0x8f5fe703, 0x929c9515, 0x6d7aebbf, 0x5259da95
- data4 0xbe832dd4, 0x7421d358, 0xe0692949, 0xc9c8448e
- data4 0xc2896a75, 0x8e7978f4, 0x583e6b99, 0xb971dd27
- data4 0xe14fb6be, 0x88ad17f0, 0x20ac66c9, 0xce3ab47d
- data4 0xdf4a1863, 0x1a3182e5, 0x51336097, 0x537f4562
- data4 0x6477e0b1, 0x6bae84bb, 0x81a01cfe, 0x082b94f9
- data4 0x48685870, 0x45fd198f, 0xde6c8794, 0x7bf8b752
- data4 0x73d323ab, 0x4b02e272, 0x1f8f57e3, 0x55ab2a66
- data4 0xeb2807b2, 0xb5c2032f, 0xc57b9a86, 0x3708a5d3
- data4 0x2887f230, 0xbfa5b223, 0x036aba02, 0x16825ced
- data4 0xcf1c2b8a, 0x79b492a7, 0x07f2f0f3, 0x69e2a14e
- data4 0xdaf4cd65, 0x05bed506, 0x34621fd1, 0xa6fe8ac4
- data4 0x2e539d34, 0xf355a0a2, 0x8ae13205, 0xf6eb75a4
- data4 0x83ec390b, 0x60efaa40, 0x719f065e, 0x6e1051bd
- data4 0x218af93e, 0xdd063d96, 0x3e05aedd, 0xe6bd464d
- data4 0x548db591, 0xc45d0571, 0x06d46f04, 0x5015ff60
- data4 0x98fb2419, 0xbde997d6, 0x4043cc89, 0xd99e7767
- data4 0xe842bdb0, 0x898b8807, 0x195b38e7, 0xc8eedb79
- data4 0x7c0a47a1, 0x420fe97c, 0x841ec9f8, 0x00000000
- data4 0x80868309, 0x2bed4832, 0x1170ac1e, 0x5a724e6c
- data4 0x0efffbfd, 0x8538560f, 0xaed51e3d, 0x2d392736
- data4 0x0fd9640a, 0x5ca62168, 0x5b54d19b, 0x362e3a24
- data4 0x0a67b10c, 0x57e70f93, 0xee96d2b4, 0x9b919e1b
- data4 0xc0c54f80, 0xdc20a261, 0x774b695a, 0x121a161c
- data4 0x93ba0ae2, 0xa02ae5c0, 0x22e0433c, 0x1b171d12
- data4 0x090d0b0e, 0x8bc7adf2, 0xb6a8b92d, 0x1ea9c814
- data4 0xf1198557, 0x75074caf, 0x99ddbbee, 0x7f60fda3
- data4 0x01269ff7, 0x72f5bc5c, 0x663bc544, 0xfb7e345b
- data4 0x4329768b, 0x23c6dccb, 0xedfc68b6, 0xe4f163b8
- data4 0x31dccad7, 0x63851042, 0x97224013, 0xc6112084
- data4 0x4a247d85, 0xbb3df8d2, 0xf93211ae, 0x29a16dc7
- data4 0x9e2f4b1d, 0xb230f3dc, 0x8652ec0d, 0xc1e3d077
- data4 0xb3166c2b, 0x70b999a9, 0x9448fa11, 0xe9642247
- data4 0xfc8cc4a8, 0xf03f1aa0, 0x7d2cd856, 0x3390ef22
- data4 0x494ec787, 0x38d1c1d9, 0xcaa2fe8c, 0xd40b3698
- data4 0xf581cfa6, 0x7ade28a5, 0xb78e26da, 0xadbfa43f
- data4 0x3a9de42c, 0x78920d50, 0x5fcc9b6a, 0x7e466254
- data4 0x8d13c2f6, 0xd8b8e890, 0x39f75e2e, 0xc3aff582
- data4 0x5d80be9f, 0xd0937c69, 0xd52da96f, 0x2512b3cf
- data4 0xac993bc8, 0x187da710, 0x9c636ee8, 0x3bbb7bdb
- data4 0x267809cd, 0x5918f46e, 0x9ab701ec, 0x4f9aa883
- data4 0x956e65e6, 0xffe67eaa, 0xbccf0821, 0x15e8e6ef
- data4 0xe79bd9ba, 0x6f36ce4a, 0x9f09d4ea, 0xb07cd629
- data4 0xa4b2af31, 0x3f23312a, 0xa59430c6, 0xa266c035
- data4 0x4ebc3774, 0x82caa6fc, 0x90d0b0e0, 0xa7d81533
- data4 0x04984af1, 0xecdaf741, 0xcd500e7f, 0x91f62f17
- data4 0x4dd68d76, 0xefb04d43, 0xaa4d54cc, 0x9604dfe4
- data4 0xd1b5e39e, 0x6a881b4c, 0x2c1fb8c1, 0x65517f46
- data4 0x5eea049d, 0x8c355d01, 0x877473fa, 0x0b412efb
- data4 0x671d5ab3, 0xdbd25292, 0x105633e9, 0xd647136d
- data4 0xd7618c9a, 0xa10c7a37, 0xf8148e59, 0x133c89eb
- data4 0xa927eece, 0x61c935b7, 0x1ce5ede1, 0x47b13c7a
- data4 0xd2df599c, 0xf2733f55, 0x14ce7918, 0xc737bf73
- data4 0xf7cdea53, 0xfdaa5b5f, 0x3d6f14df, 0x44db8678
- data4 0xaff381ca, 0x68c43eb9, 0x24342c38, 0xa3405fc2
- data4 0x1dc37216, 0xe2250cbc, 0x3c498b28, 0x0d9541ff
- data4 0xa8017139, 0x0cb3de08, 0xb4e49cd8, 0x56c19064
- data4 0xcb84617b, 0x32b670d5, 0x6c5c7448, 0xb85742d0
+AES_Td: data4 0x51f4a750,0x51f4a750, 0x7e416553,0x7e416553
+ data4 0x1a17a4c3,0x1a17a4c3, 0x3a275e96,0x3a275e96
+ data4 0x3bab6bcb,0x3bab6bcb, 0x1f9d45f1,0x1f9d45f1
+ data4 0xacfa58ab,0xacfa58ab, 0x4be30393,0x4be30393
+ data4 0x2030fa55,0x2030fa55, 0xad766df6,0xad766df6
+ data4 0x88cc7691,0x88cc7691, 0xf5024c25,0xf5024c25
+ data4 0x4fe5d7fc,0x4fe5d7fc, 0xc52acbd7,0xc52acbd7
+ data4 0x26354480,0x26354480, 0xb562a38f,0xb562a38f
+ data4 0xdeb15a49,0xdeb15a49, 0x25ba1b67,0x25ba1b67
+ data4 0x45ea0e98,0x45ea0e98, 0x5dfec0e1,0x5dfec0e1
+ data4 0xc32f7502,0xc32f7502, 0x814cf012,0x814cf012
+ data4 0x8d4697a3,0x8d4697a3, 0x6bd3f9c6,0x6bd3f9c6
+ data4 0x038f5fe7,0x038f5fe7, 0x15929c95,0x15929c95
+ data4 0xbf6d7aeb,0xbf6d7aeb, 0x955259da,0x955259da
+ data4 0xd4be832d,0xd4be832d, 0x587421d3,0x587421d3
+ data4 0x49e06929,0x49e06929, 0x8ec9c844,0x8ec9c844
+ data4 0x75c2896a,0x75c2896a, 0xf48e7978,0xf48e7978
+ data4 0x99583e6b,0x99583e6b, 0x27b971dd,0x27b971dd
+ data4 0xbee14fb6,0xbee14fb6, 0xf088ad17,0xf088ad17
+ data4 0xc920ac66,0xc920ac66, 0x7dce3ab4,0x7dce3ab4
+ data4 0x63df4a18,0x63df4a18, 0xe51a3182,0xe51a3182
+ data4 0x97513360,0x97513360, 0x62537f45,0x62537f45
+ data4 0xb16477e0,0xb16477e0, 0xbb6bae84,0xbb6bae84
+ data4 0xfe81a01c,0xfe81a01c, 0xf9082b94,0xf9082b94
+ data4 0x70486858,0x70486858, 0x8f45fd19,0x8f45fd19
+ data4 0x94de6c87,0x94de6c87, 0x527bf8b7,0x527bf8b7
+ data4 0xab73d323,0xab73d323, 0x724b02e2,0x724b02e2
+ data4 0xe31f8f57,0xe31f8f57, 0x6655ab2a,0x6655ab2a
+ data4 0xb2eb2807,0xb2eb2807, 0x2fb5c203,0x2fb5c203
+ data4 0x86c57b9a,0x86c57b9a, 0xd33708a5,0xd33708a5
+ data4 0x302887f2,0x302887f2, 0x23bfa5b2,0x23bfa5b2
+ data4 0x02036aba,0x02036aba, 0xed16825c,0xed16825c
+ data4 0x8acf1c2b,0x8acf1c2b, 0xa779b492,0xa779b492
+ data4 0xf307f2f0,0xf307f2f0, 0x4e69e2a1,0x4e69e2a1
+ data4 0x65daf4cd,0x65daf4cd, 0x0605bed5,0x0605bed5
+ data4 0xd134621f,0xd134621f, 0xc4a6fe8a,0xc4a6fe8a
+ data4 0x342e539d,0x342e539d, 0xa2f355a0,0xa2f355a0
+ data4 0x058ae132,0x058ae132, 0xa4f6eb75,0xa4f6eb75
+ data4 0x0b83ec39,0x0b83ec39, 0x4060efaa,0x4060efaa
+ data4 0x5e719f06,0x5e719f06, 0xbd6e1051,0xbd6e1051
+ data4 0x3e218af9,0x3e218af9, 0x96dd063d,0x96dd063d
+ data4 0xdd3e05ae,0xdd3e05ae, 0x4de6bd46,0x4de6bd46
+ data4 0x91548db5,0x91548db5, 0x71c45d05,0x71c45d05
+ data4 0x0406d46f,0x0406d46f, 0x605015ff,0x605015ff
+ data4 0x1998fb24,0x1998fb24, 0xd6bde997,0xd6bde997
+ data4 0x894043cc,0x894043cc, 0x67d99e77,0x67d99e77
+ data4 0xb0e842bd,0xb0e842bd, 0x07898b88,0x07898b88
+ data4 0xe7195b38,0xe7195b38, 0x79c8eedb,0x79c8eedb
+ data4 0xa17c0a47,0xa17c0a47, 0x7c420fe9,0x7c420fe9
+ data4 0xf8841ec9,0xf8841ec9, 0x00000000,0x00000000
+ data4 0x09808683,0x09808683, 0x322bed48,0x322bed48
+ data4 0x1e1170ac,0x1e1170ac, 0x6c5a724e,0x6c5a724e
+ data4 0xfd0efffb,0xfd0efffb, 0x0f853856,0x0f853856
+ data4 0x3daed51e,0x3daed51e, 0x362d3927,0x362d3927
+ data4 0x0a0fd964,0x0a0fd964, 0x685ca621,0x685ca621
+ data4 0x9b5b54d1,0x9b5b54d1, 0x24362e3a,0x24362e3a
+ data4 0x0c0a67b1,0x0c0a67b1, 0x9357e70f,0x9357e70f
+ data4 0xb4ee96d2,0xb4ee96d2, 0x1b9b919e,0x1b9b919e
+ data4 0x80c0c54f,0x80c0c54f, 0x61dc20a2,0x61dc20a2
+ data4 0x5a774b69,0x5a774b69, 0x1c121a16,0x1c121a16
+ data4 0xe293ba0a,0xe293ba0a, 0xc0a02ae5,0xc0a02ae5
+ data4 0x3c22e043,0x3c22e043, 0x121b171d,0x121b171d
+ data4 0x0e090d0b,0x0e090d0b, 0xf28bc7ad,0xf28bc7ad
+ data4 0x2db6a8b9,0x2db6a8b9, 0x141ea9c8,0x141ea9c8
+ data4 0x57f11985,0x57f11985, 0xaf75074c,0xaf75074c
+ data4 0xee99ddbb,0xee99ddbb, 0xa37f60fd,0xa37f60fd
+ data4 0xf701269f,0xf701269f, 0x5c72f5bc,0x5c72f5bc
+ data4 0x44663bc5,0x44663bc5, 0x5bfb7e34,0x5bfb7e34
+ data4 0x8b432976,0x8b432976, 0xcb23c6dc,0xcb23c6dc
+ data4 0xb6edfc68,0xb6edfc68, 0xb8e4f163,0xb8e4f163
+ data4 0xd731dcca,0xd731dcca, 0x42638510,0x42638510
+ data4 0x13972240,0x13972240, 0x84c61120,0x84c61120
+ data4 0x854a247d,0x854a247d, 0xd2bb3df8,0xd2bb3df8
+ data4 0xaef93211,0xaef93211, 0xc729a16d,0xc729a16d
+ data4 0x1d9e2f4b,0x1d9e2f4b, 0xdcb230f3,0xdcb230f3
+ data4 0x0d8652ec,0x0d8652ec, 0x77c1e3d0,0x77c1e3d0
+ data4 0x2bb3166c,0x2bb3166c, 0xa970b999,0xa970b999
+ data4 0x119448fa,0x119448fa, 0x47e96422,0x47e96422
+ data4 0xa8fc8cc4,0xa8fc8cc4, 0xa0f03f1a,0xa0f03f1a
+ data4 0x567d2cd8,0x567d2cd8, 0x223390ef,0x223390ef
+ data4 0x87494ec7,0x87494ec7, 0xd938d1c1,0xd938d1c1
+ data4 0x8ccaa2fe,0x8ccaa2fe, 0x98d40b36,0x98d40b36
+ data4 0xa6f581cf,0xa6f581cf, 0xa57ade28,0xa57ade28
+ data4 0xdab78e26,0xdab78e26, 0x3fadbfa4,0x3fadbfa4
+ data4 0x2c3a9de4,0x2c3a9de4, 0x5078920d,0x5078920d
+ data4 0x6a5fcc9b,0x6a5fcc9b, 0x547e4662,0x547e4662
+ data4 0xf68d13c2,0xf68d13c2, 0x90d8b8e8,0x90d8b8e8
+ data4 0x2e39f75e,0x2e39f75e, 0x82c3aff5,0x82c3aff5
+ data4 0x9f5d80be,0x9f5d80be, 0x69d0937c,0x69d0937c
+ data4 0x6fd52da9,0x6fd52da9, 0xcf2512b3,0xcf2512b3
+ data4 0xc8ac993b,0xc8ac993b, 0x10187da7,0x10187da7
+ data4 0xe89c636e,0xe89c636e, 0xdb3bbb7b,0xdb3bbb7b
+ data4 0xcd267809,0xcd267809, 0x6e5918f4,0x6e5918f4
+ data4 0xec9ab701,0xec9ab701, 0x834f9aa8,0x834f9aa8
+ data4 0xe6956e65,0xe6956e65, 0xaaffe67e,0xaaffe67e
+ data4 0x21bccf08,0x21bccf08, 0xef15e8e6,0xef15e8e6
+ data4 0xbae79bd9,0xbae79bd9, 0x4a6f36ce,0x4a6f36ce
+ data4 0xea9f09d4,0xea9f09d4, 0x29b07cd6,0x29b07cd6
+ data4 0x31a4b2af,0x31a4b2af, 0x2a3f2331,0x2a3f2331
+ data4 0xc6a59430,0xc6a59430, 0x35a266c0,0x35a266c0
+ data4 0x744ebc37,0x744ebc37, 0xfc82caa6,0xfc82caa6
+ data4 0xe090d0b0,0xe090d0b0, 0x33a7d815,0x33a7d815
+ data4 0xf104984a,0xf104984a, 0x41ecdaf7,0x41ecdaf7
+ data4 0x7fcd500e,0x7fcd500e, 0x1791f62f,0x1791f62f
+ data4 0x764dd68d,0x764dd68d, 0x43efb04d,0x43efb04d
+ data4 0xccaa4d54,0xccaa4d54, 0xe49604df,0xe49604df
+ data4 0x9ed1b5e3,0x9ed1b5e3, 0x4c6a881b,0x4c6a881b
+ data4 0xc12c1fb8,0xc12c1fb8, 0x4665517f,0x4665517f
+ data4 0x9d5eea04,0x9d5eea04, 0x018c355d,0x018c355d
+ data4 0xfa877473,0xfa877473, 0xfb0b412e,0xfb0b412e
+ data4 0xb3671d5a,0xb3671d5a, 0x92dbd252,0x92dbd252
+ data4 0xe9105633,0xe9105633, 0x6dd64713,0x6dd64713
+ data4 0x9ad7618c,0x9ad7618c, 0x37a10c7a,0x37a10c7a
+ data4 0x59f8148e,0x59f8148e, 0xeb133c89,0xeb133c89
+ data4 0xcea927ee,0xcea927ee, 0xb761c935,0xb761c935
+ data4 0xe11ce5ed,0xe11ce5ed, 0x7a47b13c,0x7a47b13c
+ data4 0x9cd2df59,0x9cd2df59, 0x55f2733f,0x55f2733f
+ data4 0x1814ce79,0x1814ce79, 0x73c737bf,0x73c737bf
+ data4 0x53f7cdea,0x53f7cdea, 0x5ffdaa5b,0x5ffdaa5b
+ data4 0xdf3d6f14,0xdf3d6f14, 0x7844db86,0x7844db86
+ data4 0xcaaff381,0xcaaff381, 0xb968c43e,0xb968c43e
+ data4 0x3824342c,0x3824342c, 0xc2a3405f,0xc2a3405f
+ data4 0x161dc372,0x161dc372, 0xbce2250c,0xbce2250c
+ data4 0x283c498b,0x283c498b, 0xff0d9541,0xff0d9541
+ data4 0x39a80171,0x39a80171, 0x080cb3de,0x080cb3de
+ data4 0xd8b4e49c,0xd8b4e49c, 0x6456c190,0x6456c190
+ data4 0x7bcb8461,0x7bcb8461, 0xd532b670,0xd532b670
+ data4 0x486c5c74,0x486c5c74, 0xd0b85742,0xd0b85742
// Td4:
- data4 0x52000000, 0x09000000, 0x6a000000, 0xd5000000
- data4 0x30000000, 0x36000000, 0xa5000000, 0x38000000
- data4 0xbf000000, 0x40000000, 0xa3000000, 0x9e000000
- data4 0x81000000, 0xf3000000, 0xd7000000, 0xfb000000
- data4 0x7c000000, 0xe3000000, 0x39000000, 0x82000000
- data4 0x9b000000, 0x2f000000, 0xff000000, 0x87000000
- data4 0x34000000, 0x8e000000, 0x43000000, 0x44000000
- data4 0xc4000000, 0xde000000, 0xe9000000, 0xcb000000
- data4 0x54000000, 0x7b000000, 0x94000000, 0x32000000
- data4 0xa6000000, 0xc2000000, 0x23000000, 0x3d000000
- data4 0xee000000, 0x4c000000, 0x95000000, 0x0b000000
- data4 0x42000000, 0xfa000000, 0xc3000000, 0x4e000000
- data4 0x08000000, 0x2e000000, 0xa1000000, 0x66000000
- data4 0x28000000, 0xd9000000, 0x24000000, 0xb2000000
- data4 0x76000000, 0x5b000000, 0xa2000000, 0x49000000
- data4 0x6d000000, 0x8b000000, 0xd1000000, 0x25000000
- data4 0x72000000, 0xf8000000, 0xf6000000, 0x64000000
- data4 0x86000000, 0x68000000, 0x98000000, 0x16000000
- data4 0xd4000000, 0xa4000000, 0x5c000000, 0xcc000000
- data4 0x5d000000, 0x65000000, 0xb6000000, 0x92000000
- data4 0x6c000000, 0x70000000, 0x48000000, 0x50000000
- data4 0xfd000000, 0xed000000, 0xb9000000, 0xda000000
- data4 0x5e000000, 0x15000000, 0x46000000, 0x57000000
- data4 0xa7000000, 0x8d000000, 0x9d000000, 0x84000000
- data4 0x90000000, 0xd8000000, 0xab000000, 0x00000000
- data4 0x8c000000, 0xbc000000, 0xd3000000, 0x0a000000
- data4 0xf7000000, 0xe4000000, 0x58000000, 0x05000000
- data4 0xb8000000, 0xb3000000, 0x45000000, 0x06000000
- data4 0xd0000000, 0x2c000000, 0x1e000000, 0x8f000000
- data4 0xca000000, 0x3f000000, 0x0f000000, 0x02000000
- data4 0xc1000000, 0xaf000000, 0xbd000000, 0x03000000
- data4 0x01000000, 0x13000000, 0x8a000000, 0x6b000000
- data4 0x3a000000, 0x91000000, 0x11000000, 0x41000000
- data4 0x4f000000, 0x67000000, 0xdc000000, 0xea000000
- data4 0x97000000, 0xf2000000, 0xcf000000, 0xce000000
- data4 0xf0000000, 0xb4000000, 0xe6000000, 0x73000000
- data4 0x96000000, 0xac000000, 0x74000000, 0x22000000
- data4 0xe7000000, 0xad000000, 0x35000000, 0x85000000
- data4 0xe2000000, 0xf9000000, 0x37000000, 0xe8000000
- data4 0x1c000000, 0x75000000, 0xdf000000, 0x6e000000
- data4 0x47000000, 0xf1000000, 0x1a000000, 0x71000000
- data4 0x1d000000, 0x29000000, 0xc5000000, 0x89000000
- data4 0x6f000000, 0xb7000000, 0x62000000, 0x0e000000
- data4 0xaa000000, 0x18000000, 0xbe000000, 0x1b000000
- data4 0xfc000000, 0x56000000, 0x3e000000, 0x4b000000
- data4 0xc6000000, 0xd2000000, 0x79000000, 0x20000000
- data4 0x9a000000, 0xdb000000, 0xc0000000, 0xfe000000
- data4 0x78000000, 0xcd000000, 0x5a000000, 0xf4000000
- data4 0x1f000000, 0xdd000000, 0xa8000000, 0x33000000
- data4 0x88000000, 0x07000000, 0xc7000000, 0x31000000
- data4 0xb1000000, 0x12000000, 0x10000000, 0x59000000
- data4 0x27000000, 0x80000000, 0xec000000, 0x5f000000
- data4 0x60000000, 0x51000000, 0x7f000000, 0xa9000000
- data4 0x19000000, 0xb5000000, 0x4a000000, 0x0d000000
- data4 0x2d000000, 0xe5000000, 0x7a000000, 0x9f000000
- data4 0x93000000, 0xc9000000, 0x9c000000, 0xef000000
- data4 0xa0000000, 0xe0000000, 0x3b000000, 0x4d000000
- data4 0xae000000, 0x2a000000, 0xf5000000, 0xb0000000
- data4 0xc8000000, 0xeb000000, 0xbb000000, 0x3c000000
- data4 0x83000000, 0x53000000, 0x99000000, 0x61000000
- data4 0x17000000, 0x2b000000, 0x04000000, 0x7e000000
- data4 0xba000000, 0x77000000, 0xd6000000, 0x26000000
- data4 0xe1000000, 0x69000000, 0x14000000, 0x63000000
- data4 0x55000000, 0x21000000, 0x0c000000, 0x7d000000
-// Td5:
- data4 0x00520000, 0x00090000, 0x006a0000, 0x00d50000
- data4 0x00300000, 0x00360000, 0x00a50000, 0x00380000
- data4 0x00bf0000, 0x00400000, 0x00a30000, 0x009e0000
- data4 0x00810000, 0x00f30000, 0x00d70000, 0x00fb0000
- data4 0x007c0000, 0x00e30000, 0x00390000, 0x00820000
- data4 0x009b0000, 0x002f0000, 0x00ff0000, 0x00870000
- data4 0x00340000, 0x008e0000, 0x00430000, 0x00440000
- data4 0x00c40000, 0x00de0000, 0x00e90000, 0x00cb0000
- data4 0x00540000, 0x007b0000, 0x00940000, 0x00320000
- data4 0x00a60000, 0x00c20000, 0x00230000, 0x003d0000
- data4 0x00ee0000, 0x004c0000, 0x00950000, 0x000b0000
- data4 0x00420000, 0x00fa0000, 0x00c30000, 0x004e0000
- data4 0x00080000, 0x002e0000, 0x00a10000, 0x00660000
- data4 0x00280000, 0x00d90000, 0x00240000, 0x00b20000
- data4 0x00760000, 0x005b0000, 0x00a20000, 0x00490000
- data4 0x006d0000, 0x008b0000, 0x00d10000, 0x00250000
- data4 0x00720000, 0x00f80000, 0x00f60000, 0x00640000
- data4 0x00860000, 0x00680000, 0x00980000, 0x00160000
- data4 0x00d40000, 0x00a40000, 0x005c0000, 0x00cc0000
- data4 0x005d0000, 0x00650000, 0x00b60000, 0x00920000
- data4 0x006c0000, 0x00700000, 0x00480000, 0x00500000
- data4 0x00fd0000, 0x00ed0000, 0x00b90000, 0x00da0000
- data4 0x005e0000, 0x00150000, 0x00460000, 0x00570000
- data4 0x00a70000, 0x008d0000, 0x009d0000, 0x00840000
- data4 0x00900000, 0x00d80000, 0x00ab0000, 0x00000000
- data4 0x008c0000, 0x00bc0000, 0x00d30000, 0x000a0000
- data4 0x00f70000, 0x00e40000, 0x00580000, 0x00050000
- data4 0x00b80000, 0x00b30000, 0x00450000, 0x00060000
- data4 0x00d00000, 0x002c0000, 0x001e0000, 0x008f0000
- data4 0x00ca0000, 0x003f0000, 0x000f0000, 0x00020000
- data4 0x00c10000, 0x00af0000, 0x00bd0000, 0x00030000
- data4 0x00010000, 0x00130000, 0x008a0000, 0x006b0000
- data4 0x003a0000, 0x00910000, 0x00110000, 0x00410000
- data4 0x004f0000, 0x00670000, 0x00dc0000, 0x00ea0000
- data4 0x00970000, 0x00f20000, 0x00cf0000, 0x00ce0000
- data4 0x00f00000, 0x00b40000, 0x00e60000, 0x00730000
- data4 0x00960000, 0x00ac0000, 0x00740000, 0x00220000
- data4 0x00e70000, 0x00ad0000, 0x00350000, 0x00850000
- data4 0x00e20000, 0x00f90000, 0x00370000, 0x00e80000
- data4 0x001c0000, 0x00750000, 0x00df0000, 0x006e0000
- data4 0x00470000, 0x00f10000, 0x001a0000, 0x00710000
- data4 0x001d0000, 0x00290000, 0x00c50000, 0x00890000
- data4 0x006f0000, 0x00b70000, 0x00620000, 0x000e0000
- data4 0x00aa0000, 0x00180000, 0x00be0000, 0x001b0000
- data4 0x00fc0000, 0x00560000, 0x003e0000, 0x004b0000
- data4 0x00c60000, 0x00d20000, 0x00790000, 0x00200000
- data4 0x009a0000, 0x00db0000, 0x00c00000, 0x00fe0000
- data4 0x00780000, 0x00cd0000, 0x005a0000, 0x00f40000
- data4 0x001f0000, 0x00dd0000, 0x00a80000, 0x00330000
- data4 0x00880000, 0x00070000, 0x00c70000, 0x00310000
- data4 0x00b10000, 0x00120000, 0x00100000, 0x00590000
- data4 0x00270000, 0x00800000, 0x00ec0000, 0x005f0000
- data4 0x00600000, 0x00510000, 0x007f0000, 0x00a90000
- data4 0x00190000, 0x00b50000, 0x004a0000, 0x000d0000
- data4 0x002d0000, 0x00e50000, 0x007a0000, 0x009f0000
- data4 0x00930000, 0x00c90000, 0x009c0000, 0x00ef0000
- data4 0x00a00000, 0x00e00000, 0x003b0000, 0x004d0000
- data4 0x00ae0000, 0x002a0000, 0x00f50000, 0x00b00000
- data4 0x00c80000, 0x00eb0000, 0x00bb0000, 0x003c0000
- data4 0x00830000, 0x00530000, 0x00990000, 0x00610000
- data4 0x00170000, 0x002b0000, 0x00040000, 0x007e0000
- data4 0x00ba0000, 0x00770000, 0x00d60000, 0x00260000
- data4 0x00e10000, 0x00690000, 0x00140000, 0x00630000
- data4 0x00550000, 0x00210000, 0x000c0000, 0x007d0000
-// Td6:
- data4 0x00005200, 0x00000900, 0x00006a00, 0x0000d500
- data4 0x00003000, 0x00003600, 0x0000a500, 0x00003800
- data4 0x0000bf00, 0x00004000, 0x0000a300, 0x00009e00
- data4 0x00008100, 0x0000f300, 0x0000d700, 0x0000fb00
- data4 0x00007c00, 0x0000e300, 0x00003900, 0x00008200
- data4 0x00009b00, 0x00002f00, 0x0000ff00, 0x00008700
- data4 0x00003400, 0x00008e00, 0x00004300, 0x00004400
- data4 0x0000c400, 0x0000de00, 0x0000e900, 0x0000cb00
- data4 0x00005400, 0x00007b00, 0x00009400, 0x00003200
- data4 0x0000a600, 0x0000c200, 0x00002300, 0x00003d00
- data4 0x0000ee00, 0x00004c00, 0x00009500, 0x00000b00
- data4 0x00004200, 0x0000fa00, 0x0000c300, 0x00004e00
- data4 0x00000800, 0x00002e00, 0x0000a100, 0x00006600
- data4 0x00002800, 0x0000d900, 0x00002400, 0x0000b200
- data4 0x00007600, 0x00005b00, 0x0000a200, 0x00004900
- data4 0x00006d00, 0x00008b00, 0x0000d100, 0x00002500
- data4 0x00007200, 0x0000f800, 0x0000f600, 0x00006400
- data4 0x00008600, 0x00006800, 0x00009800, 0x00001600
- data4 0x0000d400, 0x0000a400, 0x00005c00, 0x0000cc00
- data4 0x00005d00, 0x00006500, 0x0000b600, 0x00009200
- data4 0x00006c00, 0x00007000, 0x00004800, 0x00005000
- data4 0x0000fd00, 0x0000ed00, 0x0000b900, 0x0000da00
- data4 0x00005e00, 0x00001500, 0x00004600, 0x00005700
- data4 0x0000a700, 0x00008d00, 0x00009d00, 0x00008400
- data4 0x00009000, 0x0000d800, 0x0000ab00, 0x00000000
- data4 0x00008c00, 0x0000bc00, 0x0000d300, 0x00000a00
- data4 0x0000f700, 0x0000e400, 0x00005800, 0x00000500
- data4 0x0000b800, 0x0000b300, 0x00004500, 0x00000600
- data4 0x0000d000, 0x00002c00, 0x00001e00, 0x00008f00
- data4 0x0000ca00, 0x00003f00, 0x00000f00, 0x00000200
- data4 0x0000c100, 0x0000af00, 0x0000bd00, 0x00000300
- data4 0x00000100, 0x00001300, 0x00008a00, 0x00006b00
- data4 0x00003a00, 0x00009100, 0x00001100, 0x00004100
- data4 0x00004f00, 0x00006700, 0x0000dc00, 0x0000ea00
- data4 0x00009700, 0x0000f200, 0x0000cf00, 0x0000ce00
- data4 0x0000f000, 0x0000b400, 0x0000e600, 0x00007300
- data4 0x00009600, 0x0000ac00, 0x00007400, 0x00002200
- data4 0x0000e700, 0x0000ad00, 0x00003500, 0x00008500
- data4 0x0000e200, 0x0000f900, 0x00003700, 0x0000e800
- data4 0x00001c00, 0x00007500, 0x0000df00, 0x00006e00
- data4 0x00004700, 0x0000f100, 0x00001a00, 0x00007100
- data4 0x00001d00, 0x00002900, 0x0000c500, 0x00008900
- data4 0x00006f00, 0x0000b700, 0x00006200, 0x00000e00
- data4 0x0000aa00, 0x00001800, 0x0000be00, 0x00001b00
- data4 0x0000fc00, 0x00005600, 0x00003e00, 0x00004b00
- data4 0x0000c600, 0x0000d200, 0x00007900, 0x00002000
- data4 0x00009a00, 0x0000db00, 0x0000c000, 0x0000fe00
- data4 0x00007800, 0x0000cd00, 0x00005a00, 0x0000f400
- data4 0x00001f00, 0x0000dd00, 0x0000a800, 0x00003300
- data4 0x00008800, 0x00000700, 0x0000c700, 0x00003100
- data4 0x0000b100, 0x00001200, 0x00001000, 0x00005900
- data4 0x00002700, 0x00008000, 0x0000ec00, 0x00005f00
- data4 0x00006000, 0x00005100, 0x00007f00, 0x0000a900
- data4 0x00001900, 0x0000b500, 0x00004a00, 0x00000d00
- data4 0x00002d00, 0x0000e500, 0x00007a00, 0x00009f00
- data4 0x00009300, 0x0000c900, 0x00009c00, 0x0000ef00
- data4 0x0000a000, 0x0000e000, 0x00003b00, 0x00004d00
- data4 0x0000ae00, 0x00002a00, 0x0000f500, 0x0000b000
- data4 0x0000c800, 0x0000eb00, 0x0000bb00, 0x00003c00
- data4 0x00008300, 0x00005300, 0x00009900, 0x00006100
- data4 0x00001700, 0x00002b00, 0x00000400, 0x00007e00
- data4 0x0000ba00, 0x00007700, 0x0000d600, 0x00002600
- data4 0x0000e100, 0x00006900, 0x00001400, 0x00006300
- data4 0x00005500, 0x00002100, 0x00000c00, 0x00007d00
-// Td7:
- data4 0x00000052, 0x00000009, 0x0000006a, 0x000000d5
- data4 0x00000030, 0x00000036, 0x000000a5, 0x00000038
- data4 0x000000bf, 0x00000040, 0x000000a3, 0x0000009e
- data4 0x00000081, 0x000000f3, 0x000000d7, 0x000000fb
- data4 0x0000007c, 0x000000e3, 0x00000039, 0x00000082
- data4 0x0000009b, 0x0000002f, 0x000000ff, 0x00000087
- data4 0x00000034, 0x0000008e, 0x00000043, 0x00000044
- data4 0x000000c4, 0x000000de, 0x000000e9, 0x000000cb
- data4 0x00000054, 0x0000007b, 0x00000094, 0x00000032
- data4 0x000000a6, 0x000000c2, 0x00000023, 0x0000003d
- data4 0x000000ee, 0x0000004c, 0x00000095, 0x0000000b
- data4 0x00000042, 0x000000fa, 0x000000c3, 0x0000004e
- data4 0x00000008, 0x0000002e, 0x000000a1, 0x00000066
- data4 0x00000028, 0x000000d9, 0x00000024, 0x000000b2
- data4 0x00000076, 0x0000005b, 0x000000a2, 0x00000049
- data4 0x0000006d, 0x0000008b, 0x000000d1, 0x00000025
- data4 0x00000072, 0x000000f8, 0x000000f6, 0x00000064
- data4 0x00000086, 0x00000068, 0x00000098, 0x00000016
- data4 0x000000d4, 0x000000a4, 0x0000005c, 0x000000cc
- data4 0x0000005d, 0x00000065, 0x000000b6, 0x00000092
- data4 0x0000006c, 0x00000070, 0x00000048, 0x00000050
- data4 0x000000fd, 0x000000ed, 0x000000b9, 0x000000da
- data4 0x0000005e, 0x00000015, 0x00000046, 0x00000057
- data4 0x000000a7, 0x0000008d, 0x0000009d, 0x00000084
- data4 0x00000090, 0x000000d8, 0x000000ab, 0x00000000
- data4 0x0000008c, 0x000000bc, 0x000000d3, 0x0000000a
- data4 0x000000f7, 0x000000e4, 0x00000058, 0x00000005
- data4 0x000000b8, 0x000000b3, 0x00000045, 0x00000006
- data4 0x000000d0, 0x0000002c, 0x0000001e, 0x0000008f
- data4 0x000000ca, 0x0000003f, 0x0000000f, 0x00000002
- data4 0x000000c1, 0x000000af, 0x000000bd, 0x00000003
- data4 0x00000001, 0x00000013, 0x0000008a, 0x0000006b
- data4 0x0000003a, 0x00000091, 0x00000011, 0x00000041
- data4 0x0000004f, 0x00000067, 0x000000dc, 0x000000ea
- data4 0x00000097, 0x000000f2, 0x000000cf, 0x000000ce
- data4 0x000000f0, 0x000000b4, 0x000000e6, 0x00000073
- data4 0x00000096, 0x000000ac, 0x00000074, 0x00000022
- data4 0x000000e7, 0x000000ad, 0x00000035, 0x00000085
- data4 0x000000e2, 0x000000f9, 0x00000037, 0x000000e8
- data4 0x0000001c, 0x00000075, 0x000000df, 0x0000006e
- data4 0x00000047, 0x000000f1, 0x0000001a, 0x00000071
- data4 0x0000001d, 0x00000029, 0x000000c5, 0x00000089
- data4 0x0000006f, 0x000000b7, 0x00000062, 0x0000000e
- data4 0x000000aa, 0x00000018, 0x000000be, 0x0000001b
- data4 0x000000fc, 0x00000056, 0x0000003e, 0x0000004b
- data4 0x000000c6, 0x000000d2, 0x00000079, 0x00000020
- data4 0x0000009a, 0x000000db, 0x000000c0, 0x000000fe
- data4 0x00000078, 0x000000cd, 0x0000005a, 0x000000f4
- data4 0x0000001f, 0x000000dd, 0x000000a8, 0x00000033
- data4 0x00000088, 0x00000007, 0x000000c7, 0x00000031
- data4 0x000000b1, 0x00000012, 0x00000010, 0x00000059
- data4 0x00000027, 0x00000080, 0x000000ec, 0x0000005f
- data4 0x00000060, 0x00000051, 0x0000007f, 0x000000a9
- data4 0x00000019, 0x000000b5, 0x0000004a, 0x0000000d
- data4 0x0000002d, 0x000000e5, 0x0000007a, 0x0000009f
- data4 0x00000093, 0x000000c9, 0x0000009c, 0x000000ef
- data4 0x000000a0, 0x000000e0, 0x0000003b, 0x0000004d
- data4 0x000000ae, 0x0000002a, 0x000000f5, 0x000000b0
- data4 0x000000c8, 0x000000eb, 0x000000bb, 0x0000003c
- data4 0x00000083, 0x00000053, 0x00000099, 0x00000061
- data4 0x00000017, 0x0000002b, 0x00000004, 0x0000007e
- data4 0x000000ba, 0x00000077, 0x000000d6, 0x00000026
- data4 0x000000e1, 0x00000069, 0x00000014, 0x00000063
- data4 0x00000055, 0x00000021, 0x0000000c, 0x0000007d
-.size AES_Td#,8*256*4 // HP-UX assembler fails to ".-AES_Td#"
+ data1 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
+ data1 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
+ data1 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
+ data1 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
+ data1 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
+ data1 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
+ data1 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
+ data1 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
+ data1 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
+ data1 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
+ data1 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
+ data1 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
+ data1 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
+ data1 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
+ data1 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
+ data1 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
+ data1 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
+ data1 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
+ data1 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
+ data1 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
+ data1 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
+ data1 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
+ data1 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
+ data1 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
+ data1 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
+ data1 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
+ data1 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
+ data1 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
+ data1 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
+ data1 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
+ data1 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
+ data1 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
+.size AES_Td#,2048+256 // HP-UX assembler fails to ".-AES_Td#"
diff --git a/crypto/aes/asm/aes-x86_64.pl b/crypto/aes/asm/aes-x86_64.pl
new file mode 100755
index 000000000000..44e0bf8cae3a
--- /dev/null
+++ b/crypto/aes/asm/aes-x86_64.pl
@@ -0,0 +1,1578 @@
+#!/usr/bin/env perl
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. Rights for redistribution and usage in source and binary
+# forms are granted according to the OpenSSL license.
+# ====================================================================
+#
+# Version 1.2.
+#
+# aes-*-cbc benchmarks are improved by >70% [compared to gcc 3.3.2 on
+# Opteron 240 CPU] plus all the bells-n-whistles from 32-bit version
+# [you'll notice a lot of resemblance], such as compressed S-boxes
+# in little-endian byte order, prefetch of these tables in CBC mode,
+# as well as avoiding L1 cache aliasing between stack frame and key
+# schedule and already mentioned tables, compressed Td4...
+#
+# Performance in number of cycles per processed byte for 128-bit key:
+#
+# ECB CBC encrypt
+# AMD64 13.7 13.0(*)
+# EM64T 20.2 18.6(*)
+#
+# (*) CBC benchmarks are better than ECB thanks to custom ABI used
+# by the private block encryption function.
+
+$verticalspin=1; # unlike 32-bit version $verticalspin performs
+ # ~15% better on both AMD and Intel cores
+$output=shift;
+open STDOUT,"| $^X ../perlasm/x86_64-xlate.pl $output";
+
+$code=".text\n";
+
+$s0="%eax";
+$s1="%ebx";
+$s2="%ecx";
+$s3="%edx";
+$acc0="%esi";
+$acc1="%edi";
+$acc2="%ebp";
+$inp="%r8";
+$out="%r9";
+$t0="%r10d";
+$t1="%r11d";
+$t2="%r12d";
+$rnds="%r13d";
+$sbox="%r14";
+$key="%r15";
+
+sub hi() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1h/; $r; }
+sub lo() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1l/;
+ $r =~ s/%[er]([sd]i)/%\1l/;
+ $r =~ s/%(r[0-9]+)[d]?/%\1b/; $r; }
+sub _data_word()
+{ my $i;
+ while(defined($i=shift)) { $code.=sprintf".long\t0x%08x,0x%08x\n",$i,$i; }
+}
+sub data_word()
+{ my $i;
+ my $last=pop(@_);
+ $code.=".long\t";
+ while(defined($i=shift)) { $code.=sprintf"0x%08x,",$i; }
+ $code.=sprintf"0x%08x\n",$last;
+}
+
+sub data_byte()
+{ my $i;
+ my $last=pop(@_);
+ $code.=".byte\t";
+ while(defined($i=shift)) { $code.=sprintf"0x%02x,",$i&0xff; }
+ $code.=sprintf"0x%02x\n",$last&0xff;
+}
+
+sub encvert()
+{ my $t3="%r8d"; # zaps $inp!
+
+$code.=<<___;
+ # favor 3-way issue Opteron pipeline...
+ movzb `&lo("$s0")`,$acc0
+ movzb `&lo("$s1")`,$acc1
+ movzb `&lo("$s2")`,$acc2
+ mov 0($sbox,$acc0,8),$t0
+ mov 0($sbox,$acc1,8),$t1
+ mov 0($sbox,$acc2,8),$t2
+
+ movzb `&hi("$s1")`,$acc0
+ movzb `&hi("$s2")`,$acc1
+ movzb `&lo("$s3")`,$acc2
+ xor 3($sbox,$acc0,8),$t0
+ xor 3($sbox,$acc1,8),$t1
+ mov 0($sbox,$acc2,8),$t3
+
+ movzb `&hi("$s3")`,$acc0
+ shr \$16,$s2
+ movzb `&hi("$s0")`,$acc2
+ xor 3($sbox,$acc0,8),$t2
+ shr \$16,$s3
+ xor 3($sbox,$acc2,8),$t3
+
+ shr \$16,$s1
+ lea 16($key),$key
+ shr \$16,$s0
+
+ movzb `&lo("$s2")`,$acc0
+ movzb `&lo("$s3")`,$acc1
+ movzb `&lo("$s0")`,$acc2
+ xor 2($sbox,$acc0,8),$t0
+ xor 2($sbox,$acc1,8),$t1
+ xor 2($sbox,$acc2,8),$t2
+
+ movzb `&hi("$s3")`,$acc0
+ movzb `&hi("$s0")`,$acc1
+ movzb `&lo("$s1")`,$acc2
+ xor 1($sbox,$acc0,8),$t0
+ xor 1($sbox,$acc1,8),$t1
+ xor 2($sbox,$acc2,8),$t3
+
+ mov 12($key),$s3
+ movzb `&hi("$s1")`,$acc1
+ movzb `&hi("$s2")`,$acc2
+ mov 0($key),$s0
+ xor 1($sbox,$acc1,8),$t2
+ xor 1($sbox,$acc2,8),$t3
+
+ mov 4($key),$s1
+ mov 8($key),$s2
+ xor $t0,$s0
+ xor $t1,$s1
+ xor $t2,$s2
+ xor $t3,$s3
+___
+}
+
+sub enclastvert()
+{ my $t3="%r8d"; # zaps $inp!
+
+$code.=<<___;
+ movzb `&lo("$s0")`,$acc0
+ movzb `&lo("$s1")`,$acc1
+ movzb `&lo("$s2")`,$acc2
+ mov 2($sbox,$acc0,8),$t0
+ mov 2($sbox,$acc1,8),$t1
+ mov 2($sbox,$acc2,8),$t2
+
+ and \$0x000000ff,$t0
+ and \$0x000000ff,$t1
+ and \$0x000000ff,$t2
+
+ movzb `&lo("$s3")`,$acc0
+ movzb `&hi("$s1")`,$acc1
+ movzb `&hi("$s2")`,$acc2
+ mov 2($sbox,$acc0,8),$t3
+ mov 0($sbox,$acc1,8),$acc1 #$t0
+ mov 0($sbox,$acc2,8),$acc2 #$t1
+
+ and \$0x000000ff,$t3
+ and \$0x0000ff00,$acc1
+ and \$0x0000ff00,$acc2
+
+ xor $acc1,$t0
+ xor $acc2,$t1
+ shr \$16,$s2
+
+ movzb `&hi("$s3")`,$acc0
+ movzb `&hi("$s0")`,$acc1
+ shr \$16,$s3
+ mov 0($sbox,$acc0,8),$acc0 #$t2
+ mov 0($sbox,$acc1,8),$acc1 #$t3
+
+ and \$0x0000ff00,$acc0
+ and \$0x0000ff00,$acc1
+ shr \$16,$s1
+ xor $acc0,$t2
+ xor $acc1,$t3
+ shr \$16,$s0
+
+ movzb `&lo("$s2")`,$acc0
+ movzb `&lo("$s3")`,$acc1
+ movzb `&lo("$s0")`,$acc2
+ mov 0($sbox,$acc0,8),$acc0 #$t0
+ mov 0($sbox,$acc1,8),$acc1 #$t1
+ mov 0($sbox,$acc2,8),$acc2 #$t2
+
+ and \$0x00ff0000,$acc0
+ and \$0x00ff0000,$acc1
+ and \$0x00ff0000,$acc2
+
+ xor $acc0,$t0
+ xor $acc1,$t1
+ xor $acc2,$t2
+
+ movzb `&lo("$s1")`,$acc0
+ movzb `&hi("$s3")`,$acc1
+ movzb `&hi("$s0")`,$acc2
+ mov 0($sbox,$acc0,8),$acc0 #$t3
+ mov 2($sbox,$acc1,8),$acc1 #$t0
+ mov 2($sbox,$acc2,8),$acc2 #$t1
+
+ and \$0x00ff0000,$acc0
+ and \$0xff000000,$acc1
+ and \$0xff000000,$acc2
+
+ xor $acc0,$t3
+ xor $acc1,$t0
+ xor $acc2,$t1
+
+ movzb `&hi("$s1")`,$acc0
+ movzb `&hi("$s2")`,$acc1
+ mov 16+12($key),$s3
+ mov 2($sbox,$acc0,8),$acc0 #$t2
+ mov 2($sbox,$acc1,8),$acc1 #$t3
+ mov 16+0($key),$s0
+
+ and \$0xff000000,$acc0
+ and \$0xff000000,$acc1
+
+ xor $acc0,$t2
+ xor $acc1,$t3
+
+ mov 16+4($key),$s1
+ mov 16+8($key),$s2
+ xor $t0,$s0
+ xor $t1,$s1
+ xor $t2,$s2
+ xor $t3,$s3
+___
+}
+
+sub encstep()
+{ my ($i,@s) = @_;
+ my $tmp0=$acc0;
+ my $tmp1=$acc1;
+ my $tmp2=$acc2;
+ my $out=($t0,$t1,$t2,$s[0])[$i];
+
+ if ($i==3) {
+ $tmp0=$s[1];
+ $tmp1=$s[2];
+ $tmp2=$s[3];
+ }
+ $code.=" movzb ".&lo($s[0]).",$out\n";
+ $code.=" mov $s[2],$tmp1\n" if ($i!=3);
+ $code.=" lea 16($key),$key\n" if ($i==0);
+
+ $code.=" movzb ".&hi($s[1]).",$tmp0\n";
+ $code.=" mov 0($sbox,$out,8),$out\n";
+
+ $code.=" shr \$16,$tmp1\n";
+ $code.=" mov $s[3],$tmp2\n" if ($i!=3);
+ $code.=" xor 3($sbox,$tmp0,8),$out\n";
+
+ $code.=" movzb ".&lo($tmp1).",$tmp1\n";
+ $code.=" shr \$24,$tmp2\n";
+ $code.=" xor 4*$i($key),$out\n";
+
+ $code.=" xor 2($sbox,$tmp1,8),$out\n";
+ $code.=" xor 1($sbox,$tmp2,8),$out\n";
+
+ $code.=" mov $t0,$s[1]\n" if ($i==3);
+ $code.=" mov $t1,$s[2]\n" if ($i==3);
+ $code.=" mov $t2,$s[3]\n" if ($i==3);
+ $code.="\n";
+}
+
+sub enclast()
+{ my ($i,@s)=@_;
+ my $tmp0=$acc0;
+ my $tmp1=$acc1;
+ my $tmp2=$acc2;
+ my $out=($t0,$t1,$t2,$s[0])[$i];
+
+ if ($i==3) {
+ $tmp0=$s[1];
+ $tmp1=$s[2];
+ $tmp2=$s[3];
+ }
+ $code.=" movzb ".&lo($s[0]).",$out\n";
+ $code.=" mov $s[2],$tmp1\n" if ($i!=3);
+
+ $code.=" mov 2($sbox,$out,8),$out\n";
+ $code.=" shr \$16,$tmp1\n";
+ $code.=" mov $s[3],$tmp2\n" if ($i!=3);
+
+ $code.=" and \$0x000000ff,$out\n";
+ $code.=" movzb ".&hi($s[1]).",$tmp0\n";
+ $code.=" movzb ".&lo($tmp1).",$tmp1\n";
+ $code.=" shr \$24,$tmp2\n";
+
+ $code.=" mov 0($sbox,$tmp0,8),$tmp0\n";
+ $code.=" mov 0($sbox,$tmp1,8),$tmp1\n";
+ $code.=" mov 2($sbox,$tmp2,8),$tmp2\n";
+
+ $code.=" and \$0x0000ff00,$tmp0\n";
+ $code.=" and \$0x00ff0000,$tmp1\n";
+ $code.=" and \$0xff000000,$tmp2\n";
+
+ $code.=" xor $tmp0,$out\n";
+ $code.=" mov $t0,$s[1]\n" if ($i==3);
+ $code.=" xor $tmp1,$out\n";
+ $code.=" mov $t1,$s[2]\n" if ($i==3);
+ $code.=" xor $tmp2,$out\n";
+ $code.=" mov $t2,$s[3]\n" if ($i==3);
+ $code.="\n";
+}
+
+$code.=<<___;
+.type _x86_64_AES_encrypt,\@abi-omnipotent
+.align 16
+_x86_64_AES_encrypt:
+ xor 0($key),$s0 # xor with key
+ xor 4($key),$s1
+ xor 8($key),$s2
+ xor 12($key),$s3
+
+ mov 240($key),$rnds # load key->rounds
+ sub \$1,$rnds
+ jmp .Lenc_loop
+.align 16
+.Lenc_loop:
+___
+ if ($verticalspin) { &encvert(); }
+ else { &encstep(0,$s0,$s1,$s2,$s3);
+ &encstep(1,$s1,$s2,$s3,$s0);
+ &encstep(2,$s2,$s3,$s0,$s1);
+ &encstep(3,$s3,$s0,$s1,$s2);
+ }
+$code.=<<___;
+ sub \$1,$rnds
+ jnz .Lenc_loop
+___
+ if ($verticalspin) { &enclastvert(); }
+ else { &enclast(0,$s0,$s1,$s2,$s3);
+ &enclast(1,$s1,$s2,$s3,$s0);
+ &enclast(2,$s2,$s3,$s0,$s1);
+ &enclast(3,$s3,$s0,$s1,$s2);
+ $code.=<<___;
+ xor 16+0($key),$s0 # xor with key
+ xor 16+4($key),$s1
+ xor 16+8($key),$s2
+ xor 16+12($key),$s3
+___
+ }
+$code.=<<___;
+ .byte 0xf3,0xc3 # rep ret
+.size _x86_64_AES_encrypt,.-_x86_64_AES_encrypt
+___
+
+# void AES_encrypt (const void *inp,void *out,const AES_KEY *key);
+$code.=<<___;
+.globl AES_encrypt
+.type AES_encrypt,\@function,3
+.align 16
+AES_encrypt:
+ push %rbx
+ push %rbp
+ push %r12
+ push %r13
+ push %r14
+ push %r15
+
+ mov %rdx,$key
+ mov %rdi,$inp
+ mov %rsi,$out
+
+ .picmeup $sbox
+ lea AES_Te-.($sbox),$sbox
+
+ mov 0($inp),$s0
+ mov 4($inp),$s1
+ mov 8($inp),$s2
+ mov 12($inp),$s3
+
+ call _x86_64_AES_encrypt
+
+ mov $s0,0($out)
+ mov $s1,4($out)
+ mov $s2,8($out)
+ mov $s3,12($out)
+
+ pop %r15
+ pop %r14
+ pop %r13
+ pop %r12
+ pop %rbp
+ pop %rbx
+ ret
+.size AES_encrypt,.-AES_encrypt
+___
+
+#------------------------------------------------------------------#
+
+sub decvert()
+{ my $t3="%r8d"; # zaps $inp!
+
+$code.=<<___;
+ # favor 3-way issue Opteron pipeline...
+ movzb `&lo("$s0")`,$acc0
+ movzb `&lo("$s1")`,$acc1
+ movzb `&lo("$s2")`,$acc2
+ mov 0($sbox,$acc0,8),$t0
+ mov 0($sbox,$acc1,8),$t1
+ mov 0($sbox,$acc2,8),$t2
+
+ movzb `&hi("$s3")`,$acc0
+ movzb `&hi("$s0")`,$acc1
+ movzb `&lo("$s3")`,$acc2
+ xor 3($sbox,$acc0,8),$t0
+ xor 3($sbox,$acc1,8),$t1
+ mov 0($sbox,$acc2,8),$t3
+
+ movzb `&hi("$s1")`,$acc0
+ shr \$16,$s0
+ movzb `&hi("$s2")`,$acc2
+ xor 3($sbox,$acc0,8),$t2
+ shr \$16,$s3
+ xor 3($sbox,$acc2,8),$t3
+
+ shr \$16,$s1
+ lea 16($key),$key
+ shr \$16,$s2
+
+ movzb `&lo("$s2")`,$acc0
+ movzb `&lo("$s3")`,$acc1
+ movzb `&lo("$s0")`,$acc2
+ xor 2($sbox,$acc0,8),$t0
+ xor 2($sbox,$acc1,8),$t1
+ xor 2($sbox,$acc2,8),$t2
+
+ movzb `&hi("$s1")`,$acc0
+ movzb `&hi("$s2")`,$acc1
+ movzb `&lo("$s1")`,$acc2
+ xor 1($sbox,$acc0,8),$t0
+ xor 1($sbox,$acc1,8),$t1
+ xor 2($sbox,$acc2,8),$t3
+
+ movzb `&hi("$s3")`,$acc0
+ mov 12($key),$s3
+ movzb `&hi("$s0")`,$acc2
+ xor 1($sbox,$acc0,8),$t2
+ mov 0($key),$s0
+ xor 1($sbox,$acc2,8),$t3
+
+ xor $t0,$s0
+ mov 4($key),$s1
+ mov 8($key),$s2
+ xor $t2,$s2
+ xor $t1,$s1
+ xor $t3,$s3
+___
+}
+
+sub declastvert()
+{ my $t3="%r8d"; # zaps $inp!
+
+$code.=<<___;
+ movzb `&lo("$s0")`,$acc0
+ movzb `&lo("$s1")`,$acc1
+ movzb `&lo("$s2")`,$acc2
+ movzb 2048($sbox,$acc0,1),$t0
+ movzb 2048($sbox,$acc1,1),$t1
+ movzb 2048($sbox,$acc2,1),$t2
+
+ movzb `&lo("$s3")`,$acc0
+ movzb `&hi("$s3")`,$acc1
+ movzb `&hi("$s0")`,$acc2
+ movzb 2048($sbox,$acc0,1),$t3
+ movzb 2048($sbox,$acc1,1),$acc1 #$t0
+ movzb 2048($sbox,$acc2,1),$acc2 #$t1
+
+ shl \$8,$acc1
+ shl \$8,$acc2
+
+ xor $acc1,$t0
+ xor $acc2,$t1
+ shr \$16,$s3
+
+ movzb `&hi("$s1")`,$acc0
+ movzb `&hi("$s2")`,$acc1
+ shr \$16,$s0
+ movzb 2048($sbox,$acc0,1),$acc0 #$t2
+ movzb 2048($sbox,$acc1,1),$acc1 #$t3
+
+ shl \$8,$acc0
+ shl \$8,$acc1
+ shr \$16,$s1
+ xor $acc0,$t2
+ xor $acc1,$t3
+ shr \$16,$s2
+
+ movzb `&lo("$s2")`,$acc0
+ movzb `&lo("$s3")`,$acc1
+ movzb `&lo("$s0")`,$acc2
+ movzb 2048($sbox,$acc0,1),$acc0 #$t0
+ movzb 2048($sbox,$acc1,1),$acc1 #$t1
+ movzb 2048($sbox,$acc2,1),$acc2 #$t2
+
+ shl \$16,$acc0
+ shl \$16,$acc1
+ shl \$16,$acc2
+
+ xor $acc0,$t0
+ xor $acc1,$t1
+ xor $acc2,$t2
+
+ movzb `&lo("$s1")`,$acc0
+ movzb `&hi("$s1")`,$acc1
+ movzb `&hi("$s2")`,$acc2
+ movzb 2048($sbox,$acc0,1),$acc0 #$t3
+ movzb 2048($sbox,$acc1,1),$acc1 #$t0
+ movzb 2048($sbox,$acc2,1),$acc2 #$t1
+
+ shl \$16,$acc0
+ shl \$24,$acc1
+ shl \$24,$acc2
+
+ xor $acc0,$t3
+ xor $acc1,$t0
+ xor $acc2,$t1
+
+ movzb `&hi("$s3")`,$acc0
+ movzb `&hi("$s0")`,$acc1
+ mov 16+12($key),$s3
+ movzb 2048($sbox,$acc0,1),$acc0 #$t2
+ movzb 2048($sbox,$acc1,1),$acc1 #$t3
+ mov 16+0($key),$s0
+
+ shl \$24,$acc0
+ shl \$24,$acc1
+
+ xor $acc0,$t2
+ xor $acc1,$t3
+
+ mov 16+4($key),$s1
+ mov 16+8($key),$s2
+ xor $t0,$s0
+ xor $t1,$s1
+ xor $t2,$s2
+ xor $t3,$s3
+___
+}
+
+sub decstep()
+{ my ($i,@s) = @_;
+ my $tmp0=$acc0;
+ my $tmp1=$acc1;
+ my $tmp2=$acc2;
+ my $out=($t0,$t1,$t2,$s[0])[$i];
+
+ $code.=" mov $s[0],$out\n" if ($i!=3);
+ $tmp1=$s[2] if ($i==3);
+ $code.=" mov $s[2],$tmp1\n" if ($i!=3);
+ $code.=" and \$0xFF,$out\n";
+
+ $code.=" mov 0($sbox,$out,8),$out\n";
+ $code.=" shr \$16,$tmp1\n";
+ $tmp2=$s[3] if ($i==3);
+ $code.=" mov $s[3],$tmp2\n" if ($i!=3);
+
+ $tmp0=$s[1] if ($i==3);
+ $code.=" movzb ".&hi($s[1]).",$tmp0\n";
+ $code.=" and \$0xFF,$tmp1\n";
+ $code.=" shr \$24,$tmp2\n";
+
+ $code.=" xor 3($sbox,$tmp0,8),$out\n";
+ $code.=" xor 2($sbox,$tmp1,8),$out\n";
+ $code.=" xor 1($sbox,$tmp2,8),$out\n";
+
+ $code.=" mov $t2,$s[1]\n" if ($i==3);
+ $code.=" mov $t1,$s[2]\n" if ($i==3);
+ $code.=" mov $t0,$s[3]\n" if ($i==3);
+ $code.="\n";
+}
+
+sub declast()
+{ my ($i,@s)=@_;
+ my $tmp0=$acc0;
+ my $tmp1=$acc1;
+ my $tmp2=$acc2;
+ my $out=($t0,$t1,$t2,$s[0])[$i];
+
+ $code.=" mov $s[0],$out\n" if ($i!=3);
+ $tmp1=$s[2] if ($i==3);
+ $code.=" mov $s[2],$tmp1\n" if ($i!=3);
+ $code.=" and \$0xFF,$out\n";
+
+ $code.=" movzb 2048($sbox,$out,1),$out\n";
+ $code.=" shr \$16,$tmp1\n";
+ $tmp2=$s[3] if ($i==3);
+ $code.=" mov $s[3],$tmp2\n" if ($i!=3);
+
+ $tmp0=$s[1] if ($i==3);
+ $code.=" movzb ".&hi($s[1]).",$tmp0\n";
+ $code.=" and \$0xFF,$tmp1\n";
+ $code.=" shr \$24,$tmp2\n";
+
+ $code.=" movzb 2048($sbox,$tmp0,1),$tmp0\n";
+ $code.=" movzb 2048($sbox,$tmp1,1),$tmp1\n";
+ $code.=" movzb 2048($sbox,$tmp2,1),$tmp2\n";
+
+ $code.=" shl \$8,$tmp0\n";
+ $code.=" shl \$16,$tmp1\n";
+ $code.=" shl \$24,$tmp2\n";
+
+ $code.=" xor $tmp0,$out\n";
+ $code.=" mov $t2,$s[1]\n" if ($i==3);
+ $code.=" xor $tmp1,$out\n";
+ $code.=" mov $t1,$s[2]\n" if ($i==3);
+ $code.=" xor $tmp2,$out\n";
+ $code.=" mov $t0,$s[3]\n" if ($i==3);
+ $code.="\n";
+}
+
+$code.=<<___;
+.type _x86_64_AES_decrypt,\@abi-omnipotent
+.align 16
+_x86_64_AES_decrypt:
+ xor 0($key),$s0 # xor with key
+ xor 4($key),$s1
+ xor 8($key),$s2
+ xor 12($key),$s3
+
+ mov 240($key),$rnds # load key->rounds
+ sub \$1,$rnds
+ jmp .Ldec_loop
+.align 16
+.Ldec_loop:
+___
+ if ($verticalspin) { &decvert(); }
+ else { &decstep(0,$s0,$s3,$s2,$s1);
+ &decstep(1,$s1,$s0,$s3,$s2);
+ &decstep(2,$s2,$s1,$s0,$s3);
+ &decstep(3,$s3,$s2,$s1,$s0);
+ $code.=<<___;
+ lea 16($key),$key
+ xor 0($key),$s0 # xor with key
+ xor 4($key),$s1
+ xor 8($key),$s2
+ xor 12($key),$s3
+___
+ }
+$code.=<<___;
+ sub \$1,$rnds
+ jnz .Ldec_loop
+___
+ if ($verticalspin) { &declastvert(); }
+ else { &declast(0,$s0,$s3,$s2,$s1);
+ &declast(1,$s1,$s0,$s3,$s2);
+ &declast(2,$s2,$s1,$s0,$s3);
+ &declast(3,$s3,$s2,$s1,$s0);
+ $code.=<<___;
+ xor 16+0($key),$s0 # xor with key
+ xor 16+4($key),$s1
+ xor 16+8($key),$s2
+ xor 16+12($key),$s3
+___
+ }
+$code.=<<___;
+ .byte 0xf3,0xc3 # rep ret
+.size _x86_64_AES_decrypt,.-_x86_64_AES_decrypt
+___
+
+# void AES_decrypt (const void *inp,void *out,const AES_KEY *key);
+$code.=<<___;
+.globl AES_decrypt
+.type AES_decrypt,\@function,3
+.align 16
+AES_decrypt:
+ push %rbx
+ push %rbp
+ push %r12
+ push %r13
+ push %r14
+ push %r15
+
+ mov %rdx,$key
+ mov %rdi,$inp
+ mov %rsi,$out
+
+ .picmeup $sbox
+ lea AES_Td-.($sbox),$sbox
+
+ # prefetch Td4
+ lea 2048+128($sbox),$sbox;
+ mov 0-128($sbox),$s0
+ mov 32-128($sbox),$s1
+ mov 64-128($sbox),$s2
+ mov 96-128($sbox),$s3
+ mov 128-128($sbox),$s0
+ mov 160-128($sbox),$s1
+ mov 192-128($sbox),$s2
+ mov 224-128($sbox),$s3
+ lea -2048-128($sbox),$sbox;
+
+ mov 0($inp),$s0
+ mov 4($inp),$s1
+ mov 8($inp),$s2
+ mov 12($inp),$s3
+
+ call _x86_64_AES_decrypt
+
+ mov $s0,0($out)
+ mov $s1,4($out)
+ mov $s2,8($out)
+ mov $s3,12($out)
+
+ pop %r15
+ pop %r14
+ pop %r13
+ pop %r12
+ pop %rbp
+ pop %rbx
+ ret
+.size AES_decrypt,.-AES_decrypt
+___
+#------------------------------------------------------------------#
+
+sub enckey()
+{
+$code.=<<___;
+ movz %dl,%esi # rk[i]>>0
+ mov 2(%rbp,%rsi,8),%ebx
+ movz %dh,%esi # rk[i]>>8
+ and \$0xFF000000,%ebx
+ xor %ebx,%eax
+
+ mov 2(%rbp,%rsi,8),%ebx
+ shr \$16,%edx
+ and \$0x000000FF,%ebx
+ movz %dl,%esi # rk[i]>>16
+ xor %ebx,%eax
+
+ mov 0(%rbp,%rsi,8),%ebx
+ movz %dh,%esi # rk[i]>>24
+ and \$0x0000FF00,%ebx
+ xor %ebx,%eax
+
+ mov 0(%rbp,%rsi,8),%ebx
+ and \$0x00FF0000,%ebx
+ xor %ebx,%eax
+
+ xor 2048(%rbp,%rcx,4),%eax # rcon
+___
+}
+
+# int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+# AES_KEY *key)
+$code.=<<___;
+.globl AES_set_encrypt_key
+.type AES_set_encrypt_key,\@function,3
+.align 16
+AES_set_encrypt_key:
+ push %rbx
+ push %rbp
+
+ mov %esi,%ecx # %ecx=bits
+ mov %rdi,%rsi # %rsi=userKey
+ mov %rdx,%rdi # %rdi=key
+
+ test \$-1,%rsi
+ jz .Lbadpointer
+ test \$-1,%rdi
+ jz .Lbadpointer
+
+ .picmeup %rbp
+ lea AES_Te-.(%rbp),%rbp
+
+ cmp \$128,%ecx
+ je .L10rounds
+ cmp \$192,%ecx
+ je .L12rounds
+ cmp \$256,%ecx
+ je .L14rounds
+ mov \$-2,%rax # invalid number of bits
+ jmp .Lexit
+
+.L10rounds:
+ mov 0(%rsi),%eax # copy first 4 dwords
+ mov 4(%rsi),%ebx
+ mov 8(%rsi),%ecx
+ mov 12(%rsi),%edx
+ mov %eax,0(%rdi)
+ mov %ebx,4(%rdi)
+ mov %ecx,8(%rdi)
+ mov %edx,12(%rdi)
+
+ xor %ecx,%ecx
+ jmp .L10shortcut
+.align 4
+.L10loop:
+ mov 0(%rdi),%eax # rk[0]
+ mov 12(%rdi),%edx # rk[3]
+.L10shortcut:
+___
+ &enckey ();
+$code.=<<___;
+ mov %eax,16(%rdi) # rk[4]
+ xor 4(%rdi),%eax
+ mov %eax,20(%rdi) # rk[5]
+ xor 8(%rdi),%eax
+ mov %eax,24(%rdi) # rk[6]
+ xor 12(%rdi),%eax
+ mov %eax,28(%rdi) # rk[7]
+ add \$1,%ecx
+ lea 16(%rdi),%rdi
+ cmp \$10,%ecx
+ jl .L10loop
+
+ movl \$10,80(%rdi) # setup number of rounds
+ xor %rax,%rax
+ jmp .Lexit
+
+.L12rounds:
+ mov 0(%rsi),%eax # copy first 6 dwords
+ mov 4(%rsi),%ebx
+ mov 8(%rsi),%ecx
+ mov 12(%rsi),%edx
+ mov %eax,0(%rdi)
+ mov %ebx,4(%rdi)
+ mov %ecx,8(%rdi)
+ mov %edx,12(%rdi)
+ mov 16(%rsi),%ecx
+ mov 20(%rsi),%edx
+ mov %ecx,16(%rdi)
+ mov %edx,20(%rdi)
+
+ xor %ecx,%ecx
+ jmp .L12shortcut
+.align 4
+.L12loop:
+ mov 0(%rdi),%eax # rk[0]
+ mov 20(%rdi),%edx # rk[5]
+.L12shortcut:
+___
+ &enckey ();
+$code.=<<___;
+ mov %eax,24(%rdi) # rk[6]
+ xor 4(%rdi),%eax
+ mov %eax,28(%rdi) # rk[7]
+ xor 8(%rdi),%eax
+ mov %eax,32(%rdi) # rk[8]
+ xor 12(%rdi),%eax
+ mov %eax,36(%rdi) # rk[9]
+
+ cmp \$7,%ecx
+ je .L12break
+ add \$1,%ecx
+
+ xor 16(%rdi),%eax
+ mov %eax,40(%rdi) # rk[10]
+ xor 20(%rdi),%eax
+ mov %eax,44(%rdi) # rk[11]
+
+ lea 24(%rdi),%rdi
+ jmp .L12loop
+.L12break:
+ movl \$12,72(%rdi) # setup number of rounds
+ xor %rax,%rax
+ jmp .Lexit
+
+.L14rounds:
+ mov 0(%rsi),%eax # copy first 8 dwords
+ mov 4(%rsi),%ebx
+ mov 8(%rsi),%ecx
+ mov 12(%rsi),%edx
+ mov %eax,0(%rdi)
+ mov %ebx,4(%rdi)
+ mov %ecx,8(%rdi)
+ mov %edx,12(%rdi)
+ mov 16(%rsi),%eax
+ mov 20(%rsi),%ebx
+ mov 24(%rsi),%ecx
+ mov 28(%rsi),%edx
+ mov %eax,16(%rdi)
+ mov %ebx,20(%rdi)
+ mov %ecx,24(%rdi)
+ mov %edx,28(%rdi)
+
+ xor %ecx,%ecx
+ jmp .L14shortcut
+.align 4
+.L14loop:
+ mov 28(%rdi),%edx # rk[4]
+.L14shortcut:
+ mov 0(%rdi),%eax # rk[0]
+___
+ &enckey ();
+$code.=<<___;
+ mov %eax,32(%rdi) # rk[8]
+ xor 4(%rdi),%eax
+ mov %eax,36(%rdi) # rk[9]
+ xor 8(%rdi),%eax
+ mov %eax,40(%rdi) # rk[10]
+ xor 12(%rdi),%eax
+ mov %eax,44(%rdi) # rk[11]
+
+ cmp \$6,%ecx
+ je .L14break
+ add \$1,%ecx
+
+ mov %eax,%edx
+ mov 16(%rdi),%eax # rk[4]
+ movz %dl,%esi # rk[11]>>0
+ mov 2(%rbp,%rsi,8),%ebx
+ movz %dh,%esi # rk[11]>>8
+ and \$0x000000FF,%ebx
+ xor %ebx,%eax
+
+ mov 0(%rbp,%rsi,8),%ebx
+ shr \$16,%edx
+ and \$0x0000FF00,%ebx
+ movz %dl,%esi # rk[11]>>16
+ xor %ebx,%eax
+
+ mov 0(%rbp,%rsi,8),%ebx
+ movz %dh,%esi # rk[11]>>24
+ and \$0x00FF0000,%ebx
+ xor %ebx,%eax
+
+ mov 2(%rbp,%rsi,8),%ebx
+ and \$0xFF000000,%ebx
+ xor %ebx,%eax
+
+ mov %eax,48(%rdi) # rk[12]
+ xor 20(%rdi),%eax
+ mov %eax,52(%rdi) # rk[13]
+ xor 24(%rdi),%eax
+ mov %eax,56(%rdi) # rk[14]
+ xor 28(%rdi),%eax
+ mov %eax,60(%rdi) # rk[15]
+
+ lea 32(%rdi),%rdi
+ jmp .L14loop
+.L14break:
+ movl \$14,48(%rdi) # setup number of rounds
+ xor %rax,%rax
+ jmp .Lexit
+
+.Lbadpointer:
+ mov \$-1,%rax
+.Lexit:
+ pop %rbp
+ pop %rbx
+ ret
+.size AES_set_encrypt_key,.-AES_set_encrypt_key
+___
+
+sub deckey()
+{ my ($i,$ptr,$te,$td) = @_;
+$code.=<<___;
+ mov $i($ptr),%eax
+ mov %eax,%edx
+ movz %ah,%ebx
+ shr \$16,%edx
+ and \$0xFF,%eax
+ movzb 2($te,%rax,8),%rax
+ movzb 2($te,%rbx,8),%rbx
+ mov 0($td,%rax,8),%eax
+ xor 3($td,%rbx,8),%eax
+ movzb %dh,%ebx
+ and \$0xFF,%edx
+ movzb 2($te,%rdx,8),%rdx
+ movzb 2($te,%rbx,8),%rbx
+ xor 2($td,%rdx,8),%eax
+ xor 1($td,%rbx,8),%eax
+ mov %eax,$i($ptr)
+___
+}
+
+# int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+# AES_KEY *key)
+$code.=<<___;
+.globl AES_set_decrypt_key
+.type AES_set_decrypt_key,\@function,3
+.align 16
+AES_set_decrypt_key:
+ push %rdx
+ call AES_set_encrypt_key
+ cmp \$0,%eax
+ je .Lproceed
+ lea 24(%rsp),%rsp
+ ret
+.Lproceed:
+ mov (%rsp),%r8 # restore key schedule
+ mov %rbx,(%rsp)
+
+ mov 240(%r8),%ecx # pull number of rounds
+ xor %rdi,%rdi
+ lea (%rdi,%rcx,4),%rcx
+ mov %r8,%rsi
+ lea (%r8,%rcx,4),%rdi # pointer to last chunk
+.align 4
+.Linvert:
+ mov 0(%rsi),%rax
+ mov 8(%rsi),%rbx
+ mov 0(%rdi),%rcx
+ mov 8(%rdi),%rdx
+ mov %rax,0(%rdi)
+ mov %rbx,8(%rdi)
+ mov %rcx,0(%rsi)
+ mov %rdx,8(%rsi)
+ lea 16(%rsi),%rsi
+ lea -16(%rdi),%rdi
+ cmp %rsi,%rdi
+ jne .Linvert
+
+ .picmeup %r9
+ lea AES_Td-.(%r9),%rdi
+ lea AES_Te-AES_Td(%rdi),%r9
+
+ mov %r8,%rsi
+ mov 240(%r8),%ecx # pull number of rounds
+ sub \$1,%ecx
+.align 4
+.Lpermute:
+ lea 16(%rsi),%rsi
+___
+ &deckey (0,"%rsi","%r9","%rdi");
+ &deckey (4,"%rsi","%r9","%rdi");
+ &deckey (8,"%rsi","%r9","%rdi");
+ &deckey (12,"%rsi","%r9","%rdi");
+$code.=<<___;
+ sub \$1,%ecx
+ jnz .Lpermute
+
+ xor %rax,%rax
+ pop %rbx
+ ret
+.size AES_set_decrypt_key,.-AES_set_decrypt_key
+___
+
+# void AES_cbc_encrypt (const void char *inp, unsigned char *out,
+# size_t length, const AES_KEY *key,
+# unsigned char *ivp,const int enc);
+{
+# stack frame layout
+# -8(%rsp) return address
+my $_rsp="0(%rsp)"; # saved %rsp
+my $_len="8(%rsp)"; # copy of 3rd parameter, length
+my $_key="16(%rsp)"; # copy of 4th parameter, key
+my $_ivp="24(%rsp)"; # copy of 5th parameter, ivp
+my $keyp="32(%rsp)"; # one to pass as $key
+my $ivec="40(%rsp)"; # ivec[16]
+my $aes_key="56(%rsp)"; # copy of aes_key
+my $mark="56+240(%rsp)"; # copy of aes_key->rounds
+
+$code.=<<___;
+.globl AES_cbc_encrypt
+.type AES_cbc_encrypt,\@function,6
+.align 16
+AES_cbc_encrypt:
+ cmp \$0,%rdx # check length
+ je .Lcbc_just_ret
+ push %rbx
+ push %rbp
+ push %r12
+ push %r13
+ push %r14
+ push %r15
+ pushfq
+ cld
+ mov %r9d,%r9d # clear upper half of enc
+
+ .picmeup $sbox
+.Lcbc_pic_point:
+
+ cmp \$0,%r9
+ je .LDECRYPT
+
+ lea AES_Te-.Lcbc_pic_point($sbox),$sbox
+
+ # allocate aligned stack frame...
+ lea -64-248(%rsp),$key
+ and \$-64,$key
+
+ # ... and make it doesn't alias with AES_Te modulo 4096
+ mov $sbox,%r10
+ lea 2048($sbox),%r11
+ mov $key,%r12
+ and \$0xFFF,%r10 # s = $sbox&0xfff
+ and \$0xFFF,%r11 # e = ($sbox+2048)&0xfff
+ and \$0xFFF,%r12 # p = %rsp&0xfff
+
+ cmp %r11,%r12 # if (p=>e) %rsp =- (p-e);
+ jb .Lcbc_te_break_out
+ sub %r11,%r12
+ sub %r12,$key
+ jmp .Lcbc_te_ok
+.Lcbc_te_break_out: # else %rsp -= (p-s)&0xfff + framesz
+ sub %r10,%r12
+ and \$0xFFF,%r12
+ add \$320,%r12
+ sub %r12,$key
+.align 4
+.Lcbc_te_ok:
+
+ xchg %rsp,$key
+ add \$8,%rsp # reserve for return address!
+ mov $key,$_rsp # save %rsp
+ mov %rdx,$_len # save copy of len
+ mov %rcx,$_key # save copy of key
+ mov %r8,$_ivp # save copy of ivp
+ movl \$0,$mark # copy of aes_key->rounds = 0;
+ mov %r8,%rbp # rearrange input arguments
+ mov %rsi,$out
+ mov %rdi,$inp
+ mov %rcx,$key
+
+ # do we copy key schedule to stack?
+ mov $key,%r10
+ sub $sbox,%r10
+ and \$0xfff,%r10
+ cmp \$2048,%r10
+ jb .Lcbc_do_ecopy
+ cmp \$4096-248,%r10
+ jb .Lcbc_skip_ecopy
+.align 4
+.Lcbc_do_ecopy:
+ mov $key,%rsi
+ lea $aes_key,%rdi
+ lea $aes_key,$key
+ mov \$240/8,%ecx
+ .long 0x90A548F3 # rep movsq
+ mov (%rsi),%eax # copy aes_key->rounds
+ mov %eax,(%rdi)
+.Lcbc_skip_ecopy:
+ mov $key,$keyp # save key pointer
+
+ mov \$16,%ecx
+.align 4
+.Lcbc_prefetch_te:
+ mov 0($sbox),%r10
+ mov 32($sbox),%r11
+ mov 64($sbox),%r12
+ mov 96($sbox),%r13
+ lea 128($sbox),$sbox
+ sub \$1,%ecx
+ jnz .Lcbc_prefetch_te
+ sub \$2048,$sbox
+
+ test \$-16,%rdx # check upon length
+ mov %rdx,%r10
+ mov 0(%rbp),$s0 # load iv
+ mov 4(%rbp),$s1
+ mov 8(%rbp),$s2
+ mov 12(%rbp),$s3
+ jz .Lcbc_enc_tail # short input...
+
+.align 4
+.Lcbc_enc_loop:
+ xor 0($inp),$s0
+ xor 4($inp),$s1
+ xor 8($inp),$s2
+ xor 12($inp),$s3
+ mov $inp,$ivec # if ($verticalspin) save inp
+
+ mov $keyp,$key # restore key
+ call _x86_64_AES_encrypt
+
+ mov $ivec,$inp # if ($verticalspin) restore inp
+ mov $s0,0($out)
+ mov $s1,4($out)
+ mov $s2,8($out)
+ mov $s3,12($out)
+
+ mov $_len,%r10
+ lea 16($inp),$inp
+ lea 16($out),$out
+ sub \$16,%r10
+ test \$-16,%r10
+ mov %r10,$_len
+ jnz .Lcbc_enc_loop
+ test \$15,%r10
+ jnz .Lcbc_enc_tail
+ mov $_ivp,%rbp # restore ivp
+ mov $s0,0(%rbp) # save ivec
+ mov $s1,4(%rbp)
+ mov $s2,8(%rbp)
+ mov $s3,12(%rbp)
+
+.align 4
+.Lcbc_cleanup:
+ cmpl \$0,$mark # was the key schedule copied?
+ lea $aes_key,%rdi
+ mov $_rsp,%rsp
+ je .Lcbc_exit
+ mov \$240/8,%ecx
+ xor %rax,%rax
+ .long 0x90AB48F3 # rep stosq
+.Lcbc_exit:
+ popfq
+ pop %r15
+ pop %r14
+ pop %r13
+ pop %r12
+ pop %rbp
+ pop %rbx
+.Lcbc_just_ret:
+ ret
+.align 4
+.Lcbc_enc_tail:
+ cmp $inp,$out
+ je .Lcbc_enc_in_place
+ mov %r10,%rcx
+ mov $inp,%rsi
+ mov $out,%rdi
+ .long 0xF689A4F3 # rep movsb
+.Lcbc_enc_in_place:
+ mov \$16,%rcx # zero tail
+ sub %r10,%rcx
+ xor %rax,%rax
+ .long 0xF689AAF3 # rep stosb
+ mov $out,$inp # this is not a mistake!
+ movq \$16,$_len # len=16
+ jmp .Lcbc_enc_loop # one more spin...
+#----------------------------- DECRYPT -----------------------------#
+.align 16
+.LDECRYPT:
+ lea AES_Td-.Lcbc_pic_point($sbox),$sbox
+
+ # allocate aligned stack frame...
+ lea -64-248(%rsp),$key
+ and \$-64,$key
+
+ # ... and make it doesn't alias with AES_Td modulo 4096
+ mov $sbox,%r10
+ lea 2304($sbox),%r11
+ mov $key,%r12
+ and \$0xFFF,%r10 # s = $sbox&0xfff
+ and \$0xFFF,%r11 # e = ($sbox+2048+256)&0xfff
+ and \$0xFFF,%r12 # p = %rsp&0xfff
+
+ cmp %r11,%r12 # if (p=>e) %rsp =- (p-e);
+ jb .Lcbc_td_break_out
+ sub %r11,%r12
+ sub %r12,$key
+ jmp .Lcbc_td_ok
+.Lcbc_td_break_out: # else %rsp -= (p-s)&0xfff + framesz
+ sub %r10,%r12
+ and \$0xFFF,%r12
+ add \$320,%r12
+ sub %r12,$key
+.align 4
+.Lcbc_td_ok:
+
+ xchg %rsp,$key
+ add \$8,%rsp # reserve for return address!
+ mov $key,$_rsp # save %rsp
+ mov %rdx,$_len # save copy of len
+ mov %rcx,$_key # save copy of key
+ mov %r8,$_ivp # save copy of ivp
+ movl \$0,$mark # copy of aes_key->rounds = 0;
+ mov %r8,%rbp # rearrange input arguments
+ mov %rsi,$out
+ mov %rdi,$inp
+ mov %rcx,$key
+
+ # do we copy key schedule to stack?
+ mov $key,%r10
+ sub $sbox,%r10
+ and \$0xfff,%r10
+ cmp \$2304,%r10
+ jb .Lcbc_do_dcopy
+ cmp \$4096-248,%r10
+ jb .Lcbc_skip_dcopy
+.align 4
+.Lcbc_do_dcopy:
+ mov $key,%rsi
+ lea $aes_key,%rdi
+ lea $aes_key,$key
+ mov \$240/8,%ecx
+ .long 0x90A548F3 # rep movsq
+ mov (%rsi),%eax # copy aes_key->rounds
+ mov %eax,(%rdi)
+.Lcbc_skip_dcopy:
+ mov $key,$keyp # save key pointer
+
+ mov \$18,%ecx
+.align 4
+.Lcbc_prefetch_td:
+ mov 0($sbox),%r10
+ mov 32($sbox),%r11
+ mov 64($sbox),%r12
+ mov 96($sbox),%r13
+ lea 128($sbox),$sbox
+ sub \$1,%ecx
+ jnz .Lcbc_prefetch_td
+ sub \$2304,$sbox
+
+ cmp $inp,$out
+ je .Lcbc_dec_in_place
+
+ mov %rbp,$ivec
+.align 4
+.Lcbc_dec_loop:
+ mov 0($inp),$s0 # read input
+ mov 4($inp),$s1
+ mov 8($inp),$s2
+ mov 12($inp),$s3
+ mov $inp,8+$ivec # if ($verticalspin) save inp
+
+ mov $keyp,$key # restore key
+ call _x86_64_AES_decrypt
+
+ mov $ivec,%rbp # load ivp
+ mov 8+$ivec,$inp # if ($verticalspin) restore inp
+ xor 0(%rbp),$s0 # xor iv
+ xor 4(%rbp),$s1
+ xor 8(%rbp),$s2
+ xor 12(%rbp),$s3
+ mov $inp,%rbp # current input, next iv
+
+ mov $_len,%r10 # load len
+ sub \$16,%r10
+ jc .Lcbc_dec_partial
+ mov %r10,$_len # update len
+ mov %rbp,$ivec # update ivp
+
+ mov $s0,0($out) # write output
+ mov $s1,4($out)
+ mov $s2,8($out)
+ mov $s3,12($out)
+
+ lea 16($inp),$inp
+ lea 16($out),$out
+ jnz .Lcbc_dec_loop
+.Lcbc_dec_end:
+ mov $_ivp,%r12 # load user ivp
+ mov 0(%rbp),%r10 # load iv
+ mov 8(%rbp),%r11
+ mov %r10,0(%r12) # copy back to user
+ mov %r11,8(%r12)
+ jmp .Lcbc_cleanup
+
+.align 4
+.Lcbc_dec_partial:
+ mov $s0,0+$ivec # dump output to stack
+ mov $s1,4+$ivec
+ mov $s2,8+$ivec
+ mov $s3,12+$ivec
+ mov $out,%rdi
+ lea $ivec,%rsi
+ mov \$16,%rcx
+ add %r10,%rcx # number of bytes to copy
+ .long 0xF689A4F3 # rep movsb
+ jmp .Lcbc_dec_end
+
+.align 16
+.Lcbc_dec_in_place:
+ mov 0($inp),$s0 # load input
+ mov 4($inp),$s1
+ mov 8($inp),$s2
+ mov 12($inp),$s3
+
+ mov $inp,$ivec # if ($verticalspin) save inp
+ mov $keyp,$key
+ call _x86_64_AES_decrypt
+
+ mov $ivec,$inp # if ($verticalspin) restore inp
+ mov $_ivp,%rbp
+ xor 0(%rbp),$s0
+ xor 4(%rbp),$s1
+ xor 8(%rbp),$s2
+ xor 12(%rbp),$s3
+
+ mov 0($inp),%r10 # copy input to iv
+ mov 8($inp),%r11
+ mov %r10,0(%rbp)
+ mov %r11,8(%rbp)
+
+ mov $s0,0($out) # save output [zaps input]
+ mov $s1,4($out)
+ mov $s2,8($out)
+ mov $s3,12($out)
+
+ mov $_len,%rcx
+ lea 16($inp),$inp
+ lea 16($out),$out
+ sub \$16,%rcx
+ jc .Lcbc_dec_in_place_partial
+ mov %rcx,$_len
+ jnz .Lcbc_dec_in_place
+ jmp .Lcbc_cleanup
+
+.align 4
+.Lcbc_dec_in_place_partial:
+ # one can argue if this is actually required
+ lea ($out,%rcx),%rdi
+ lea (%rbp,%rcx),%rsi
+ neg %rcx
+ .long 0xF689A4F3 # rep movsb # restore tail
+ jmp .Lcbc_cleanup
+.size AES_cbc_encrypt,.-AES_cbc_encrypt
+___
+}
+
+$code.=<<___;
+.globl AES_Te
+.align 64
+AES_Te:
+___
+ &_data_word(0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6);
+ &_data_word(0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591);
+ &_data_word(0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56);
+ &_data_word(0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec);
+ &_data_word(0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa);
+ &_data_word(0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb);
+ &_data_word(0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45);
+ &_data_word(0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b);
+ &_data_word(0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c);
+ &_data_word(0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83);
+ &_data_word(0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9);
+ &_data_word(0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a);
+ &_data_word(0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d);
+ &_data_word(0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f);
+ &_data_word(0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df);
+ &_data_word(0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea);
+ &_data_word(0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34);
+ &_data_word(0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b);
+ &_data_word(0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d);
+ &_data_word(0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413);
+ &_data_word(0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1);
+ &_data_word(0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6);
+ &_data_word(0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972);
+ &_data_word(0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85);
+ &_data_word(0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed);
+ &_data_word(0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511);
+ &_data_word(0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe);
+ &_data_word(0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b);
+ &_data_word(0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05);
+ &_data_word(0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1);
+ &_data_word(0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142);
+ &_data_word(0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf);
+ &_data_word(0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3);
+ &_data_word(0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e);
+ &_data_word(0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a);
+ &_data_word(0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6);
+ &_data_word(0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3);
+ &_data_word(0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b);
+ &_data_word(0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428);
+ &_data_word(0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad);
+ &_data_word(0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14);
+ &_data_word(0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8);
+ &_data_word(0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4);
+ &_data_word(0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2);
+ &_data_word(0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda);
+ &_data_word(0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949);
+ &_data_word(0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf);
+ &_data_word(0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810);
+ &_data_word(0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c);
+ &_data_word(0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697);
+ &_data_word(0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e);
+ &_data_word(0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f);
+ &_data_word(0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc);
+ &_data_word(0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c);
+ &_data_word(0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969);
+ &_data_word(0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27);
+ &_data_word(0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122);
+ &_data_word(0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433);
+ &_data_word(0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9);
+ &_data_word(0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5);
+ &_data_word(0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a);
+ &_data_word(0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0);
+ &_data_word(0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e);
+ &_data_word(0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c);
+#rcon:
+$code.=<<___;
+ .long 0x00000001, 0x00000002, 0x00000004, 0x00000008
+ .long 0x00000010, 0x00000020, 0x00000040, 0x00000080
+ .long 0x0000001b, 0x00000036, 0, 0, 0, 0, 0, 0
+___
+$code.=<<___;
+.globl AES_Td
+.align 64
+AES_Td:
+___
+ &_data_word(0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a);
+ &_data_word(0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b);
+ &_data_word(0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5);
+ &_data_word(0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5);
+ &_data_word(0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d);
+ &_data_word(0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b);
+ &_data_word(0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295);
+ &_data_word(0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e);
+ &_data_word(0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927);
+ &_data_word(0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d);
+ &_data_word(0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362);
+ &_data_word(0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9);
+ &_data_word(0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52);
+ &_data_word(0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566);
+ &_data_word(0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3);
+ &_data_word(0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed);
+ &_data_word(0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e);
+ &_data_word(0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4);
+ &_data_word(0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4);
+ &_data_word(0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd);
+ &_data_word(0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d);
+ &_data_word(0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060);
+ &_data_word(0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967);
+ &_data_word(0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879);
+ &_data_word(0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000);
+ &_data_word(0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c);
+ &_data_word(0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36);
+ &_data_word(0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624);
+ &_data_word(0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b);
+ &_data_word(0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c);
+ &_data_word(0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12);
+ &_data_word(0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14);
+ &_data_word(0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3);
+ &_data_word(0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b);
+ &_data_word(0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8);
+ &_data_word(0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684);
+ &_data_word(0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7);
+ &_data_word(0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177);
+ &_data_word(0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947);
+ &_data_word(0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322);
+ &_data_word(0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498);
+ &_data_word(0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f);
+ &_data_word(0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54);
+ &_data_word(0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382);
+ &_data_word(0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf);
+ &_data_word(0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb);
+ &_data_word(0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83);
+ &_data_word(0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef);
+ &_data_word(0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029);
+ &_data_word(0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235);
+ &_data_word(0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733);
+ &_data_word(0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117);
+ &_data_word(0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4);
+ &_data_word(0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546);
+ &_data_word(0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb);
+ &_data_word(0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d);
+ &_data_word(0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb);
+ &_data_word(0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a);
+ &_data_word(0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773);
+ &_data_word(0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478);
+ &_data_word(0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2);
+ &_data_word(0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff);
+ &_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664);
+ &_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0);
+#Td4:
+ &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
+ &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
+ &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
+ &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
+ &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
+ &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
+ &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
+ &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
+ &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
+ &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
+ &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
+ &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
+ &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
+ &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
+ &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
+ &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
+ &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
+ &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
+ &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
+ &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
+ &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
+ &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
+ &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
+ &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
+ &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
+ &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
+ &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
+ &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
+ &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
+ &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
+ &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
+ &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
+
+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
+
+print $code;
+
+close STDOUT;
diff --git a/crypto/asn1/Makefile b/crypto/asn1/Makefile
index f67c5ebd711a..63066899d0bd 100644
--- a/crypto/asn1/Makefile
+++ b/crypto/asn1/Makefile
@@ -26,7 +26,7 @@ LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \
tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \
f_int.c f_string.c n_pkey.c \
- f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c \
+ f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn_mime.c \
asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c a_strnid.c \
evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c
LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
@@ -38,7 +38,7 @@ LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \
tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \
f_int.o f_string.o n_pkey.o \
- f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o \
+ f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o asn_mime.o \
asn1_gen.o asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o a_strnid.o \
evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o
@@ -213,11 +213,11 @@ a_meth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
a_meth.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
a_meth.o: ../../include/openssl/symhacks.h ../cryptlib.h a_meth.c
a_object.o: ../../e_os.h ../../include/openssl/asn1.h
-a_object.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-a_object.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-a_object.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-a_object.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-a_object.o: ../../include/openssl/opensslconf.h
+a_object.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_object.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_object.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_object.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+a_object.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
a_object.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
a_object.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
a_object.o: ../../include/openssl/symhacks.h ../cryptlib.h a_object.c
@@ -292,7 +292,8 @@ a_type.o: ../../e_os.h ../../include/openssl/asn1.h
a_type.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
a_type.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
a_type.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-a_type.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_type.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+a_type.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
a_type.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
a_type.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
a_type.o: ../../include/openssl/symhacks.h ../cryptlib.h a_type.c
@@ -362,6 +363,20 @@ asn1_par.o: ../../include/openssl/opensslconf.h
asn1_par.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
asn1_par.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
asn1_par.o: ../../include/openssl/symhacks.h ../cryptlib.h asn1_par.c
+asn_mime.o: ../../e_os.h ../../include/openssl/asn1.h
+asn_mime.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+asn_mime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+asn_mime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+asn_mime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+asn_mime.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+asn_mime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+asn_mime.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+asn_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn_mime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+asn_mime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+asn_mime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+asn_mime.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+asn_mime.o: ../cryptlib.h asn_mime.c
asn_moid.o: ../../e_os.h ../../include/openssl/asn1.h
asn_moid.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
asn_moid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c
index a36356e34474..dc980421d098 100644
--- a/crypto/asn1/a_object.c
+++ b/crypto/asn1/a_object.c
@@ -62,6 +62,7 @@
#include <openssl/buffer.h>
#include <openssl/asn1.h>
#include <openssl/objects.h>
+#include <openssl/bn.h>
int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
{
diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c
index a6acef16f3b3..36beceacdb07 100644
--- a/crypto/asn1/a_type.c
+++ b/crypto/asn1/a_type.c
@@ -59,6 +59,7 @@
#include <stdio.h>
#include "cryptlib.h"
#include <openssl/asn1t.h>
+#include <openssl/objects.h>
int ASN1_TYPE_get(ASN1_TYPE *a)
{
@@ -79,6 +80,31 @@ void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
a->value.ptr=value;
}
+int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value)
+ {
+ if (!value || (type == V_ASN1_BOOLEAN))
+ {
+ void *p = (void *)value;
+ ASN1_TYPE_set(a, type, p);
+ }
+ else if (type == V_ASN1_OBJECT)
+ {
+ ASN1_OBJECT *odup;
+ odup = OBJ_dup(value);
+ if (!odup)
+ return 0;
+ ASN1_TYPE_set(a, type, odup);
+ }
+ else
+ {
+ ASN1_STRING *sdup;
+ sdup = ASN1_STRING_dup((ASN1_STRING *)value);
+ if (!sdup)
+ return 0;
+ ASN1_TYPE_set(a, type, sdup);
+ }
+ return 1;
+ }
IMPLEMENT_STACK_OF(ASN1_TYPE)
IMPLEMENT_ASN1_SET_OF(ASN1_TYPE)
diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h
index 30f1eecd5b90..424cd348bb5e 100644
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -158,7 +158,12 @@ extern "C" {
#define MBSTRING_BMP (MBSTRING_FLAG|2)
#define MBSTRING_UNIV (MBSTRING_FLAG|4)
+#define SMIME_OLDMIME 0x400
+#define SMIME_CRLFEOL 0x800
+#define SMIME_STREAM 0x1000
+
struct X509_algor_st;
+DECLARE_STACK_OF(X509_ALGOR)
#define DECLARE_ASN1_SET_OF(type) /* filled in by mkstack.pl */
#define IMPLEMENT_ASN1_SET_OF(type) /* nothing, no longer needed */
@@ -218,6 +223,13 @@ typedef struct asn1_object_st
* be inserted in the memory buffer
*/
#define ASN1_STRING_FLAG_NDEF 0x010
+
+/* This flag is used by the CMS code to indicate that a string is not
+ * complete and is a place holder for content when it had all been
+ * accessed. The flag will be reset when content has been written to it.
+ */
+#define ASN1_STRING_FLAG_CONT 0x020
+
/* This is the base type that holds just about everything :-) */
typedef struct asn1_string_st
{
@@ -311,8 +323,8 @@ typedef struct ASN1_VALUE_st ASN1_VALUE;
int i2d_##name##_NDEF(name *a, unsigned char **out);
#define DECLARE_ASN1_FUNCTIONS_const(name) \
- name *name##_new(void); \
- void name##_free(name *a);
+ DECLARE_ASN1_ALLOC_FUNCTIONS(name) \
+ DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name)
#define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
type *name##_new(void); \
@@ -322,6 +334,17 @@ typedef struct ASN1_VALUE_st ASN1_VALUE;
#define I2D_OF(type) int (*)(type *,unsigned char **)
#define I2D_OF_const(type) int (*)(const type *,unsigned char **)
+#define CHECKED_D2I_OF(type, d2i) \
+ ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0)))
+#define CHECKED_I2D_OF(type, i2d) \
+ ((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0)))
+#define CHECKED_NEW_OF(type, xnew) \
+ ((void *(*)(void)) (1 ? xnew : ((type *(*)(void))0)))
+#define CHECKED_PTR_OF(type, p) \
+ ((void*) (1 ? p : (type*)0))
+#define CHECKED_PPTR_OF(type, p) \
+ ((void**) (1 ? p : (type**)0))
+
#define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long)
#define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **)
#define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type)
@@ -511,6 +534,7 @@ typedef struct asn1_type_st
* contain the set or sequence bytes */
ASN1_STRING * set;
ASN1_STRING * sequence;
+ ASN1_VALUE * asn1_value;
} value;
} ASN1_TYPE;
@@ -741,6 +765,7 @@ DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
int ASN1_TYPE_get(ASN1_TYPE *a);
void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
+int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
ASN1_OBJECT * ASN1_OBJECT_new(void );
void ASN1_OBJECT_free(ASN1_OBJECT *a);
@@ -763,6 +788,7 @@ int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b);
/* Since this is used to store all sorts of things, via macros, for now, make
its data void * */
int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
+void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len);
int ASN1_STRING_length(ASN1_STRING *x);
void ASN1_STRING_length_set(ASN1_STRING *x, int n);
int ASN1_STRING_type(ASN1_STRING *x);
@@ -902,23 +928,47 @@ int ASN1_object_size(int constructed, int length, int tag);
/* Used to implement other functions */
void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x);
+
#define ASN1_dup_of(type,i2d,d2i,x) \
- ((type *(*)(I2D_OF(type),D2I_OF(type),type *))openssl_fcast(ASN1_dup))(i2d,d2i,x)
+ ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \
+ CHECKED_D2I_OF(type, d2i), \
+ CHECKED_PTR_OF(type, x)))
+
#define ASN1_dup_of_const(type,i2d,d2i,x) \
- ((type *(*)(I2D_OF_const(type),D2I_OF(type),type *))openssl_fcast(ASN1_dup))(i2d,d2i,x)
+ ((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \
+ CHECKED_D2I_OF(type, d2i), \
+ CHECKED_PTR_OF(const type, x)))
void *ASN1_item_dup(const ASN1_ITEM *it, void *x);
+/* ASN1 alloc/free macros for when a type is only used internally */
+
+#define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type))
+#define M_ASN1_free_of(x, type) \
+ ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type))
+
#ifndef OPENSSL_NO_FP_API
void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x);
+
#define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \
- ((type *(*)(type *(*)(void),D2I_OF(type),FILE *,type **))openssl_fcast(ASN1_d2i_fp))(xnew,d2i,in,x)
+ ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \
+ CHECKED_D2I_OF(type, d2i), \
+ in, \
+ CHECKED_PPTR_OF(type, x)))
+
void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x);
int ASN1_i2d_fp(i2d_of_void *i2d,FILE *out,void *x);
+
#define ASN1_i2d_fp_of(type,i2d,out,x) \
- ((int (*)(I2D_OF(type),FILE *,type *))openssl_fcast(ASN1_i2d_fp))(i2d,out,x)
+ (ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \
+ out, \
+ CHECKED_PTR_OF(type, x)))
+
#define ASN1_i2d_fp_of_const(type,i2d,out,x) \
- ((int (*)(I2D_OF_const(type),FILE *,type *))openssl_fcast(ASN1_i2d_fp))(i2d,out,x)
+ (ASN1_i2d_fp(CHECKED_I2D_OF(const type, i2d), \
+ out, \
+ CHECKED_PTR_OF(const type, x)))
+
int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x);
int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);
#endif
@@ -927,14 +977,26 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in);
#ifndef OPENSSL_NO_BIO
void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x);
+
#define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \
- ((type *(*)(type *(*)(void),D2I_OF(type),BIO *,type **))openssl_fcast(ASN1_d2i_bio))(xnew,d2i,in,x)
+ ((type*)ASN1_d2i_bio( CHECKED_NEW_OF(type, xnew), \
+ CHECKED_D2I_OF(type, d2i), \
+ in, \
+ CHECKED_PPTR_OF(type, x)))
+
void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x);
int ASN1_i2d_bio(i2d_of_void *i2d,BIO *out, unsigned char *x);
+
#define ASN1_i2d_bio_of(type,i2d,out,x) \
- ((int (*)(I2D_OF(type),BIO *,type *))openssl_fcast(ASN1_i2d_bio))(i2d,out,x)
+ (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \
+ out, \
+ CHECKED_PTR_OF(type, x)))
+
#define ASN1_i2d_bio_of_const(type,i2d,out,x) \
- ((int (*)(I2D_OF_const(type),BIO *,const type *))openssl_fcast(ASN1_i2d_bio))(i2d,out,x)
+ (ASN1_i2d_bio(CHECKED_I2D_OF(const type, i2d), \
+ out, \
+ CHECKED_PTR_OF(const type, x)))
+
int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x);
int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a);
int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a);
@@ -977,8 +1039,12 @@ void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i);
void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it);
ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d,
ASN1_OCTET_STRING **oct);
+
#define ASN1_pack_string_of(type,obj,i2d,oct) \
- ((ASN1_STRING *(*)(type *,I2D_OF(type),ASN1_OCTET_STRING **))openssl_fcast(ASN1_pack_string))(obj,i2d,oct)
+ (ASN1_pack_string(CHECKED_PTR_OF(type, obj), \
+ CHECKED_I2D_OF(type, i2d), \
+ oct))
+
ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct);
void ASN1_STRING_set_default_mask(unsigned long mask);
@@ -1009,7 +1075,17 @@ void ASN1_add_oid_module(void);
ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf);
ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf);
-
+
+typedef int asn1_output_data_fn(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
+ const ASN1_ITEM *it);
+
+int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
+ int ctype_nid, int econt_nid,
+ STACK_OF(X509_ALGOR) *mdalgs,
+ asn1_output_data_fn *data_fn,
+ const ASN1_ITEM *it);
+ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it);
+
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
@@ -1059,6 +1135,7 @@ void ERR_load_ASN1_strings(void);
#define ASN1_F_ASN1_ITEM_VERIFY 197
#define ASN1_F_ASN1_MBSTRING_NCOPY 122
#define ASN1_F_ASN1_OBJECT_NEW 123
+#define ASN1_F_ASN1_OUTPUT_DATA 207
#define ASN1_F_ASN1_PACK_STRING 124
#define ASN1_F_ASN1_PCTX_NEW 205
#define ASN1_F_ASN1_PKCS5_PBE_SET 125
@@ -1078,6 +1155,8 @@ void ERR_load_ASN1_strings(void);
#define ASN1_F_ASN1_UNPACK_STRING 136
#define ASN1_F_ASN1_UTCTIME_SET 187
#define ASN1_F_ASN1_VERIFY 137
+#define ASN1_F_B64_READ_ASN1 208
+#define ASN1_F_B64_WRITE_ASN1 209
#define ASN1_F_BITSTR_CB 180
#define ASN1_F_BN_TO_ASN1_ENUMERATED 138
#define ASN1_F_BN_TO_ASN1_INTEGER 139
@@ -1118,6 +1197,8 @@ void ERR_load_ASN1_strings(void);
#define ASN1_F_PARSE_TAGGING 182
#define ASN1_F_PKCS5_PBE2_SET 167
#define ASN1_F_PKCS5_PBE_SET 202
+#define ASN1_F_SMIME_READ_ASN1 210
+#define ASN1_F_SMIME_TEXT 211
#define ASN1_F_X509_CINF_NEW 168
#define ASN1_F_X509_CRL_ADD0_REVOKED 169
#define ASN1_F_X509_INFO_NEW 170
@@ -1129,6 +1210,8 @@ void ERR_load_ASN1_strings(void);
/* Reason codes. */
#define ASN1_R_ADDING_OBJECT 171
+#define ASN1_R_ASN1_PARSE_ERROR 198
+#define ASN1_R_ASN1_SIG_PARSE_ERROR 199
#define ASN1_R_AUX_ERROR 100
#define ASN1_R_BAD_CLASS 101
#define ASN1_R_BAD_OBJECT_HEADER 102
@@ -1175,6 +1258,7 @@ void ERR_load_ASN1_strings(void);
#define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128
#define ASN1_R_INVALID_BMPSTRING_LENGTH 129
#define ASN1_R_INVALID_DIGIT 130
+#define ASN1_R_INVALID_MIME_TYPE 200
#define ASN1_R_INVALID_MODIFIER 186
#define ASN1_R_INVALID_NUMBER 187
#define ASN1_R_INVALID_SEPARATOR 131
@@ -1184,6 +1268,9 @@ void ERR_load_ASN1_strings(void);
#define ASN1_R_IV_TOO_LARGE 135
#define ASN1_R_LENGTH_ERROR 136
#define ASN1_R_LIST_ERROR 188
+#define ASN1_R_MIME_NO_CONTENT_TYPE 201
+#define ASN1_R_MIME_PARSE_ERROR 202
+#define ASN1_R_MIME_SIG_PARSE_ERROR 203
#define ASN1_R_MISSING_EOC 137
#define ASN1_R_MISSING_SECOND_NUMBER 138
#define ASN1_R_MISSING_VALUE 189
@@ -1193,7 +1280,11 @@ void ERR_load_ASN1_strings(void);
#define ASN1_R_NON_HEX_CHARACTERS 141
#define ASN1_R_NOT_ASCII_FORMAT 190
#define ASN1_R_NOT_ENOUGH_DATA 142
+#define ASN1_R_NO_CONTENT_TYPE 204
#define ASN1_R_NO_MATCHING_CHOICE_TYPE 143
+#define ASN1_R_NO_MULTIPART_BODY_FAILURE 205
+#define ASN1_R_NO_MULTIPART_BOUNDARY 206
+#define ASN1_R_NO_SIG_CONTENT_TYPE 207
#define ASN1_R_NULL_IS_WRONG_LENGTH 144
#define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191
#define ASN1_R_ODD_NUMBER_OF_CHARS 145
@@ -1203,6 +1294,8 @@ void ERR_load_ASN1_strings(void);
#define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149
#define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 192
#define ASN1_R_SHORT_LINE 150
+#define ASN1_R_SIG_INVALID_MIME_TYPE 208
+#define ASN1_R_STREAMING_NOT_SUPPORTED 209
#define ASN1_R_STRING_TOO_LONG 151
#define ASN1_R_STRING_TOO_SHORT 152
#define ASN1_R_TAG_VALUE_TOO_HIGH 153
diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c
index f6b5c3f3dd77..f8a3e2e6cd01 100644
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -1,6 +1,6 @@
/* crypto/asn1/asn1_err.c */
/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -110,6 +110,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
{ERR_FUNC(ASN1_F_ASN1_ITEM_VERIFY), "ASN1_item_verify"},
{ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY), "ASN1_mbstring_ncopy"},
{ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW), "ASN1_OBJECT_new"},
+{ERR_FUNC(ASN1_F_ASN1_OUTPUT_DATA), "ASN1_OUTPUT_DATA"},
{ERR_FUNC(ASN1_F_ASN1_PACK_STRING), "ASN1_pack_string"},
{ERR_FUNC(ASN1_F_ASN1_PCTX_NEW), "ASN1_PCTX_NEW"},
{ERR_FUNC(ASN1_F_ASN1_PKCS5_PBE_SET), "ASN1_PKCS5_PBE_SET"},
@@ -129,6 +130,8 @@ static ERR_STRING_DATA ASN1_str_functs[]=
{ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING), "ASN1_unpack_string"},
{ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET), "ASN1_UTCTIME_set"},
{ERR_FUNC(ASN1_F_ASN1_VERIFY), "ASN1_verify"},
+{ERR_FUNC(ASN1_F_B64_READ_ASN1), "B64_READ_ASN1"},
+{ERR_FUNC(ASN1_F_B64_WRITE_ASN1), "B64_WRITE_ASN1"},
{ERR_FUNC(ASN1_F_BITSTR_CB), "BITSTR_CB"},
{ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED), "BN_to_ASN1_ENUMERATED"},
{ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER), "BN_to_ASN1_INTEGER"},
@@ -169,6 +172,8 @@ static ERR_STRING_DATA ASN1_str_functs[]=
{ERR_FUNC(ASN1_F_PARSE_TAGGING), "PARSE_TAGGING"},
{ERR_FUNC(ASN1_F_PKCS5_PBE2_SET), "PKCS5_pbe2_set"},
{ERR_FUNC(ASN1_F_PKCS5_PBE_SET), "PKCS5_pbe_set"},
+{ERR_FUNC(ASN1_F_SMIME_READ_ASN1), "SMIME_read_ASN1"},
+{ERR_FUNC(ASN1_F_SMIME_TEXT), "SMIME_text"},
{ERR_FUNC(ASN1_F_X509_CINF_NEW), "X509_CINF_NEW"},
{ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED), "X509_CRL_add0_revoked"},
{ERR_FUNC(ASN1_F_X509_INFO_NEW), "X509_INFO_new"},
@@ -183,6 +188,8 @@ static ERR_STRING_DATA ASN1_str_functs[]=
static ERR_STRING_DATA ASN1_str_reasons[]=
{
{ERR_REASON(ASN1_R_ADDING_OBJECT) ,"adding object"},
+{ERR_REASON(ASN1_R_ASN1_PARSE_ERROR) ,"asn1 parse error"},
+{ERR_REASON(ASN1_R_ASN1_SIG_PARSE_ERROR) ,"asn1 sig parse error"},
{ERR_REASON(ASN1_R_AUX_ERROR) ,"aux error"},
{ERR_REASON(ASN1_R_BAD_CLASS) ,"bad class"},
{ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) ,"bad object header"},
@@ -229,6 +236,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
{ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"},
{ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"},
{ERR_REASON(ASN1_R_INVALID_DIGIT) ,"invalid digit"},
+{ERR_REASON(ASN1_R_INVALID_MIME_TYPE) ,"invalid mime type"},
{ERR_REASON(ASN1_R_INVALID_MODIFIER) ,"invalid modifier"},
{ERR_REASON(ASN1_R_INVALID_NUMBER) ,"invalid number"},
{ERR_REASON(ASN1_R_INVALID_SEPARATOR) ,"invalid separator"},
@@ -238,6 +246,9 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
{ERR_REASON(ASN1_R_IV_TOO_LARGE) ,"iv too large"},
{ERR_REASON(ASN1_R_LENGTH_ERROR) ,"length error"},
{ERR_REASON(ASN1_R_LIST_ERROR) ,"list error"},
+{ERR_REASON(ASN1_R_MIME_NO_CONTENT_TYPE) ,"mime no content type"},
+{ERR_REASON(ASN1_R_MIME_PARSE_ERROR) ,"mime parse error"},
+{ERR_REASON(ASN1_R_MIME_SIG_PARSE_ERROR) ,"mime sig parse error"},
{ERR_REASON(ASN1_R_MISSING_EOC) ,"missing eoc"},
{ERR_REASON(ASN1_R_MISSING_SECOND_NUMBER),"missing second number"},
{ERR_REASON(ASN1_R_MISSING_VALUE) ,"missing value"},
@@ -247,7 +258,11 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
{ERR_REASON(ASN1_R_NON_HEX_CHARACTERS) ,"non hex characters"},
{ERR_REASON(ASN1_R_NOT_ASCII_FORMAT) ,"not ascii format"},
{ERR_REASON(ASN1_R_NOT_ENOUGH_DATA) ,"not enough data"},
+{ERR_REASON(ASN1_R_NO_CONTENT_TYPE) ,"no content type"},
{ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE),"no matching choice type"},
+{ERR_REASON(ASN1_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"},
+{ERR_REASON(ASN1_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"},
+{ERR_REASON(ASN1_R_NO_SIG_CONTENT_TYPE) ,"no sig content type"},
{ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH) ,"null is wrong length"},
{ERR_REASON(ASN1_R_OBJECT_NOT_ASCII_FORMAT),"object not ascii format"},
{ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS) ,"odd number of chars"},
@@ -257,6 +272,8 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
{ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED),"sequence not constructed"},
{ERR_REASON(ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG),"sequence or set needs config"},
{ERR_REASON(ASN1_R_SHORT_LINE) ,"short line"},
+{ERR_REASON(ASN1_R_SIG_INVALID_MIME_TYPE),"sig invalid mime type"},
+{ERR_REASON(ASN1_R_STREAMING_NOT_SUPPORTED),"streaming not supported"},
{ERR_REASON(ASN1_R_STRING_TOO_LONG) ,"string too long"},
{ERR_REASON(ASN1_R_STRING_TOO_SHORT) ,"string too short"},
{ERR_REASON(ASN1_R_TAG_VALUE_TOO_HIGH) ,"tag value too high"},
diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index d5ae5b2258a4..5af559ef8da7 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -393,6 +393,14 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
return(1);
}
+void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len)
+ {
+ if (str->data)
+ OPENSSL_free(str->data);
+ str->data = data;
+ str->length = len;
+ }
+
ASN1_STRING *ASN1_STRING_new(void)
{
return(ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
diff --git a/crypto/asn1/asn1t.h b/crypto/asn1/asn1t.h
index adbc2a63dd0f..bf315e65ed38 100644
--- a/crypto/asn1/asn1t.h
+++ b/crypto/asn1/asn1t.h
@@ -169,6 +169,9 @@ extern "C" {
#define ASN1_NDEF_SEQUENCE(tname) \
ASN1_SEQUENCE(tname)
+#define ASN1_NDEF_SEQUENCE_cb(tname, cb) \
+ ASN1_SEQUENCE_cb(tname, cb)
+
#define ASN1_SEQUENCE_cb(tname, cb) \
static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
ASN1_SEQUENCE(tname)
@@ -368,6 +371,10 @@ extern "C" {
#define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \
ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
+/* EXPLICIT using indefinite length constructed form */
+#define ASN1_NDEF_EXP(stname, field, type, tag) \
+ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF)
+
/* EXPLICIT OPTIONAL using indefinite length constructed form */
#define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \
ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF)
diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c
new file mode 100644
index 000000000000..bc80b20d6323
--- /dev/null
+++ b/crypto/asn1/asn_mime.c
@@ -0,0 +1,876 @@
+/* asn_mime.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+
+/* Generalised MIME like utilities for streaming ASN1. Although many
+ * have a PKCS7/CMS like flavour others are more general purpose.
+ */
+
+/* MIME format structures
+ * Note that all are translated to lower case apart from
+ * parameter values. Quotes are stripped off
+ */
+
+typedef struct {
+char *param_name; /* Param name e.g. "micalg" */
+char *param_value; /* Param value e.g. "sha1" */
+} MIME_PARAM;
+
+DECLARE_STACK_OF(MIME_PARAM)
+IMPLEMENT_STACK_OF(MIME_PARAM)
+
+typedef struct {
+char *name; /* Name of line e.g. "content-type" */
+char *value; /* Value of line e.g. "text/plain" */
+STACK_OF(MIME_PARAM) *params; /* Zero or more parameters */
+} MIME_HEADER;
+
+DECLARE_STACK_OF(MIME_HEADER)
+IMPLEMENT_STACK_OF(MIME_HEADER)
+
+static char * strip_ends(char *name);
+static char * strip_start(char *name);
+static char * strip_end(char *name);
+static MIME_HEADER *mime_hdr_new(char *name, char *value);
+static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value);
+static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio);
+static int mime_hdr_cmp(const MIME_HEADER * const *a,
+ const MIME_HEADER * const *b);
+static int mime_param_cmp(const MIME_PARAM * const *a,
+ const MIME_PARAM * const *b);
+static void mime_param_free(MIME_PARAM *param);
+static int mime_bound_check(char *line, int linelen, char *bound, int blen);
+static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret);
+static int strip_eol(char *linebuf, int *plen);
+static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name);
+static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name